[helen1]scvchost.exe?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sinoc je ovaj fajl trazio od ZA da se konektuje na net.Posto sam bio sumnjicav,nisam mu dozvolio i proverio sam na net-u i dobio sledece:

scvhost.exe is a process which is registered as W32/Agobot-S virus. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Please see additional details regarding this process.
Startovao sam Spybot i on je nasao i obrisao : Bestsearch.Scvhost: Executable (File, fixed)
C:\WINDOWS\scvhost.exe
NOD mi posle njega u skeniranju Windowsa nije nasao nista.
Programi su redovno osvezavani.

A sada evo mog HijackThis log fajla:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:35, on 10.6.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\winsys2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Djole\Desktop\New Folder\TR3.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Calendarium.lnk = C:\Program Files\Calendarium\Calendarium.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hvala unapred.
(p.s.: Odavno se nisam borio sa gamadima,redovno vrsim update sigurnosnih programa i bas me cudi kako je mogao da se provuce ovaj?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,



* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio kako je nalozeno!
Evo log fajla:
ComboFix 08-06-09.7 - Djole 2008-06-10 21:20:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.233 [GMT 2:00]
Running from: D:\Programi\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\desktopA.sys
C:\WINDOWS\system32\dzgtactx.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-04 01:16 . 2008-06-10 14:11 56 ---h----- C:\WINDOWS\popcreg.dat
2008-06-04 01:16 . 2008-06-10 14:11 32 --a------ C:\WINDOWS\popcinfot.dat
2008-06-03 20:15 . 2007-10-13 19:33 352,256 --a------ C:\WINDOWS\system32\pmls.dll
2008-06-03 20:15 . 2007-10-13 19:34 86,016 --a------ C:\WINDOWS\system32\pmservice.exe
2008-06-03 12:06 . 2008-06-03 22:30 921,624 --a------ C:\img2-001.raw
2008-06-03 11:29 . 2008-06-08 10:41 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\skypePM
2008-06-03 11:29 . 2008-06-03 11:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-03 11:28 . 2008-06-03 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-03 10:53 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2008-06-03 10:46 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-06-03 10:46 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnpx32.dll
2008-06-03 10:25 . 2008-06-03 10:46 <DIR> d-------- C:\Program Files\Common Files\snp325
2008-06-03 10:25 . 2008-06-03 10:25 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\InstallShield
2008-06-03 10:25 . 2007-07-24 10:21 10,394,624 --a------ C:\WINDOWS\system32\drivers\snp325.sys
2008-06-03 10:25 . 2007-05-10 13:18 835,584 --a------ C:\WINDOWS\vsnp325.exe
2008-06-03 10:25 . 2007-04-21 09:30 270,336 --a------ C:\WINDOWS\tsnp325.exe
2008-06-03 10:25 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnp325.dll
2008-06-03 10:25 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnp325.dll
2008-06-03 10:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp325.dll
2008-06-03 10:25 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe
2008-06-03 10:25 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snp325.ini
2008-06-03 10:25 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snp325.src
2008-06-02 20:20 . 2008-06-10 15:54 2,672 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-02 20:20 . 2008-06-10 15:54 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Program Files\SweetIM
2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-06-02 03:11 . 2008-06-02 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-02 02:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-01 20:20 . 2008-06-01 20:20 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-06-01 18:03 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\(zabranjeno)lock
2008-06-01 11:00 . 2008-06-01 11:00 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\vlc
2008-06-01 10:55 . 2008-06-01 19:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 00:57 . 2008-06-01 00:57 <DIR> d-------- C:\Program Files\SubtitleCreator
2008-05-29 23:55 . 2008-06-10 21:09 <DIR> d-------- C:\Program Files\Professional §©®ÎÞt v.3 Black
2008-05-29 22:37 . 2008-05-29 22:37 56,565 --a------ C:\WINDOWS\system32\SDL_image.dll
2008-05-29 22:26 . 2008-05-29 22:26 266,436 --a------ C:\WINDOWS\system32\tiff.dll
2008-05-29 21:36 . 2008-05-29 21:27 1,732,518 --a------ C:\WINDOWS\system32\libgsl.dll
2008-05-29 21:36 . 2008-05-29 21:27 243,671 --a------ C:\WINDOWS\system32\libgslcblas.dll
2008-05-29 21:12 . 2008-05-29 21:12 573,440 --a------ C:\WINDOWS\system32\alleg42.dll
2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Sony Setup
2008-05-29 18:24 . 2008-05-29 18:29 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\SmsDiscount
2008-05-29 14:18 . 2008-05-29 22:40 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Dev-Cpp
2008-05-29 14:16 . 2008-05-29 22:36 <DIR> d-------- C:\Dev-Cpp
2008-05-29 07:59 . 2008-05-29 07:59 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-28 08:18 . 2008-05-28 08:18 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\JLC's Software
2008-05-28 08:17 . 2008-05-28 08:28 <DIR> d-------- C:\Program Files\JLC's Software
2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Program Files\TimeAdjuster
2008-05-26 13:43 . 2008-06-05 20:42 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Any Video Converter
2008-05-25 19:47 . 2008-05-25 19:47 <DIR> d-------- C:\Program Files\Rapishare Free Account Check
2008-05-25 19:47 . 2008-05-25 19:47 104,201 --a------ C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe
2008-05-25 12:05 . 2008-05-25 12:05 <DIR> d-------- C:\Program Files\uTorrent
2008-05-25 12:05 . 2008-06-07 00:47 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\uTorrent
2008-05-25 11:36 . 2008-06-10 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-24 15:14 . 2008-05-24 15:14 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-23 12:33 . 2008-05-23 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-23 12:32 . 2008-05-23 12:51 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Azureus
2008-05-22 22:38 . 2008-05-22 22:38 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-05-22 22:36 . 2008-05-22 22:36 25 --a------ C:\WINDOWS\ES_1_D1.prf
2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\ES_2_D1.prf
2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\AM_D0.PRF
2008-05-22 18:26 . 2008-05-30 01:07 <DIR> d-------- C:\Documents and Settings\Djole\Contacts
2008-05-22 18:19 . 2008-05-22 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-05-22 18:18 . 2008-05-22 18:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-22 16:33 . 2002-11-27 14:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-05-22 16:33 . 2002-11-27 14:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-05-22 16:33 . 2002-11-27 14:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-05-22 16:33 . 2002-11-27 14:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-05-18 23:29 . 2008-05-18 23:29 4,080 --a------ C:\WINDOWS\GAMF0DRV.BIN
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 16:03 . 2008-05-12 16:05 <DIR> d-------- C:\WINDOWS\NV1636328.TMP
2008-05-12 15:49 . 2008-05-23 12:36 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-12 15:45 . 2008-05-12 15:45 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Media Player Classic
2008-05-11 10:13 . 2008-06-01 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 17:05 --------- d-----w C:\Documents and Settings\Djole\Application Data\SiteAdvisor
2008-06-10 13:53 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB308.tmp
2008-06-10 09:54 --------- d-----w C:\Program Files\Free Download Manager
2008-06-09 20:38 --------- d-----w C:\Program Files\a-squared Free
2008-06-09 11:26 --------- d-----w C:\Program Files\Winamp
2008-06-08 22:39 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB307.tmp
2008-06-08 11:07 --------- d-----w C:\Documents and Settings\Djole\Application Data\Skype
2008-06-07 22:30 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB306.tmp
2008-06-07 18:42 --------- d-----w C:\Program Files\JetAudio
2008-06-06 23:04 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB305.tmp
2008-06-05 14:58 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB304.tmp
2008-06-04 23:54 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB303.tmp
2008-06-03 23:25 --------- d-----w C:\Program Files\PopCap Games
2008-06-03 09:29 --------- d-----w C:\Program Files\Skype
2008-06-03 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 23:20 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB302.tmp
2008-06-02 22:42 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB301.tmp
2008-06-02 18:20 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB300.tmp
2008-06-02 01:11 --------- d-----w C:\Program Files\Real
2008-06-02 01:11 --------- d-----w C:\Program Files\Common Files\Real
2008-06-02 00:47 --------- d-----w C:\Program Files\Java
2008-06-01 19:26 --------- d-----w C:\Program Files\FDRLab
2008-06-01 17:25 --------- d-----w C:\Program Files\Lavasoft
2008-06-01 16:58 --------- d-----w C:\Program Files\EA GAMES
2008-06-01 16:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 16:04 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2FF.tmp
2008-05-31 23:51 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2FE.tmp
2008-05-31 17:27 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2FD.tmp
2008-05-30 23:39 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB2FC.tmp
2008-05-30 13:27 --------- d-----w C:\Program Files\Warcraft III
2008-05-30 06:13 --------- d-----w C:\Program Files\Google
2008-05-29 23:09 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB2FB.tmp
2008-05-28 23:33 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2FA.tmp
2008-05-28 06:34 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB2F9.tmp
2008-05-26 22:27 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2F8.tmp
2008-05-25 23:00 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2F7.tmp
2008-05-25 11:11 --------- d-----w C:\Program Files\Picasa2
2008-05-24 11:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-24 00:37 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F6.tmp
2008-05-23 19:22 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2F5.tmp
2008-05-23 10:42 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F4.tmp
2008-05-22 21:31 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB2F3.tmp
2008-05-22 11:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2F2.tmp
2008-05-21 21:55 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2F1.tmp
2008-05-21 14:05 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2F0.tmp
2008-05-20 20:03 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2EF.tmp
2008-05-20 11:00 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB2EE.tmp
2008-05-20 08:52 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2ED.tmp
2008-05-19 22:16 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EC.tmp
2008-05-19 14:42 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2EB.tmp
2008-05-18 12:43 --------- d-----w C:\Program Files\RegScrubXP
2008-05-17 23:30 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EA.tmp
2008-05-17 20:34 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E9.tmp
2008-05-16 18:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E8.tmp
2008-05-16 08:17 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E7.tmp
2008-05-15 22:32 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E6.tmp
2008-05-14 22:54 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB2E5.tmp
2008-05-14 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2E4.tmp
2008-05-14 13:33 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB2E3.tmp
2008-05-14 06:43 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E2.tmp
2008-05-13 22:30 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E1.tmp
2008-05-13 09:12 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB2E0.tmp
2008-05-12 22:52 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2DF.tmp
2008-05-12 18:21 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2DE.tmp
2008-05-12 14:04 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB2DD.tmp
2008-05-12 08:06 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DC.tmp
2008-05-11 22:21 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DB.tmp
2008-05-11 08:13 --------- d-----w C:\Documents and Settings\Djole\Application Data\Lavasoft
2008-05-10 22:49 198,144 ----a-w C:\WINDOWS\Internet Logs\xDB2DA.tmp
2008-05-10 18:14 --------- d-----w C:\Program Files\Parallel Port Joystick
2008-05-10 17:23 0 ----a-w C:\subafsfile0.bin
2008-05-10 17:22 666,800 ----a-w C:\bin0.bin
2008-05-09 22:29 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D9.tmp
2008-05-09 18:43 113,152 ----a-w C:\WINDOWS\Internet Logs\xDB2D8.tmp
2008-05-09 10:58 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB2D7.tmp
2008-05-08 10:38 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2D6.tmp
2008-05-07 14:49 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2008-05-07 14:49 --------- d-----w C:\Program Files\REAPER
2008-05-07 06:19 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2D5.tmp
2008-05-06 16:01 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D4.tmp
2008-05-06 11:10 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D3.tmp
2008-05-05 22:30 14,848 ----a-w C:\WINDOWS\Internet Logs\xDB2D2.tmp
2008-05-05 00:19 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2D1.tmp
2008-05-04 23:19 --------- d-----w C:\Program Files\Garfield Goes to Pieces
2008-05-04 17:19 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D0.tmp
2008-05-04 11:47 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2CF.tmp
2008-05-03 23:49 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB2CE.tmp
2008-05-03 00:00 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2CD.tmp
2008-05-02 16:53 --------- d-----w C:\Program Files\Magicne Igrice
2008-05-02 14:48 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB2CC.tmp
2008-05-02 09:51 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB2CB.tmp
2008-05-01 23:00 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2CA.tmp
2008-05-01 05:59 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2C9.tmp
2008-04-30 22:59 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2C8.tmp
2008-04-30 15:25 16,384 ----a-w C:\WINDOWS\Internet Logs\xDB2C7.tmp
2008-04-29 22:23 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2C6.tmp
2008-04-29 09:48 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2C5.tmp
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2005-09-27 18:24 152 --sh--r C:\WINDOWS\system32\5C39DEE95A.sys
2007-07-09 11:55 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-01-08 21:22 917504]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-09-07 12:13 208896]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-09-07 12:14 69632]
"WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-10-03 08:37 217088]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 10:45 401408]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 05:59 307200]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:30 270336]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480]
"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 03:11 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41 13312]

C:\Documents and Settings\Djole\Start Menu\Programs\Startup\
Calendarium.lnk - C:\Program Files\Calendarium\Calendarium.exe [2001-04-20 16:32:52 1522176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-12-23 11:19:47 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=CLKERN.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.IV41"= ir41_32.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk
backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2004-09-29 03:01 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-09-15 15:58 1212466 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-01 14:56 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2004-09-29 03:26 192512 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]


R2 ACEDRV06;ACEDRV06;C:\WINDOWS\System32\drivers\ACEDRV06.sys [2007-01-04 21:52]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-23 19:17]
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\System32\DRIVERS\Cap713x.sys [2004-10-14 09:19]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2007-12-11 05:59]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\System32\drivers\PPJoyBus.sys [2004-10-24 09:11]
R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\System32\drivers\PPortJoy.sys [2004-10-24 09:11]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\System32\DRIVERS\snp325.sys [2007-07-24 10:21]
R3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 11:37]
S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [2002-12-10 12:26]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys [2006-10-01 14:53]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys [2006-10-01 14:53]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys [2006-10-01 14:53]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys [2006-10-01 14:53]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys [2006-10-01 14:53]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PCALERTDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 16:18:59 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 21:24:30
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-10 21:29:46
ComboFix-quarantined-files.txt 2008-06-10 19:28:43

Pre-Run: 3,966,291,968 bytes free
Post-Run: 3,992,657,920 bytes free

336

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozz,

uploaduj mi fajl:
C:\WINDOWS\system32\pmls.dll

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio kako je receno!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

pokreni HJT i pokreni skeniranje. Kad se skeniranje zavrsi stikliraj kvadratic ispred sledece liniji:

O20 - AppInit_DLLs: CLKERN.DLL

i klikni FIX CHECKED

potom mi postavi novi HJT log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio!
Evo novog log fajla:

Logfile of HijackThis v1.99.1
Scan saved at 20:52:22, on 11.6.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\winsys2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\a-squared free\a2service.exe
C:\Documents and Settings\Djole\Desktop\New Folder\TR3.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Calendarium.lnk = C:\Program Files\Calendarium\Calendarium.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


DirLook::
C:\WINDOWS\NV1636328.TMP


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio!
Evo novog log fajla:

ComboFix 08-06-09.7 - Djole 2008-06-12 8:35:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.240 [GMT 2:00]
Running from: D:\Programi\ComboFix.exe
Command switches used :: D:\Programi\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-10 23:54 . 2008-06-10 23:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 23:54 . 2008-06-10 23:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 01:16 . 2008-06-12 07:20 56 ---h----- C:\WINDOWS\popcreg.dat
2008-06-04 01:16 . 2008-06-12 07:20 32 --a------ C:\WINDOWS\popcinfot.dat
2008-06-03 20:15 . 2007-10-13 19:33 352,256 --a------ C:\WINDOWS\system32\pmls.dll
2008-06-03 20:15 . 2007-10-13 19:34 86,016 --a------ C:\WINDOWS\system32\pmservice.exe
2008-06-03 12:06 . 2008-06-03 22:30 921,624 --a------ C:\img2-001.raw
2008-06-03 11:29 . 2008-06-11 16:01 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\skypePM
2008-06-03 11:29 . 2008-06-03 11:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-03 11:28 . 2008-06-03 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-03 10:53 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2008-06-03 10:46 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-06-03 10:46 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnpx32.dll
2008-06-03 10:25 . 2008-06-03 10:46 <DIR> d-------- C:\Program Files\Common Files\snp325
2008-06-03 10:25 . 2008-06-03 10:25 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\InstallShield
2008-06-03 10:25 . 2007-07-24 10:21 10,394,624 --a------ C:\WINDOWS\system32\drivers\snp325.sys
2008-06-03 10:25 . 2007-05-10 13:18 835,584 --a------ C:\WINDOWS\vsnp325.exe
2008-06-03 10:25 . 2007-04-21 09:30 270,336 --a------ C:\WINDOWS\tsnp325.exe
2008-06-03 10:25 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnp325.dll
2008-06-03 10:25 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnp325.dll
2008-06-03 10:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp325.dll
2008-06-03 10:25 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe
2008-06-03 10:25 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snp325.ini
2008-06-03 10:25 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snp325.src
2008-06-02 20:20 . 2008-06-10 15:54 2,672 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-02 20:20 . 2008-06-10 15:54 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Program Files\SweetIM
2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-06-02 03:11 . 2008-06-02 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-02 02:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-01 20:20 . 2008-06-01 20:20 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-06-01 18:03 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\(zabranjeno)lock
2008-06-01 11:00 . 2008-06-01 11:00 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\vlc
2008-06-01 10:55 . 2008-06-01 19:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 00:57 . 2008-06-01 00:57 <DIR> d-------- C:\Program Files\SubtitleCreator
2008-05-29 23:55 . 2008-06-12 01:43 <DIR> d-------- C:\Program Files\Professional §©®ÎÞt v.3 Black
2008-05-29 22:37 . 2008-05-29 22:37 56,565 --a------ C:\WINDOWS\system32\SDL_image.dll
2008-05-29 22:26 . 2008-05-29 22:26 266,436 --a------ C:\WINDOWS\system32\tiff.dll
2008-05-29 21:36 . 2008-05-29 21:27 1,732,518 --a------ C:\WINDOWS\system32\libgsl.dll
2008-05-29 21:36 . 2008-05-29 21:27 243,671 --a------ C:\WINDOWS\system32\libgslcblas.dll
2008-05-29 21:12 . 2008-05-29 21:12 573,440 --a------ C:\WINDOWS\system32\alleg42.dll
2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Sony Setup
2008-05-29 18:24 . 2008-05-29 18:29 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\SmsDiscount
2008-05-29 14:18 . 2008-05-29 22:40 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Dev-Cpp
2008-05-29 14:16 . 2008-05-29 22:36 <DIR> d-------- C:\Dev-Cpp
2008-05-29 07:59 . 2008-05-29 07:59 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-28 08:18 . 2008-05-28 08:18 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\JLC's Software
2008-05-28 08:17 . 2008-05-28 08:28 <DIR> d-------- C:\Program Files\JLC's Software
2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Program Files\TimeAdjuster
2008-05-26 13:43 . 2008-06-05 20:42 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Any Video Converter
2008-05-25 19:47 . 2008-05-25 19:47 <DIR> d-------- C:\Program Files\Rapishare Free Account Check
2008-05-25 19:47 . 2008-05-25 19:47 104,201 --a------ C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe
2008-05-25 12:05 . 2008-05-25 12:05 <DIR> d-------- C:\Program Files\uTorrent
2008-05-25 12:05 . 2008-06-07 00:47 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\uTorrent
2008-05-25 11:36 . 2008-06-11 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-24 15:14 . 2008-05-24 15:14 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-23 12:33 . 2008-05-23 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-23 12:32 . 2008-05-23 12:51 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Azureus
2008-05-22 22:38 . 2008-05-22 22:38 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-05-22 22:36 . 2008-05-22 22:36 25 --a------ C:\WINDOWS\ES_1_D1.prf
2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\ES_2_D1.prf
2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\AM_D0.PRF
2008-05-22 18:26 . 2008-05-30 01:07 <DIR> d-------- C:\Documents and Settings\Djole\Contacts
2008-05-22 18:19 . 2008-05-22 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-05-22 18:18 . 2008-05-22 18:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-22 16:33 . 2002-11-27 14:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-05-22 16:33 . 2002-11-27 14:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-05-22 16:33 . 2002-11-27 14:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-05-22 16:33 . 2002-11-27 14:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-05-18 23:29 . 2008-05-18 23:29 4,080 --a------ C:\WINDOWS\GAMF0DRV.BIN
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 16:03 . 2008-05-12 16:05 <DIR> d-------- C:\WINDOWS\NV1636328.TMP
2008-05-12 15:49 . 2008-05-23 12:36 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-12 15:45 . 2008-05-12 15:45 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 06:30 --------- d-----w C:\Program Files\a-squared Free
2008-06-12 06:28 --------- d-----w C:\Documents and Settings\Djole\Application Data\SiteAdvisor
2008-06-11 23:54 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB30B.tmp
2008-06-11 18:40 --------- d-----w C:\Documents and Settings\Djole\Application Data\Skype
2008-06-10 23:08 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB30A.tmp
2008-06-10 20:55 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB309.tmp
2008-06-10 13:53 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB308.tmp
2008-06-10 09:54 --------- d-----w C:\Program Files\Free Download Manager
2008-06-09 11:26 --------- d-----w C:\Program Files\Winamp
2008-06-08 22:39 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB307.tmp
2008-06-07 22:30 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB306.tmp
2008-06-07 18:42 --------- d-----w C:\Program Files\JetAudio
2008-06-06 23:04 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB305.tmp
2008-06-05 14:58 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB304.tmp
2008-06-04 23:54 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB303.tmp
2008-06-03 23:25 --------- d-----w C:\Program Files\PopCap Games
2008-06-03 09:29 --------- d-----w C:\Program Files\Skype
2008-06-03 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 23:20 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB302.tmp
2008-06-02 22:42 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB301.tmp
2008-06-02 18:20 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB300.tmp
2008-06-02 01:11 --------- d-----w C:\Program Files\Real
2008-06-02 01:11 --------- d-----w C:\Program Files\Common Files\Real
2008-06-02 00:47 --------- d-----w C:\Program Files\Java
2008-06-01 19:26 --------- d-----w C:\Program Files\FDRLab
2008-06-01 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 17:25 --------- d-----w C:\Program Files\Lavasoft
2008-06-01 16:58 --------- d-----w C:\Program Files\EA GAMES
2008-06-01 16:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 16:04 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2FF.tmp
2008-05-31 23:51 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2FE.tmp
2008-05-31 17:27 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2FD.tmp
2008-05-30 23:39 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB2FC.tmp
2008-05-30 13:27 --------- d-----w C:\Program Files\Warcraft III
2008-05-30 06:13 --------- d-----w C:\Program Files\Google
2008-05-29 23:09 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB2FB.tmp
2008-05-28 23:33 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2FA.tmp
2008-05-28 06:34 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB2F9.tmp
2008-05-26 22:27 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2F8.tmp
2008-05-25 23:00 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2F7.tmp
2008-05-25 11:11 --------- d-----w C:\Program Files\Picasa2
2008-05-24 11:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-24 00:37 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F6.tmp
2008-05-23 19:22 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2F5.tmp
2008-05-23 10:42 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F4.tmp
2008-05-22 21:31 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB2F3.tmp
2008-05-22 11:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2F2.tmp
2008-05-21 21:55 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2F1.tmp
2008-05-21 14:05 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2F0.tmp
2008-05-20 20:03 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2EF.tmp
2008-05-20 11:00 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB2EE.tmp
2008-05-20 08:52 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2ED.tmp
2008-05-19 22:16 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EC.tmp
2008-05-19 14:42 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2EB.tmp
2008-05-18 12:43 --------- d-----w C:\Program Files\RegScrubXP
2008-05-17 23:30 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EA.tmp
2008-05-17 20:34 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E9.tmp
2008-05-16 18:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E8.tmp
2008-05-16 08:17 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E7.tmp
2008-05-15 22:32 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E6.tmp
2008-05-14 22:54 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB2E5.tmp
2008-05-14 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2E4.tmp
2008-05-14 13:33 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB2E3.tmp
2008-05-14 06:43 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E2.tmp
2008-05-13 22:30 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E1.tmp
2008-05-13 09:12 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB2E0.tmp
2008-05-12 22:52 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2DF.tmp
2008-05-12 18:21 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2DE.tmp
2008-05-12 14:04 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB2DD.tmp
2008-05-12 08:06 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DC.tmp
2008-05-11 22:21 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DB.tmp
2008-05-11 08:13 --------- d-----w C:\Documents and Settings\Djole\Application Data\Lavasoft
2008-05-10 22:49 198,144 ----a-w C:\WINDOWS\Internet Logs\xDB2DA.tmp
2008-05-10 18:14 --------- d-----w C:\Program Files\Parallel Port Joystick
2008-05-10 17:23 0 ----a-w C:\subafsfile0.bin
2008-05-10 17:22 666,800 ----a-w C:\bin0.bin
2008-05-09 22:29 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D9.tmp
2008-05-09 18:43 113,152 ----a-w C:\WINDOWS\Internet Logs\xDB2D8.tmp
2008-05-09 10:58 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB2D7.tmp
2008-05-08 10:38 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2D6.tmp
2008-05-07 14:49 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2008-05-07 14:49 --------- d-----w C:\Program Files\REAPER
2008-05-07 06:19 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2D5.tmp
2008-05-06 16:01 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D4.tmp
2008-05-06 11:10 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D3.tmp
2008-05-05 22:30 14,848 ----a-w C:\WINDOWS\Internet Logs\xDB2D2.tmp
2008-05-05 00:19 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2D1.tmp
2008-05-04 23:19 --------- d-----w C:\Program Files\Garfield Goes to Pieces
2008-05-04 17:19 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D0.tmp
2008-05-04 11:47 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2CF.tmp
2008-05-03 23:49 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB2CE.tmp
2008-05-03 00:00 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2CD.tmp
2008-05-02 16:53 --------- d-----w C:\Program Files\Magicne Igrice
2008-05-02 14:48 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB2CC.tmp
2008-05-02 09:51 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB2CB.tmp
2008-05-01 23:00 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2CA.tmp
2008-05-01 05:59 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2C9.tmp
2008-04-30 22:59 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2C8.tmp
2008-04-30 15:25 16,384 ----a-w C:\WINDOWS\Internet Logs\xDB2C7.tmp
2008-04-29 22:23 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2C6.tmp
2005-09-27 18:24 152 --sh--r C:\WINDOWS\system32\5C39DEE95A.sys
2007-07-09 11:55 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\NV1636328.TMP ----

2007-12-05 01:41 91094 --a------ C:\WINDOWS\NV1636328.TMP\nv3d.chm
2007-12-05 01:41 54988 --a------ C:\WINDOWS\NV1636328.TMP\nvmob.chm
2007-12-05 01:41 175045 --a------ C:\WINDOWS\NV1636328.TMP\nvdsp.chm
2007-12-05 01:41 121431 --a------ C:\WINDOWS\NV1636328.TMP\nvcpl.chm


((((((((((((((((((((((((((((( snapshot@2008-06-10_21.28.28,21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 14:16:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 05:11:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-01-08 21:22 917504]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-09-07 12:13 208896]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-09-07 12:14 69632]
"WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-10-03 08:37 217088]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 10:45 401408]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 05:59 307200]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:30 270336]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480]
"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 03:11 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41 13312]

C:\Documents and Settings\Djole\Start Menu\Programs\Startup\
Calendarium.lnk - C:\Program Files\Calendarium\Calendarium.exe [2001-04-20 16:32:52 1522176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-12-23 11:19:47 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.IV41"= ir41_32.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk
backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2004-09-29 03:01 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-09-15 15:58 1212466 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-01 14:56 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2004-09-29 03:26 192512 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]



*Newly Created Service* - PCALERTDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 16:18:59 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 08:41:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 8:46:33
ComboFix-quarantined-files.txt 2008-06-12 06:46:24
ComboFix2.txt 2008-06-10 19:29:46

Pre-Run: 3,886,489,600 bytes free
Post-Run: 3,869,958,144 bytes free

329


p.s.:Tokom skeniranja mi je NOD prijavio da stavlja u karantin neki fajl,Da li je trebalo da opet stopiram NOD kao prosli put i da li je zeznuo sken?Evo linije iz NOD-a:Time Module Object Name Threat Action User Information
12.6.2008 8:36:20 AMON file C:\DOCUME~1\Djole\LOCALS~1\Temp\Av-test.txt Eicar test file quarantined - deleted HOME-D4L27OJDCY\Djole Event occurred on a new file created by the application: C:\WINDOWS\system32\CF25988.exe. The file was moved to quarantine. You may close this window.
???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stopiraj opet NOD i uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\popcreg.dat
C:\WINDOWS\popcinfot.dat
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.