Dosta trojanaca

2

Dosta trojanaca

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Napisano: 15 Okt 2010 16:35

Za sada mi izgleda sve OK!

Dopuna: 15 Okt 2010 17:19

Dok ne dobijem odgovor sta dalje evo sta sad pise
Opet ima Smart engine

DDS (Ver_10-10-10.03) - NTFSx86
Run by Boban at 17:16:59,50 on pet 15.10.2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.551 [GMT 2:00]

AV: Smart Engine *On-access scanning enabled* (Updated) {43E6C7C0-F2DA-4DCD-8168-B704F47AC639}
FW: Smart Engine *enabled* {FBE97B5D-5C3F-4C5A-B804-509D305CD8EA}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\soundman.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\lxblcoms.exe
C:\Windows\Installer\MSI8878.tmp
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Boban\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_homepage&prt=flvtubetb04ie&clid=6d0a6ede5f974fcfab3eb57e06236473
mStart Page = hxxp://www.tuuza.com/
uInternet Settings,ProxyServer = 61.213.158.124:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [USB Antivirus] c:\program files\usb disk security\RunUSBGuard.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [Samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {13216134-FE2B-463E-AAE2-7B8366D322C2} = 194.106.162.10,194.106.162.3
TCP: {E87B3B01-C5BC-4536-9537-998186833CAD} = 212.200.191.166,212.200.190.166
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\boban\appdata\roaming\mozilla\firefox\profiles\kinlniph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-13 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-13 38240]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-1 222568]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSI8878.tmp [2010-2-28 189760]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-1 36640]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-3 27632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-5-2 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-5-2 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-5-2 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-5-2 12288]

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-10-15 10:22:30 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-15 07:34:33 -------- d-----w- c:\program files\ESET
2010-10-14 13:34:21 -------- d-----w- c:\users\boban\appdata\local\temp
2010-10-14 11:55:04 -------- d-----w- c:\program files\Thinking BIG
2010-10-14 09:18:23 -------- d-sh--w- c:\progra~2\SMPVGYFWE
2010-10-14 08:07:53 -------- d-----w- c:\users\boban\appdata\local\Google
2010-10-14 07:48:57 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3ee9c02d-90fa-411e-b06e-8b7a57c627c2}\mpengine.dll
2010-10-14 07:35:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 07:35:09 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 07:35:08 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 07:35:02 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 07:35:00 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 07:34:59 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 07:34:57 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-14 07:34:44 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 07:34:26 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 07:34:26 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 07:34:26 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 07:34:26 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 07:33:30 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 07:33:29 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 08:13:25 -------- d-----w- c:\users\boban\appdata\roaming\Uniblue
2010-10-10 08:13:25 -------- d-----w- c:\program files\Uniblue
2010-10-10 08:13:25 -------- d-----w- c:\progra~2\DriverScanner
2010-10-10 08:10:48 -------- dc-h--w- c:\progra~2\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2010-10-10 08:03:05 -------- d-----w- c:\program files\FLVTube Player
2010-10-07 08:11:14 98304 ----a-r- c:\users\boban\appdata\roaming\microsoft\installer\{3577e42b-3347-4eb8-bfda-d36e8ed3c519}\icons.exe
2010-10-01 07:37:19 -------- d-----w- c:\program files\ADR
2010-09-30 17:06:37 117760 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxblpp5c.dll
2010-09-30 07:12:15 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-09-30 07:12:15 544768 ----a-w- c:\windows\system32\wbocx.ocx
2010-09-30 07:12:15 258352 ----a-w- c:\windows\system32\unicows.dll
2010-09-30 07:12:14 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-09-30 07:12:14 33968 ----a-w- c:\windows\system32\anim.dll
2010-09-30 07:12:14 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-09-30 07:12:14 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-30 07:12:13 -------- d-----w- c:\program files\WinUtilities
2010-09-30 06:45:30 -------- d-----w- c:\program files\common files\UIE
2010-09-27 20:33:44 -------- d-----w- c:\program files\GNU
2010-09-23 17:04:16 231712 ----a-w- c:\windows\FOXDOC.EXE
2010-09-23 11:19:49 -------- d-----w- C:\mag
2010-09-22 16:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-19 11:04:37 -------- d-----w- c:\users\boban\Programs
2010-09-19 10:48:03 -------- d-----w- c:\program files\Smart PC Solutions
2010-09-17 13:44:35 -------- d-----w- c:\program files\Able2Extract Professional 5.0

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 17:17:40,62 ===============

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

jos samo ovo pa smo zavrsili :


Privremeno iskljuci Antivirus!


Uploaduj mi sledece fajlove :

C:\Qoobox\Quarantine\c\users\Public\Documents\Server\admin.txt.vir
C:\Qoobox\Quarantine\c\users\Public\Documents\Server\server.dat.vir
C:\Qoobox\Quarantine\c\windows\System32\wininit.exe.vir


http://www.mycity.rs/ambulanta-upload.php


Zatim uradi sledece :



Otvoriti Notepad i iskopirati sledeci tekst:


SecCenter::
{43E6C7C0-F2DA-4DCD-8168-B704F47AC639}
{FBE97B5D-5C3F-4C5A-B804-509D305CD8EA}


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

ComboFix 10-10-14.01 - Boban 15.10.2010 23:42:39.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.546 [GMT 2:00]
Running from: c:\users\Boban\Desktop\ComboFix.exe
Command switches used :: c:\users\Boban\Desktop\CFScript.txt
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 21:49 . 2010-10-15 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-15 07:34 . 2010-10-15 07:34 -------- d-----w- c:\program files\ESET
2010-10-14 13:34 . 2010-10-15 21:49 -------- d-----w- c:\users\Boban\AppData\Local\temp
2010-10-14 11:55 . 2010-10-14 11:55 -------- d-----w- c:\program files\Thinking BIG
2010-10-14 09:18 . 2010-10-14 09:18 -------- d-sh--w- c:\programdata\SMPVGYFWE
2010-10-14 09:02 . 2010-10-14 09:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-14 08:07 . 2010-10-14 08:07 -------- d-----w- c:\users\Boban\AppData\Local\Google
2010-10-14 07:48 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EE9C02D-90FA-411E-B06E-8B7A57C627C2}\mpengine.dll
2010-10-14 07:35 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 07:35 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 07:35 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 07:35 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 07:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 07:34 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 07:34 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-14 07:34 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 07:34 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 07:34 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 07:34 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 07:34 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 07:33 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 07:33 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\programdata\DriverScanner
2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\users\Boban\AppData\Roaming\Uniblue
2010-10-10 08:13 . 2010-10-10 08:13 -------- d-----w- c:\program files\Uniblue
2010-10-10 08:10 . 2010-10-10 08:13 -------- dc-h--w- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2010-10-10 08:03 . 2010-10-10 08:13 -------- d-----w- c:\program files\FLVTube Player
2010-10-07 08:11 . 2010-10-07 08:11 98304 ----a-r- c:\users\Boban\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2010-10-01 07:37 . 2010-10-01 07:37 -------- d-----w- c:\program files\ADR
2010-09-30 17:06 . 2007-03-23 00:10 117760 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxblpp5c.dll
2010-09-30 07:12 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-09-30 07:12 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2010-09-30 07:12 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll
2010-09-30 07:12 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll
2010-09-30 07:12 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-30 07:12 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-09-30 07:12 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-09-30 07:12 . 2010-09-30 07:18 -------- d-----w- c:\program files\WinUtilities
2010-09-30 06:45 . 2010-10-14 13:33 -------- d-----w- c:\program files\Common Files\UIE
2010-09-30 06:44 . 2010-09-30 07:22 -------- d-----w- c:\programdata\WinZip
2010-09-27 20:33 . 2010-09-27 20:33 -------- d-----w- c:\program files\GNU
2010-09-23 17:04 . 1988-07-25 13:17 231712 ----a-w- c:\windows\FOXDOC.EXE
2010-09-23 11:19 . 2010-10-08 07:29 -------- d-----w- C:\mag
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-19 11:04 . 2010-09-19 14:29 -------- d-----w- c:\users\Boban\Programs
2010-09-19 10:48 . 2010-09-19 10:48 -------- d-----w- c:\program files\Smart PC Solutions
2010-09-17 13:44 . 2010-09-17 13:47 -------- d-----w- c:\program files\Able2Extract Professional 5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"USB Antivirus"="c:\program files\USB Disk Security\RunUSBGuard.exe" [2010-01-10 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-13 38240]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-02-25 222568]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8878.tmp [2010-02-28 189760]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-02-16 36640]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-03-03 27632]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_homepage&prt=flvtubetb04ie&clid=6d0a6ede5f974fcfab3eb57e06236473
mStart Page = hxxp://www.tuuza.com/
uInternet Settings,ProxyServer = 61.213.158.124:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {13216134-FE2B-463E-AAE2-7B8366D322C2} = 194.106.162.10,194.106.162.3
TCP: {E87B3B01-C5BC-4536-9537-998186833CAD} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\users\Boban\AppData\Roaming\Mozilla\Firefox\Profiles\kinlniph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8878.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-194353341-2772204618-2978154948-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)
.
Completion time: 2010-10-15 23:53:47
ComboFix-quarantined-files.txt 2010-10-15 21:53
ComboFix2.txt 2010-10-15 10:23
ComboFix3.txt 2010-10-14 13:40

Pre-Run: 3.199.090.688 bytes free
Post-Run: 3.150.364.672 bytes free

- - End Of File - - A8A4C13BD1F649BA05E896004A2A352F

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok to bi bilo to.. Uradi jos sledece :


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Pozzzz

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

hvala mnogooooooooo...

Ko je trenutno na forumu
 

Ukupno su 539 korisnika na forumu :: 5 registrovanih, 1 sakriven i 533 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Despot1, gorantrojka, Ilija Cvorovic, Marko Marković, Snorks