Pokupio sam neko cudo...

1

Pokupio sam neko cudo...

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Izgleda da sam pokupio neko cudo, dovlaci nesto sa neta kad je racunar neaktivan, za sat vremena je skinuo 20-30mb. (telekom adsl je u pitanju)

Avast ne detektuje nista, probao sam i u safe modu. U servisima i u startupu ne vidim nista sumnjivo.

Netstat je pokazao konekcije ka sledecim adresama:
http://188.72.201.217/
http://65.55.17.39/
http://174.36.1.86/


Ovo mi izgleda sumnjivo u dds logu: (nisam dirao nista dok ne dobijem dalje uputstvo)
C:\Windows\system32\srvany.exe
C:\Windows\system32\lsm.exe
C:\Windows\TEMP\Szj.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\TEMP\Szh.exe
C:\Windows\system32\conhost.exe

LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Korisnik at 20:16:42.44 on Thu 05/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2046.1222 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\Windows\Explorer.EXE
C:\Program Files\IconSaver\IconSaver.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\WizMouse\WizMouse.exe
D:\temp\vmouse\volumouse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\EventGhost\EventGhost.exe
C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume OSD.exe
C:\Windows\TEMP\Szj.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\TEMP\Szh.exe
C:\Program Files\Opera 10.50 pre-alpha\opera.exe
C:\Windows\system32\taskeng.exe
C:\Users\Korisnik\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Users\Korisnik\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mystart.incredimail.com/
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [WizMouse] "c:\program files\wizmouse\WizMouse.exe"
uRun: [$Volumouse$] "d:\temp\vmouse\volumouse.exe" /nodlg
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IconSaver] "c:\program files\iconsaver\IconSaver.exe"
mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
dRun: [Canaveral] rundll32.exe c:\windows\system32\sshnas21.dll,BackupReadW
dRun: [M5T8QL3YW3] c:\windows\temp\Szh.exe
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\eventg~1.lnk - c:\program files\eventghost\EventGhost.exe
StartupFolder: c:\users\korisnik\appdata\roaming\microsoft\windows\start menu\programs\startup\Volume OSD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-30 164048]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2010-5-13 28184]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\programi\benchmark\hwinfo32\HWiNFO32.sys [2010-1-5 19064]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-30 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-30 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R2 BT848;bt848 tweaked WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2009-4-13 204127]
R2 BTTUNER;bt848 tweaked WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2009-4-13 9251]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2009-4-13 8193]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-4-25 8192]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2010-1-17 261392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-7 5430272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-7 157184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [2009-8-6 54083]
S2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\ralinkregistrywriter.exe --> c:\program files\ralink\common\RalinkRegistryWriter.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 29192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-12-30 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-12-30 24944]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-8-26 25480]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-2-3 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-2-3 11088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-30 187392]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-1-2 93336]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]

=============== Created Last 30 ================

2010-05-13 16:56:54 0 d-----w- c:\users\korisnik\appdata\roaming\Colasoft MAC Scanner
2010-05-13 16:56:54 0 d-----w- c:\program files\common files\Colasoft Shared
2010-05-13 16:56:52 0 d-----w- c:\users\korisnik\appdata\roaming\Packet Analyzer - Colasoft Capsa 7.1
2010-05-13 16:56:47 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
2010-05-13 16:56:47 0 d-----w- c:\program files\common files\Software FX Shared
2010-05-13 16:56:45 0 d-----w- c:\program files\Packet Analyzer - Colasoft Capsa 7.1 Demo
2010-05-13 16:54:17 0 d-----w- c:\program files\Flexbyte Software
2010-05-13 16:16:41 0 d-----w- c:\program files\Defraggler
2010-05-13 14:00:14 221184 ----a-w- c:\windows\system32\sshnas21.dll
2010-05-13 13:09:53 0 d-----w- c:\program files\Ask.com
2010-05-13 08:21:35 0 d-----w- c:\users\korisnik\appdata\roaming\AidMaker
2010-05-13 08:21:33 22 ----a-w- c:\windows\system32\dciman13.sys
2010-05-13 08:03:54 1376 ----a-w- c:\windows\system32\fpt9xq.ocx
2010-05-13 07:47:12 0 d-----w- c:\users\korisnik\appdata\roaming\AVS4YOU
2010-05-13 07:47:12 0 d-----w- c:\programdata\AVS4YOU
2010-05-13 07:46:38 0 d-----w- c:\program files\common files\AVSMedia
2010-05-13 07:46:27 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-13 07:46:27 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-13 07:46:27 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-13 07:46:27 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 07:46:27 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-13 07:46:27 0 d-----w- c:\program files\AVS4YOU
2010-05-08 15:51:01 0 d-----w- c:\program files\IVT Corporation
2010-05-08 15:50:59 32 ----a-w- c:\windows\0
2010-05-08 15:50:59 0 ----a-w- c:\windows\system32\0
2010-05-08 15:33:14 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-08 15:19:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-08 15:18:42 0 d-----w- c:\programdata\PC Suite
2010-05-08 15:18:16 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-08 15:17:48 0 d-----w- c:\programdata\Installations
2010-05-07 14:20:24 0 d-----w- c:\users\korisnik\appdata\roaming\DScaler4
2010-05-07 14:20:24 0 d-----w- c:\program files\DScaler
2010-05-06 07:11:32 0 d-----w- c:\users\korisnik\appdata\roaming\The Creative Assembly
2010-05-05 13:10:24 0 d-----w- c:\program files\The KMPlayer
2010-05-05 09:04:48 0 d-----w- c:\program files\Gigatron Konfigurator
2010-05-02 16:02:49 0 d-----w- c:\users\korisnik\appdata\roaming\Thinstall
2010-05-01 09:32:01 0 d-----w- c:\program files\common files\NSV
2010-04-30 22:11:08 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-30 11:21:09 0 d-----w- c:\users\korisnik\appdata\roaming\PCF-VLC
2010-04-30 11:18:03 0 d-----w- c:\users\korisnik\appdata\roaming\Participatory Culture Foundation
2010-04-30 11:17:30 0 d-----w- c:\program files\Participatory Culture Foundation
2010-04-30 07:15:22 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-30 07:13:59 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-30 07:13:58 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-30 07:13:57 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-04-30 07:13:57 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-30 07:13:10 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-30 07:13:10 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-30 07:13:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-30 07:03:20 0 d-----w- c:\programdata\ATI
2010-04-26 06:01:55 0 d-----w- c:\program files\TweakNow PowerPack 2010
2010-04-25 08:00:25 8192 ----a-w- c:\windows\system32\srvany.exe
2010-04-25 08:00:25 77824 ----a-w- c:\windows\KMService.exe
2010-04-21 12:29:24 0 d-----w- c:\users\korisnik\appdata\roaming\Bump Technologies, Inc
2010-04-21 10:53:20 0 d-----w- c:\programdata\Sun
2010-04-21 10:53:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 06:38:22 0 d-----w- c:\program files\Readon Technology

==================== Find3M ====================

2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-07 02:43:20 5430272 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16:20 489472 ----a-w- c:\windows\system32\aticfx32.dll
2010-04-07 02:13:10 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12:38 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12:12 14321664 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 02:12:04 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:10:48 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-04-07 02:10:32 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 02:10:18 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 02:10:10 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 02:06:26 3164160 ----a-w- c:\windows\system32\atidxx32.dll
2010-04-07 01:46:48 50176 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40:46 3707904 ----a-w- c:\windows\system32\atiumdag.dll
2010-04-07 01:40:18 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 01:40:10 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 01:38:12 4018176 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:23:52 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23:40 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23:32 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-04-07 01:23:10 157184 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22:44 28160 ----a-w- c:\windows\system32\atiuxpag.dll
2010-04-07 01:22:30 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-04-07 01:22:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21:08 2983936 ----a-w- c:\windows\system32\atiumdva.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:13:58 3066912 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-06 15:58:58 1759264 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-06 15:58:52 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-06 15:58:52 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-06 15:58:52 2649632 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-02 16:09:08 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-30 18:35:32 299936 ----a-w- c:\windows\system32\FMAPO.dll
2010-03-29 08:12:21 249856 ------w- c:\windows\Setup1.exe
2010-03-29 08:12:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-22 12:22:42 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-17 15:06:30 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 07:26:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-05 22:08:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:16:56.34 ===============





https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

ComboFix 10-05-13.03 - Korisnik 05/14/2010 9:37.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2046.1255 [GMT 2:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\wc98pp.dll

Infected copy of c:\windows\system32\drivers\partmgr.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-14 07:41 . 2010-05-14 07:41 -------- d-----w- c:\users\Korisnik\AppData\Local\temp
2010-05-14 07:41 . 2010-05-14 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Colasoft MAC Scanner
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Common Files\Colasoft Shared
2010-05-13 16:56 . 2010-05-13 16:57 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Packet Analyzer - Colasoft Capsa 7.1
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Common Files\Software FX Shared
2010-05-13 16:56 . 2009-12-14 16:11 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Packet Analyzer - Colasoft Capsa 7.1 Demo
2010-05-13 16:54 . 2010-05-13 16:54 -------- d-----w- c:\program files\Flexbyte Software
2010-05-13 16:16 . 2010-05-13 16:16 -------- d-----w- c:\program files\Defraggler
2010-05-13 13:09 . 2010-05-13 13:09 -------- d-----w- c:\program files\Ask.com
2010-05-13 08:21 . 2010-05-13 08:21 0 ----a-w- c:\users\Korisnik\AppData\Roaming\AidMaker\AIDMAKERSILENTBUNDLESETUP.EXE
2010-05-13 08:21 . 2010-05-13 08:21 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AidMaker
2010-05-13 08:21 . 2007-02-07 09:01 22 ----a-w- c:\windows\system32\dciman13.sys
2010-05-13 07:47 . 2010-05-13 07:47 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVS4YOU
2010-05-13 07:47 . 2010-05-13 07:47 -------- d-----w- c:\programdata\AVS4YOU
2010-05-13 07:46 . 2010-05-13 16:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-13 07:46 . 2010-05-13 16:03 -------- d-----w- c:\program files\AVS4YOU
2010-05-13 07:46 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-13 07:46 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-13 07:46 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-13 07:46 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-13 07:46 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-12 11:05 . 2010-05-12 11:05 45056 ---ha-w- c:\users\Korisnik\AppData\Roaming\Microsoft\Emulator for Windows CE\VPCKeyboard.dll
2010-05-09 21:50 . 2010-05-09 21:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-05-09 21:48 . 2010-05-09 21:48 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-09 21:46 . 2010-05-09 21:46 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-08 16:15 . 2008-09-08 13:11 13099456 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\PCCS.exe
2010-05-07 14:20 . 2010-05-13 08:32 -------- d-----w- c:\program files\DScaler
2010-05-07 14:20 . 2010-05-07 14:25 -------- d-----w- c:\users\Korisnik\AppData\Roaming\DScaler4
2010-05-06 07:11 . 2010-05-06 07:11 -------- d-----w- c:\users\Korisnik\AppData\Roaming\The Creative Assembly
2010-05-05 13:10 . 2010-05-05 13:10 -------- d-----w- c:\program files\The KMPlayer
2010-05-05 09:04 . 2010-05-05 09:05 -------- d-----w- c:\program files\Gigatron Konfigurator
2010-05-02 16:02 . 2010-05-02 16:02 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Thinstall
2010-05-02 16:02 . 2010-05-02 16:02 -------- d-----w- c:\users\Korisnik\AppData\Local\Thinstall
2010-05-01 09:32 . 2010-05-01 09:32 -------- d-----w- c:\program files\Common Files\NSV
2010-04-30 22:11 . 2010-04-30 22:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-30 11:21 . 2010-04-30 11:21 -------- d-----w- c:\users\Korisnik\AppData\Roaming\PCF-VLC
2010-04-30 11:18 . 2010-04-30 11:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Participatory Culture Foundation
2010-04-30 11:17 . 2010-04-30 11:17 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-04-30 07:15 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-30 07:13 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-30 07:13 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-30 07:13 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-30 07:13 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-04-30 07:13 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-30 07:13 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-30 07:13 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-30 07:03 . 2010-04-30 07:03 -------- d-----w- c:\programdata\ATI
2010-04-26 06:01 . 2010-04-27 10:20 -------- d-----w- c:\program files\TweakNow PowerPack 2010
2010-04-25 08:00 . 2010-04-10 07:03 77824 ----a-w- c:\windows\KMService.exe
2010-04-25 08:00 . 2003-04-18 17:06 8192 ----a-w- c:\windows\system32\srvany.exe
2010-04-24 09:27 . 2010-04-24 09:27 -------- d-----w- c:\program files\7-Zip
2010-04-21 12:29 . 2010-04-21 12:29 -------- d-----w- c:\users\Korisnik\AppData\Local\Bump Technologies, Inc
2010-04-21 12:29 . 2010-04-21 12:29 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Bump Technologies, Inc
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\windows\Sun
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\program files\Common Files\Java
2010-04-21 10:53 . 2010-04-21 10:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\program files\Java
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_F7BD5300A94D01B980311C.exe
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_6FEFF9B68218417F98F549.exe
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_4C2FBD8A940F15BB854FB5.exe
2010-04-20 06:38 . 2010-04-20 06:38 -------- d-----w- c:\program files\Readon Technology

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 07:42 . 2009-12-30 14:43 -------- d-----w- c:\program files\SpeedFan
2010-05-13 22:26 . 2009-12-30 14:51 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Skype
2010-05-13 22:24 . 2009-12-30 14:55 -------- d-----w- c:\users\Korisnik\AppData\Roaming\uTorrent
2010-05-13 16:16 . 2009-12-31 09:40 -------- d-----w- c:\program files\CCleaner
2010-05-13 16:15 . 2010-03-17 23:12 -------- d-----w- c:\program files\RocketDock
2010-05-13 16:09 . 2009-12-30 14:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-13 16:07 . 2009-12-30 20:53 -------- d-----w- c:\program files\Ray Adams
2010-05-13 16:05 . 2010-03-29 08:12 -------- d-----w- c:\program files\iGoEditor
2010-05-13 08:51 . 2010-02-02 21:23 -------- d-----w- c:\users\Korisnik\AppData\Roaming\vlc
2010-05-13 08:38 . 2009-12-30 20:50 111592 ----a-w- c:\users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-13 06:17 . 2010-01-23 22:31 -------- d-----w- c:\program files\MSI Kombustor
2010-05-12 08:24 . 2009-12-30 14:56 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AIMP
2010-05-10 08:10 . 2010-03-09 14:51 -------- d-----w- c:\programdata\VMware
2010-05-09 15:33 . 2009-12-31 11:29 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Wildfire
2010-05-08 16:15 . 2010-05-08 16:15 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-08 16:15 . 2010-05-08 15:17 -------- d-----w- c:\programdata\Installations
2010-05-08 15:51 . 2009-12-30 14:30 -------- d-----w- c:\program files\fraps
2010-05-08 15:51 . 2010-05-08 15:51 -------- d-----w- c:\program files\IVT Corporation
2010-05-08 15:33 . 2010-05-08 15:33 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\PC Suite
2010-05-08 15:19 . 2010-05-08 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Nokia
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\programdata\PC Suite
2010-05-08 15:18 . 2009-12-30 15:01 -------- d-----w- c:\program files\DIFX
2010-05-08 15:18 . 2010-05-08 15:18 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-08 15:18 . 2010-05-08 15:18 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-08 15:18 . 2010-05-08 15:18 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-08 15:18 . 2010-05-08 15:18 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-08 15:16 . 2009-12-30 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 07:59 . 2009-12-31 09:19 -------- d-----w- c:\users\Korisnik\AppData\Roaming\.purple
2010-05-06 20:59 . 2009-12-30 15:08 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-12-30 15:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-12-30 15:08 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-12-30 15:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2009-12-30 15:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2009-12-30 15:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 08:40 . 2009-12-30 15:33 -------- d--h--w- c:\program files\Temp
2010-05-03 10:08 . 2010-03-09 14:58 -------- d-----w- c:\users\Korisnik\AppData\Roaming\VMware
2010-05-02 19:40 . 2010-01-09 08:52 -------- d-----w- c:\program files\Opera 10.50 pre-alpha
2010-04-30 07:03 . 2010-02-12 09:50 -------- d-----w- c:\program files\ATI
2010-04-30 07:00 . 2009-12-30 22:43 -------- d-----w- c:\program files\ATI Technologies
2010-04-16 08:10 . 2009-12-30 15:59 -------- d-----w- c:\users\Korisnik\AppData\Roaming\My Games
2010-04-14 16:47 . 2009-12-30 15:08 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-13 20:29 . 2010-03-05 09:21 -------- d-----w- c:\programdata\MumboJumbo
2010-04-12 20:46 . 2010-04-12 20:46 -------- d-----w- c:\program files\NRadioBox
2010-04-08 13:15 . 2009-12-30 20:36 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Nero
2010-04-08 12:56 . 2010-04-08 12:55 -------- d-----w- c:\programdata\DVD Shrink
2010-04-08 12:55 . 2010-04-08 12:55 -------- d-----w- c:\program files\DVD Shrink
2010-04-07 13:35 . 2010-04-07 13:35 -------- d-----w- c:\program files\7room
2010-04-07 02:43 . 2010-04-07 02:43 5430272 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16 . 2010-04-07 02:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16 . 2010-02-03 04:23 489472 ----a-w- c:\windows\system32\aticfx32.dll
2010-04-07 02:13 . 2010-04-07 02:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12 . 2010-04-07 02:12 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12 . 2010-04-07 02:12 14321664 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 02:12 . 2010-04-07 02:12 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:10 . 2010-04-07 02:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-04-07 02:10 . 2010-04-07 02:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 02:10 . 2010-04-07 02:10 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 02:10 . 2010-04-07 02:10 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10 . 2010-04-07 02:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 02:06 . 2009-09-23 22:22 3164160 ----a-w- c:\windows\system32\atidxx32.dll
2010-04-07 01:46 . 2010-02-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40 . 2009-09-23 22:06 3707904 ----a-w- c:\windows\system32\atiumdag.dll
2010-04-07 01:40 . 2010-04-07 01:40 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 01:40 . 2010-04-07 01:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 01:38 . 2010-04-07 01:38 4018176 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:23 . 2009-11-25 02:25 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 157184 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22 . 2010-02-03 03:23 28160 ----a-w- c:\windows\system32\atiuxpag.dll
2010-04-07 01:22 . 2010-02-03 03:22 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-04-07 01:22 . 2010-04-07 01:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21 . 2009-09-23 21:48 2983936 ----a-w- c:\windows\system32\atiumdva.dll
2010-04-07 01:08 . 2010-04-07 01:08 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:08 . 2010-04-07 01:08 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:13 . 2010-05-05 08:40 3066912 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-06 15:58 . 2010-05-05 08:40 1759264 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-06 15:58 . 2010-05-05 08:40 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-06 15:58 . 2010-05-05 08:40 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-06 15:58 . 2010-05-05 08:40 2649632 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-06 10:19 . 2010-02-03 16:15 -------- d-----w- c:\program files\Partition Wizard Home Edition 4.1
2010-04-03 16:46 . 2009-12-30 14:55 -------- d-----w- c:\program files\AIMP2
2010-04-02 16:09 . 2010-04-02 16:09 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-30 18:35 . 2010-05-05 08:40 299936 ----a-w- c:\windows\system32\FMAPO.dll
2010-03-29 08:12 . 2010-03-29 08:12 249856 ------w- c:\windows\Setup1.exe
2010-03-29 08:12 . 2010-03-29 08:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-28 17:48 . 2009-12-30 14:51 -------- d-----w- c:\program files\Universal Share Download
2010-03-27 16:52 . 2010-03-16 05:48 -------- d-----w- c:\users\Korisnik\AppData\Roaming\skypePM
2010-03-23 13:16 . 2010-03-23 13:16 -------- d-----w- c:\users\Korisnik\AppData\Roaming\MAXON
2010-03-23 09:21 . 2010-03-23 09:17 -------- d-----w- c:\programdata\TrackMania
2010-03-22 12:22 . 2010-05-05 08:40 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-22 09:25 . 2010-03-22 09:25 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-22 09:25 . 2009-12-30 14:48 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-22 09:25 . 2009-12-30 14:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-20 08:22 . 2009-12-30 14:54 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Thunderbird
2010-03-17 15:06 . 2010-03-17 15:06 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-16 22:15 . 2010-03-16 05:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-16 05:48 . 2010-03-16 05:48 -------- d-----w- c:\program files\Common Files\Skype
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-01-16 07:59 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 15:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2009-03-06 552184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IconSaver"="c:\program files\IconSaver\IconSaver.exe" [2002-02-18 110592]
"PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2009-12-20 445680]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]

c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files\EventGhost\EventGhost.exe [2009-12-30 30208]
Volume OSD.exe [2009-1-17 216652]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-04-06 19:25 102400 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 29192]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-01-06 17488]
R3 GarenaPEngine;GarenaPEngine;c:\users\Korisnik\AppData\Local\Temp\HYC207D.tmp [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2010-01-06 24944]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [2009-08-24 93336]
R3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R3 speccy;speccy;c:\users\Korisnik\AppData\Local\Temp\830202641571742035463306544speccy.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
S1 aswSP;aswSP; [x]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2009-12-14 28184]
S1 HWiNFO32;HWiNFO32 Kernel Driver;d:\programi\Benchmark\HWInfo32\HWiNFO32.SYS [2009-07-16 19064]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 BT848;bt848 tweaked WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2001-04-27 204127]
S2 BTTUNER;bt848 tweaked WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-04-27 9251]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2001-04-27 8193]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2009-10-27 261392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\DRIVERS\LSWLUSB.sys [2002-05-28 54083]

.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43753074-2541558060-2943434843-1000Core.job
- c:\users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 15:51]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43753074-2541558060-2943434843-1000UA.job
- c:\users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Canaveral - c:\windows\system32\sshnas21.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Korisnik\AppData\Local\Temp\HYC207D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-43753074-2541558060-2943434843-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,fd,a3,bc,4e,de,a0,d5,89,03,b8,ee,be,34,5a,67,65,04,5f,5e,2d,68,c8,
18,f2,3a,42,ab,04,02,55,86,40,87,60,0c,24,40,cb,8f,92,c1,97,16,d3,8a,56,e5,\
"??"=hex:b3,24,74,8a,67,e8,cb,e0,96,03,bf,6e,ed,3e,8b,d6

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3916)
c:\program files\EventGhost\plugins\Task\hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume OSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-05-14 09:45:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 07:45

Pre-Run: 7,402,086,400 bytes free
Post-Run: 7,212,355,584 bytes free

- - End Of File - - 1A374EB570BB145D7114CEE51F8D7A9C

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Postavi mi sveze gmer logove.

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Napisano: 14 Maj 2010 11:42

Za par minuta, samo da zavrsi...

Dopuna: 14 Maj 2010 11:49

Evo:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje..? Jel ti Avast funkcionalan... ?

Citat:C:\Windows\system32\srvany.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe


Ovo su legitmni procesi.. Skini ProcessXp pa pogledaj njihov opis. Smile

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Avast je i bio funkcionalan, samo nije nasao nista. Danas nisam primetio neku neobicnu mreznu aktivnost. Videcemo za dan dva...

Hvala na pomoci!

btw, je li combofix nesto obrisao?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jeste, i usput je izvrsio dezinfekciju nekih fajlova... Zato sam ti trazio ponovo gmer. Da vidim dal nisu ponovo inficirani.

Neka ostane CF i ova tema dva tri dana pa javi dal se nesto promenilo.

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Ok je sve za sada...

Hvala jos jednom!

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Drago nas je Mr. Green

Uradi jos ovo :

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Pozzz

Ko je trenutno na forumu
 

Ukupno su 1035 korisnika na forumu :: 32 registrovanih, 12 sakrivenih i 991 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, airsuba, bojank, Chainsaw, Dorcolac, draganca, Fabius, GandorCC, Georgius, Hexe, Krvava Devetka, laurusri, Luka Blažević, marsovac 2, MB120mm, milanovic, milenko crazy north, Milometer, MiroslavD, nemkea71, Panter, Parker, pein, procesor, raptorsi, Shinobi, Smd, Srle993, stegonosa, vladaa012, VP6919, Yugol33