komp se restartuje sam

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prikaci mi komletan log. Ispod prozora za odgovor imas opciju Prikaci fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 29 Maj 2011 17:29

koji log da prikacim?

Dopuna: 29 Maj 2011 17:30

ComboFix sam prikacio ceo izvestaj

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

gilespis ::Napisano: 29 Maj 2011 17:29

koji log da prikacim?

Dopuna: 29 Maj 2011 17:30

ComboFix sam prikacio ceo izvestaj


Nisi iskopirao ceo log. Pogledaj na C:\Combofix.txt i iskoristi opciju Prikaci fajl u sledecem postu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

ok, vidim
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

RegLock::
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

------------------------------------------


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 30 Maj 2011 21:04

ovaj prvi deo, da postavim log koji bude bio nnapravljen na kraju ciscenja nisam bas razumeo, jer kad se sve zavrsilo nista nisam mogao da postavim

Dopuna: 30 Maj 2011 21:36

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 30.5.2011 21:12:06

Searching for connected USB Mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
========================================

Searching for other storage...
----------------------------------------
F: {55237bc5-411e-11e0-9ae4-806e6f6e6963}
C: {8ce65185-e62f-11df-861d-806e6f6e6963}
D: {8ce65186-e62f-11df-861d-806e6f6e6963}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on I:
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
No Desktop.ini files found on I:
No mimics found on drive I:
No .lnk/.pif/.com/.scr files found on drive I:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8ce65185-e62f-11df-861d-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8ce65186-e62f-11df-861d-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 55237bc5-411e-11e0-9ae4-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed I:
========================================


New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:18

Scanning for connected removable storage...
----------------------------------------
I: {8cdc1f57-3028-11e0-8448-00e04da51dad}
J: {8cdc1f5d-3028-11e0-8448-00e04da51dad}
Added J:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 30.5.2011 21:14:19

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
Sanitized mountpoint for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
No mountpoint found for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

========================================
Removed J:
========================================


New device connected at 30.5.2011 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 30.5.2011 21:18:14

Scanning for connected USB mass storage...
----------------------------------------
I: {f3366286-fbdd-11df-91b6-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for f3366286-fbdd-11df-91b6-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================
USBNoRisk 2.7 (28 December 2010) by bobby

Started at 30.5.2011 21:12:06

Searching for connected USB Mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
========================================

Searching for other storage...
----------------------------------------
F: {55237bc5-411e-11e0-9ae4-806e6f6e6963}
C: {8ce65185-e62f-11df-861d-806e6f6e6963}
D: {8ce65186-e62f-11df-861d-806e6f6e6963}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on I:
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
No Desktop.ini files found on I:
No mimics found on drive I:
No .lnk/.pif/.com/.scr files found on drive I:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8ce65185-e62f-11df-861d-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8ce65186-e62f-11df-861d-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 55237bc5-411e-11e0-9ae4-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed I:
========================================


New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:18

Scanning for connected removable storage...
----------------------------------------
I: {8cdc1f57-3028-11e0-8448-00e04da51dad}
J: {8cdc1f5d-3028-11e0-8448-00e04da51dad}
Added J:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 30.5.2011 21:14:19

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
Sanitized mountpoint for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
No mountpoint found for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

========================================
Removed J:
========================================


New device connected at 30.5.2011 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 30.5.2011 21:18:14

Scanning for connected USB mass storage...
----------------------------------------
I: {f3366286-fbdd-11df-91b6-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for f3366286-fbdd-11df-91b6-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================
USBNoRisk 2.7 (28 December 2010) by bobby

Started at 30.5.2011 21:12:06

Searching for connected USB Mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
========================================

Searching for other storage...
----------------------------------------
F: {55237bc5-411e-11e0-9ae4-806e6f6e6963}
C: {8ce65185-e62f-11df-861d-806e6f6e6963}
D: {8ce65186-e62f-11df-861d-806e6f6e6963}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on I:
No Autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
No Desktop.ini files found on I:
No mimics found on drive I:
No .lnk/.pif/.com/.scr files found on drive I:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8ce65185-e62f-11df-861d-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8ce65186-e62f-11df-861d-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 55237bc5-411e-11e0-9ae4-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed I:
========================================


New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:18

Scanning for connected removable storage...
----------------------------------------
I: {8cdc1f57-3028-11e0-8448-00e04da51dad}
J: {8cdc1f5d-3028-11e0-8448-00e04da51dad}
Added J:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 30.5.2011 21:14:19

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No Autorun.inf files found on J:
Sanitized mountpoint for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

No blocked files found on J:
----------------------------------------
No Autorun.inf files found on J:
No mountpoint found for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

========================================
Removed J:
========================================


New device connected at 30.5.2011 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No Autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 30.5.2011 21:18:14

Scanning for connected USB mass storage...
----------------------------------------
I: {f3366286-fbdd-11df-91b6-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No Autorun.inf files found on I:
Sanitized mountpoint for f3366286-fbdd-11df-91b6-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================

Dopuna: 30 Maj 2011 21:37

sto se tice combofix, prijavljuje mi neki virus, i da je rizicno

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:
sto se tice combofix, prijavljuje mi neki virus, i da je rizicno

Koji virus ti prijavljuje, da nije Rootkit?

Obrisi ikonicu Combofixa sa deskopa, preuzmi novi Combofix i pokreni ga. Ukoliko trazi restart ne diraj nista dok ne zavrsi, a zatim mi prikaci izvestaj.

Ne zaboravi da iskljucis antivirus.

Ne ubadaj fleske u komp dok ne zavrsimo, to cemo na kraju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 31 Maj 2011 19:22

mycity.rs/must-login.png


ComboFix 11-05-31.01 - Gile 31.05.2011 19:05:03.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1791.1104 [GMT 2:00]
Running from: c:\users\Gile\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 17:12 . 2011-05-31 17:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 17:12 . 2011-05-31 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 19:25 . 2011-05-30 19:25 -------- d-----w- c:\users\Gile\AppData\Local\{A21AF99C-8B80-4303-ABFF-4271D84D1148}
2011-05-30 19:11 . 2011-05-30 19:29 -------- d-----w- C:\USBNoRisk
2011-05-29 12:31 . 2011-05-31 17:12 -------- d-----w- c:\users\Gile\AppData\Local\temp
2011-05-25 14:51 . 2011-05-25 14:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-22 20:00 . 2011-05-22 20:00 -------- d-----w- c:\users\Gile\AppData\Local\{FB2BAC37-DC46-4782-A7AA-1042587DB014}
2011-05-20 23:30 . 2011-05-20 23:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 20:56 . 2011-05-18 20:56 -------- d-----w- c:\users\Gile\AppData\Local\{7BB8504B-423D-4952-9CB5-A68FA1DE7035}
2011-05-07 21:34 . 2011-05-07 21:34 -------- d-----w- c:\users\Gile\AppData\Local\{2F164867-F2E2-42CB-B3C1-59C489E5213F}
2011-05-07 02:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52B86E56-7D73-4A22-8708-670534E895B8}\mpengine.dll
2011-05-05 20:57 . 2011-05-05 20:57 -------- d-----w- c:\users\Gile\AppData\Local\{74B0B765-B41C-44EC-9C3C-C94C030D36E8}
2011-05-04 18:13 . 2011-05-04 18:13 -------- d-----w- c:\windows\Sun
2011-05-03 20:42 . 2011-05-03 20:42 -------- d-----w- c:\users\Gile\AppData\Local\{911A405C-CBC6-4503-B829-95F3B1B7CC3A}
2011-05-02 17:39 . 2011-05-02 17:39 -------- d-----w- c:\users\Gile\AppData\Local\{D7B84003-6D2C-4CBF-8215-1933D215B3C0}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 14:51 . 2007-04-20 17:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-25 14:51 . 2007-04-20 17:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-10 13:20 . 2011-04-10 13:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-10 13:20 . 2011-04-10 13:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-10 13:20 . 2011-04-10 13:20 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-10 13:20 . 2011-04-10 13:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-10 13:20 . 2011-04-10 13:20 367104 ----a-w- c:\windows\system32\html.iec
2011-04-10 13:20 . 2011-04-10 13:20 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-10 13:20 . 2011-04-10 13:20 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-10 13:20 . 2011-04-10 13:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-10 13:20 . 2011-04-10 13:20 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 13:20 . 2011-04-10 13:20 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-10 13:20 . 2011-04-10 13:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-10 13:20 . 2011-04-10 13:20 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-10 13:20 . 2011-04-10 13:20 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-10 13:20 . 2011-04-10 13:20 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-10 13:20 . 2011-04-10 13:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-10 13:20 . 2011-04-10 13:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-10 13:20 . 2011-04-10 13:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-10 13:20 . 2011-04-10 13:20 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-10 13:20 . 2011-04-10 13:20 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-10 13:18 . 2011-04-10 13:18 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-10 13:18 . 2011-04-10 13:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-10 13:18 . 2011-04-10 13:18 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-10 13:18 . 2011-04-10 13:18 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-10 13:18 . 2011-04-10 13:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-10 13:18 . 2011-04-10 13:18 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-10 13:18 . 2011-04-10 13:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-10 13:18 . 2011-04-10 13:18 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-10 13:18 . 2011-04-10 13:18 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-10 13:18 . 2011-04-10 13:18 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-10 13:18 . 2011-04-10 13:18 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-10 13:18 . 2011-04-10 13:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-10 13:18 . 2011-04-10 13:18 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-20 11:45 . 2011-03-20 11:45 200704 ----a-w- c:\windows\iesshell.dll
2011-03-19 09:11 . 2010-11-01 18:52 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-08 19:21 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 19:44 . 2011-03-22 19:02 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-05-29 08:55 . 2011-05-27 20:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-29_12.32.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-05-31 16:55 38540 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-01 18:27 . 2011-05-31 16:55 16268 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-645272826-3440467161-2187692222-1000_UserData.bin
- 2011-05-29 08:51 . 2011-05-29 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-31 16:52 . 2011-05-31 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-29 08:51 . 2011-05-29 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-31 16:52 . 2011-05-31 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-05-30 19:58 835550 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2011-05-31 04:13 300184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-05-29 08:50 300184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-05-30 19:30 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2011-05-28 10:06 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:05 . 2011-05-30 19:58 1400602 c:\windows\System32\perfh009.dat
+ 2010-11-07 11:37 . 2011-05-31 04:13 1937616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-07 11:37 . 2011-05-29 08:50 1937616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-05 23:59 . 2011-05-31 04:13 1524132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-645272826-3440467161-2187692222-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]
"HFALoader"="c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe" [2011-04-11 2887168]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-25 273544]
.
c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-1 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InSight.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InSight.lnk
backup=c:\windows\pss\InSight.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-02 18:09 136176 ----atw- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HFALoader]
2011-04-11 13:35 2887168 ----a-w- c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-02-22 15:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-25 14:51 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-16 13224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000Core.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000UA.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\e7vy9dxl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-31 19:14:09
ComboFix-quarantined-files.txt 2011-05-31 17:14
ComboFix2.txt 2011-05-29 12:36
.
Pre-Run: 9.612.902.400 bytes free
Post-Run: 9.421.275.136 bytes free
.
- - End Of File - - 14AE11C995E8A83BAA7E6F18A3CD7A96

Dopuna: 31 Maj 2011 19:24

kad sam prosli put ukljucio combo nije mi prikazivao virus, ve posle toga kad sam privlacio onaj notepade u kombo, sto si mi poslao

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ajde sad polako, nema frke Ovo da odradimo i racunar ce biti ok, posle prelazimo na flesku.

Iskljuci AV obavezno

Otvoriti Notepad i iskopirati sledeci tekst:


Snapshot::

RegLock::
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

---------------------------------

Odradi ovo, pa cemo posle fleske

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png


ComboFix 11-05-31.01 - Gile 31.05.2011 20:50:31.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1791.1116 [GMT 2:00]
Running from: c:\users\Gile\Desktop\ComboFix.exe
Command switches used :: c:\users\Gile\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 18:57 . 2011-05-31 18:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 18:57 . 2011-05-31 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 18:28 . 2011-05-31 18:28 -------- d-----w- c:\users\Gile\AppData\Local\{ECB2E076-0D8F-4F81-9253-7BEED1D580D8}
2011-05-30 19:25 . 2011-05-30 19:25 -------- d-----w- c:\users\Gile\AppData\Local\{A21AF99C-8B80-4303-ABFF-4271D84D1148}
2011-05-30 19:11 . 2011-05-30 19:29 -------- d-----w- C:\USBNoRisk
2011-05-29 12:31 . 2011-05-31 18:57 -------- d-----w- c:\users\Gile\AppData\Local\temp
2011-05-25 14:51 . 2011-05-25 14:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-22 20:00 . 2011-05-22 20:00 -------- d-----w- c:\users\Gile\AppData\Local\{FB2BAC37-DC46-4782-A7AA-1042587DB014}
2011-05-20 23:30 . 2011-05-20 23:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 20:56 . 2011-05-18 20:56 -------- d-----w- c:\users\Gile\AppData\Local\{7BB8504B-423D-4952-9CB5-A68FA1DE7035}
2011-05-07 21:34 . 2011-05-07 21:34 -------- d-----w- c:\users\Gile\AppData\Local\{2F164867-F2E2-42CB-B3C1-59C489E5213F}
2011-05-07 02:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52B86E56-7D73-4A22-8708-670534E895B8}\mpengine.dll
2011-05-05 20:57 . 2011-05-05 20:57 -------- d-----w- c:\users\Gile\AppData\Local\{74B0B765-B41C-44EC-9C3C-C94C030D36E8}
2011-05-04 18:13 . 2011-05-04 18:13 -------- d-----w- c:\windows\Sun
2011-05-03 20:42 . 2011-05-03 20:42 -------- d-----w- c:\users\Gile\AppData\Local\{911A405C-CBC6-4503-B829-95F3B1B7CC3A}
2011-05-02 17:39 . 2011-05-02 17:39 -------- d-----w- c:\users\Gile\AppData\Local\{D7B84003-6D2C-4CBF-8215-1933D215B3C0}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 14:51 . 2007-04-20 17:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-25 14:51 . 2007-04-20 17:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-10 13:20 . 2011-04-10 13:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-10 13:20 . 2011-04-10 13:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-10 13:20 . 2011-04-10 13:20 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-10 13:20 . 2011-04-10 13:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-10 13:20 . 2011-04-10 13:20 367104 ----a-w- c:\windows\system32\html.iec
2011-04-10 13:20 . 2011-04-10 13:20 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-10 13:20 . 2011-04-10 13:20 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-10 13:20 . 2011-04-10 13:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-10 13:20 . 2011-04-10 13:20 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 13:20 . 2011-04-10 13:20 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-10 13:20 . 2011-04-10 13:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-10 13:20 . 2011-04-10 13:20 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-10 13:20 . 2011-04-10 13:20 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-10 13:20 . 2011-04-10 13:20 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-10 13:20 . 2011-04-10 13:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-10 13:20 . 2011-04-10 13:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-10 13:20 . 2011-04-10 13:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-10 13:20 . 2011-04-10 13:20 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-10 13:20 . 2011-04-10 13:20 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-10 13:18 . 2011-04-10 13:18 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-10 13:18 . 2011-04-10 13:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-10 13:18 . 2011-04-10 13:18 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-10 13:18 . 2011-04-10 13:18 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-10 13:18 . 2011-04-10 13:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-10 13:18 . 2011-04-10 13:18 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-10 13:18 . 2011-04-10 13:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-10 13:18 . 2011-04-10 13:18 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-10 13:18 . 2011-04-10 13:18 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-10 13:18 . 2011-04-10 13:18 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-10 13:18 . 2011-04-10 13:18 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-10 13:18 . 2011-04-10 13:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-10 13:18 . 2011-04-10 13:18 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-20 11:45 . 2011-03-20 11:45 200704 ----a-w- c:\windows\iesshell.dll
2011-03-19 09:11 . 2010-11-01 18:52 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-08 19:21 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 19:44 . 2011-03-22 19:02 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-05-29 08:55 . 2011-05-27 20:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]
"HFALoader"="c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe" [2011-04-11 2887168]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-25 273544]
.
c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-1 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InSight.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InSight.lnk
backup=c:\windows\pss\InSight.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-02 18:09 136176 ----atw- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HFALoader]
2011-04-11 13:35 2887168 ----a-w- c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-02-22 15:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-25 14:51 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-16 13224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000Core.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000UA.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\e7vy9dxl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
Completion time: 2011-05-31 20:58:54
ComboFix-quarantined-files.txt 2011-05-31 18:58
ComboFix2.txt 2011-05-31 17:14
ComboFix3.txt 2011-05-29 12:36
.
Pre-Run: 9.293.451.264 bytes free
Post-Run: 9.323.978.752 bytes free
.
- - End Of File - - FB5A53BB140C52F5D3633CFB5CB022BD