Internet Explorer - cudan problem

Evo, uradila kako ste rekli:

ComboFix 09-08-23.01 - Internet Nanny 24.08.2009 15:42.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.405 [GMT 2:00]
Running from: c:\documents and settings\Internet Nanny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Internet Nanny\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090823-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EORFDPWUQ


((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-23 18:44 . 2009-08-23 18:44 -------- d-----w- c:\program files\Trend Micro
2009-08-23 15:45 . 2009-08-23 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 15:45 . 2009-08-23 15:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-12 01:01 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 01:00 . 2009-08-12 01:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-09 01:04 . 2009-08-09 01:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 01:03 . 2009-08-09 01:03 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 01:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 01:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 01:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 01:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 01:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 01:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 01:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 01:00 . 2009-08-09 01:00 -------- d-----w- c:\program files\MSXML 6.0
2009-08-01 18:15 . 2009-08-01 18:15 -------- d-----w- c:\documents and settings\Internet Nanny\Local Settings\Application Data\Temp
2009-07-30 20:50 . 2009-07-30 20:50 -------- d-----w- c:\windows\Sun
2009-07-30 08:48 . 2009-07-30 08:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 08:48 . 2009-07-30 08:48 -------- d-----w- c:\program files\Java
2009-07-30 08:48 . 2009-07-30 08:48 152576 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-30 07:40 . 2009-07-16 12:02 52224 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll
2009-07-30 07:40 . 2009-07-16 12:02 114688 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\npmozax.dll
2009-07-30 07:37 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-30 07:37 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-30 07:37 . 2009-03-24 12:43 235520 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-30 07:37 . 2009-03-24 12:43 338432 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-30 07:37 . 2009-03-24 12:42 235008 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-30 07:37 . 2009-03-24 12:42 345088 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-30 07:25 . 2009-07-30 07:25 0 ----a-w- c:\windows\nsreg.dat
2009-07-30 07:25 . 2009-07-30 07:25 -------- d-----w- c:\documents and settings\Internet Nanny\Local Settings\Application Data\Mozilla
2009-07-30 07:17 . 2009-07-30 07:17 -------- d-----w- c:\documents and settings\Internet Nanny\Local Settings\Application Data\Opera
2009-07-30 07:15 . 2009-07-30 07:16 7562568 ----a-w- c:\documents and settings\Internet Nanny\Application Data\Opera\Opera\Opera_964_int_Setup.exe
2009-07-28 17:15 . 2009-07-28 17:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-28 17:02 . 2009-08-24 06:45 -------- d-----w- c:\documents and settings\Internet Nanny\Application Data\skypePM
2009-07-28 17:02 . 2009-07-28 17:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-28 17:00 . 2009-08-24 11:03 -------- d-----w- c:\documents and settings\Internet Nanny\Application Data\Skype
2009-07-28 17:00 . 2009-07-28 17:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-28 16:59 . 2009-07-28 16:59 -------- d-----w- c:\program files\Common Files\Skype
2009-07-28 16:59 . 2009-07-28 16:59 -------- d-----r- c:\program files\Skype
2009-07-28 16:59 . 2009-07-28 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 20:01 . 2009-05-27 13:26 -------- d-----w- c:\documents and settings\Internet Nanny\Application Data\uTorrent
2009-08-21 22:41 . 2008-12-24 17:27 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-08-19 16:25 . 2008-12-24 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 16:23 . 2009-06-22 17:59 -------- d-----w- c:\program files\Dr.Kawashima
2009-08-17 16:10 . 2008-12-24 20:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-12-24 20:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-12-24 20:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-12-24 20:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-12-24 20:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-12-24 20:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-12-24 20:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-12-24 20:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-12-24 20:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 05:41 . 2008-12-25 09:55 395848 ----a-w- c:\documents and settings\Internet Nanny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 01:03 . 2008-12-24 19:16 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:11 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 07:17 . 2009-01-02 20:21 -------- d-----w- c:\program files\Opera
2009-07-28 17:01 . 2009-03-01 19:44 -------- d-----w- c:\program files\Google
2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:31 . 2009-06-02 18:20 -------- d-----w- c:\program files\The_Pirate_Bay
2009-07-13 00:18 . 2004-08-03 23:56 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-28 19:05 . 2009-06-28 18:49 104070 ----a-w- c:\windows\hpoins04.dat
2009-06-28 18:55 . 2009-06-28 18:49 -------- d-----w- c:\program files\HP
2009-06-28 18:54 . 2009-06-28 18:54 -------- d-----w- c:\program files\Common Files\HP
2009-06-28 18:53 . 2009-06-28 18:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-28 18:53 . 2009-06-28 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-28 18:52 . 2009-06-28 18:52 45056 ----a-r- c:\documents and settings\Internet Nanny\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-06-28 17:10 . 2009-06-28 15:12 10134 ----a-r- c:\documents and settings\Internet Nanny\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-28 14:47 . 2009-06-28 14:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-26 16:18 . 2004-08-03 23:56 659456 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2004-08-03 23:56 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 23:56 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 23:56 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 23:56 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 23:56 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 23:56 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 23:56 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 23:56 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 23:56 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 23:56 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 23:56 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 23:56 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 23:56 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 23:56 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 23:56 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 23:56 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 23:56 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 23:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 23:56 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 23:56 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 23:56 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-03 23:56 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-03 23:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2008-12-24 17:13 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-03 23:56 1290752 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-24_09.31.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 13:49 . 2009-08-24 13:49 16384 c:\windows\Temp\Perflib_Perfdata_884.dat
+ 2009-08-24 13:47 . 2009-08-24 13:47 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2009-08-24 13:48 . 2009-08-24 13:48 16384 c:\windows\Temp\Perflib_Perfdata_330.dat
+ 2009-08-24 13:49 . 2005-04-08 07:51 40960 c:\windows\system32\spool\drivers\w32x86\hpofax08.dll
- 2009-08-24 09:31 . 2005-04-08 07:51 40960 c:\windows\system32\spool\drivers\w32x86\hpofax08.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2009-07-14 19:31 2215960 ----a-w- c:\program files\The_Pirate_Bay\tbThe1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe1.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-06-01 380928]
"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-11-01 2154496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-30 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-05-10 1626112]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2003-03-20 1855488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-9 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\igre novije\\C&C\\ZH\\game.dat"=
"d:\\Igre\\ZooT\\zt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2940:TCP"= 2940:TCP:dgllgi
"10304:TCP"= 10304:TCP:Utorrent

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 22:51 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 22:51 20560]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [27.5.2009 15:27 234888]
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 17:00]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
TCP: {A47073BA-E1CD-4EF9-B9E2-A6DD58D30A33} = 10.10.10.51,10.10.10.52
FF - ProfilePath - c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q=
FF - component: c:\documents and settings\Internet Nanny\Application Data\Mozilla\Firefox\Profiles\tgkm7d2a.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 15:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\slserv.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-24 15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 13:51
ComboFix2.txt 2009-08-24 09:34

Pre-Run: 1.519.546.368 bytes free
Post-Run: 1.440.284.672 bytes free

312 --- E O F --- 2009-08-23 08:22

Ok, racunar je cist, ima li sada nekih problema. Ako nema deinstaliraj Combofix

Start \ Run \ prekopiraj ovo Combofix /u pa ok.

Nema vise nikakvih problema. Pri pokretanju sistema nema IEEXPLORE.EXE, a i racunar kao da mi brze radi :) Nema onih silnih procesa i memorija mu vise nije puna. Idealno! :)

Puno, puno hvala!

PS: odinstalirala sam Combo onako kako ste rekli

:(
Moja sreca je kratko trajala. Evo, jutros se vratio IEEXPLORE.EXE i racunar i veza sa internetom su mi u potpunom haosu. Imam kablovski internet i stalno me izbacuje, onda moram da restartujem racunar da bih ponovo dobila vezu. Iskljucila sam vecinu stvari osim browsera, da ne vuce internet, ali svejedno je sve usporeno. Da li da reinstaliram software? Hoce mozda to pomoci ili ce to jos vise pogorsati stvar?

Nemas li neku flesku da si ubadala u komp u medjuvremenu. Onaj rootkit smo uklonili, nista maliciozno nema u CF logu.
Ajde da idradimo jos jednu proveru za svaki slucaj, skini http://download.bleepingcomputer.com/sUBs/dds.scr
Pokreni ga sacekaj malo da izbaci logove i zakaci mi log pod nazivom DDS.txt

Nisam ubacivala nikakav USB, ali moguce da je proslo kroz mrezu od drugog racunara.
Evo ga log:


svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\GameFace Messenger\GameFace.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Internet Nanny\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
EB: Ask Toolbar Quick View: {b0de3308-5d5a-470d-81b9-634fc078393b} - c:\windows\system32\shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe
mRun: [GameFace Messenger] c:\program files\gameface messenger\GameFace.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {A47073BA-E1CD-4EF9-B9E2-A6DD58D30A33} = 10.10.10.51,10.10.10.52
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\intern~1\applic~1\mozilla\firefox\profiles\tgkm7d2a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q=
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-24 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-24 352920]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2008-12-24 10752]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-27 234888]

=============== Created Last 30 ================

2009-08-24 17:41 <DIR> --ds---- C:\ComboFix
2009-08-24 11:33 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-24 11:24 <DIR> a-dshr-- C:\cmdcons
2009-08-23 20:44 <DIR> --d----- c:\program files\Trend Micro
2009-08-23 17:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-23 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-12 03:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-12 03:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-09 03:04 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-09 03:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 03:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 03:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 03:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 03:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-09 03:03 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-09 03:03 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-09 03:00 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-30 10:48 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-30 10:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-30 10:39 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-30 00:49 303 a------- c:\windows\ST6UNST.001
2009-07-30 00:49 303 a------- c:\windows\ST6UNST.000
2009-07-28 19:02 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-28 18:59 <DIR> --d--r-- c:\program files\Skype

==================== Find3M ====================

2009-08-22 00:41 196,608 a------- c:\windows\system32\drivers\nStandard.bin
2009-08-05 11:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 20:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-06-28 21:05 104,070 a------- c:\windows\hpoins04.dat
2009-06-26 18:18 659,456 -------- c:\windows\system32\wininet.dll
2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 20:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 20:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 20:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 20:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 20:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 20:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 20:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 20:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 20:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 20:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 20:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 20:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 10:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 10:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 10:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-22 13:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 13:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 13:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 13:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 16:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 08:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 09:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 21:27 1,290,752 a------- c:\windows\system32\quartz.dll
2001-11-23 07:08 712,704 a----r-- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 14:24:00,15 ===============


PS: da bih uopste mogla da radim na racunaru, ugasila sam u procesima IEEXPLORE.EXE. Kad je on u procesima, skoro da je nemoguce ukljuciti brows.

Moguce kad si ga iskljucila, zato ga ja ni ne vidim u logu. Probaj da ga rucno obrises, ukljuci prikazivanje skrivenih fajlova i foldera. pa ga obrisi, sad kad je iskljucen.

Skenirajte sa Dr.Web CureIt!-om racunar, sada prepoznaje zarazu.