"Duhovi" u kompjuteru

1

"Duhovi" u kompjuteru

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Radi se o kompjuteru mog sina, koji uglavnom služi za igranje igrica i gledanje crtaća... Unazad dva-tri dana nešto je sporiji startup, povremeno se (i kad nije otvoren ni jedan pretraživač) čuje "šuštanje" i zvuk sličan miješanju frekvencija neke radio-stanice (radio-amateri bi me ovdje odlično razumjeli Smile), a od juče Avast prijavljuje rootkit u System32.



Evo logova:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by pavle at 22:11:17 on 2011-07-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.3007.1755 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Opera\opera.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Little%20Shop%20-%20Memories/Images/stg_drm.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70C73CEB-C206-4A62-8549-ED1CE67548C6} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pavle\appdata\roaming\mozilla\firefox\profiles\522crx94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-24 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-24 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-24 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-1 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-8 369256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-30 267880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-2 38160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-07-01 19:44:02 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-01 18:46:41 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e64b95c7-5d9e-4f2b-badd-c7c7d514b934}\mpengine.dll
2011-06-30 22:36:54 801792 ----a-w- c:\windows\system32\trzE5B3.tmp
2011-06-30 22:36:38 801792 ----a-w- c:\windows\system32\trzA7E8.tmp
2011-06-30 22:36:23 801792 ----a-w- c:\windows\system32\trz6C10.tmp
2011-06-30 22:36:06 801792 ----a-w- c:\windows\system32\trz2BD4.tmp
2011-06-30 22:35:51 801792 ----a-w- c:\windows\system32\trzEFEC.tmp
2011-06-30 22:35:34 801792 ----a-w- c:\windows\system32\trzAFB1.tmp
2011-06-30 22:35:19 801792 ----a-w- c:\windows\system32\trz739A.tmp
2011-06-30 22:35:04 801792 ----a-w- c:\windows\system32\trz3755.tmp
2011-06-30 22:34:48 801792 ----a-w- c:\windows\system32\trzFB5D.tmp
2011-06-30 22:34:33 801792 ----a-w- c:\windows\system32\trzBF66.tmp
2011-06-30 22:34:18 801792 ----a-w- c:\windows\system32\trz836E.tmp
2011-06-30 22:34:02 801792 ----a-w- c:\windows\system32\trz4767.tmp
2011-06-30 22:33:46 801792 ----a-w- c:\windows\system32\trz632.tmp
2011-06-30 22:33:29 801792 ----a-w- c:\windows\system32\trzC5B8.tmp
2011-06-30 22:33:12 801792 ----a-w- c:\windows\system32\trz8454.tmp
2011-06-30 22:32:18 801792 ----a-w- c:\windows\system32\trzB043.tmp
2011-06-30 22:31:56 801792 ----a-w- c:\windows\system32\trz5C58.tmp
2011-06-30 22:30:20 801792 ----a-w- c:\windows\system32\trzE44B.tmp
2011-06-30 20:54:21 -------- d-----w- c:\users\pavle\appdata\local\{C0C03146-69D4-4E32-895C-CDE978E626A9}
2011-06-30 18:26:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 18:26:16 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 18:26:16 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 18:26:15 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 18:26:15 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 18:26:15 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 18:26:15 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 18:26:15 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 18:26:15 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 18:26:15 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-27 17:32:51 -------- d-----w- c:\users\pavle\appdata\local\2K Games
2011-06-27 17:24:22 -------- d-----w- c:\program files\2K Games
2011-06-27 17:06:55 -------- d-----w- c:\program files\UltraISO
2011-06-27 17:06:55 -------- d-----w- c:\program files\common files\EZB Systems
2011-06-24 17:21:27 -------- d-----w- c:\program files\Blast! Entertainment Limited
2011-06-21 14:15:30 -------- d-----w- c:\users\pavle\appdata\local\{03437A56-EF75-4807-8E14-042FE4C44237}
2011-06-19 13:40:32 -------- d-----w- c:\program files\Groove Games
2011-06-16 21:34:14 -------- d-----w- c:\users\pavle\appdata\local\{9679CE27-6238-4F76-8FDC-83FB15DEC64B}
.
==================== Find3M ====================
.
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD2500AAJS-08VWA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86224439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8622a7d0]; MOV EAX, [0x8622a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82A42428] -> \Device\Harddisk0\DR0[0x86204030]
3 CLASSPNP[0x8AC0459E] -> ntkrnlpa!IofCallDriver[0x82A42428] -> [0x85C37918]
5 ACPI[0x8323C3B2] -> ntkrnlpa!IofCallDriver[0x82A42428] -> \IdeDeviceP1T0L0-1[0x85C9B908]
\Driver\atapi[0x862091C0] -> IRP_MJ_CREATE -> 0x86224439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskWDC_WD2500AAJS-08VWA0___________________12.01B02#5&bd98cf6&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 22:11:40,28 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



Tek sad, kad sam odradila ove logove, vidim da mi je "Windows Defender enabled" Bebee Dol
Ako je to problem, odradiću ponovo sa isključenim win. defenderom, a ako nije, još bolje. :-)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pa, zdravo. Razz



Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Ne znam da li je normalno da se komp restartuje 15 i više puta u toku rada Combofix-a, a kraja ni na vidiku. Onaj zeleni indikator dođe uvijek negdje do polovine i onda ide restart.
Je l' treba da forsiram i dalje ili ...?

I, da - zdravo Very Happy.
(Akcija liječenja kompa je shvaćena veoma ozbiljno, pa se i ja, kao prava mama, uozbiljila i zaboravila da pozdravim Razz)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaćemo drugačije.



Arrow Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Shocked Kaspersky, po običaju, k'o zmaj! Za 2 minuta odradio Smile ... evo log:

2011/07/02 14:38:26.0879 4060 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 14:38:27.0113 4060 ================================================================================
2011/07/02 14:38:27.0113 4060 SystemInfo:
2011/07/02 14:38:27.0113 4060
2011/07/02 14:38:27.0113 4060 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/02 14:38:27.0113 4060 Product type: Workstation
2011/07/02 14:38:27.0113 4060 ComputerName: PAVLE-PC
2011/07/02 14:38:27.0113 4060 UserName: pavle
2011/07/02 14:38:27.0113 4060 Windows directory: C:\Windows
2011/07/02 14:38:27.0113 4060 System windows directory: C:\Windows
2011/07/02 14:38:27.0113 4060 Processor architecture: Intel x86
2011/07/02 14:38:27.0113 4060 Number of processors: 2
2011/07/02 14:38:27.0113 4060 Page size: 0x1000
2011/07/02 14:38:27.0113 4060 Boot type: Normal boot
2011/07/02 14:38:27.0113 4060 ================================================================================
2011/07/02 14:38:28.0190 4060 Initialize success
2011/07/02 14:38:30.0421 3940 ================================================================================
2011/07/02 14:38:30.0421 3940 Scan started
2011/07/02 14:38:30.0421 3940 Mode: Manual;
2011/07/02 14:38:30.0421 3940 ================================================================================
2011/07/02 14:38:31.0388 3940 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/02 14:38:31.0435 3940 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/02 14:38:31.0466 3940 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/02 14:38:31.0497 3940 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/02 14:38:31.0528 3940 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/02 14:38:31.0544 3940 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/02 14:38:31.0622 3940 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/02 14:38:31.0637 3940 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/02 14:38:31.0684 3940 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/02 14:38:31.0715 3940 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/02 14:38:31.0731 3940 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/02 14:38:31.0747 3940 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/02 14:38:31.0778 3940 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/02 14:38:31.0793 3940 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/02 14:38:31.0840 3940 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/07/02 14:38:31.0856 3940 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/02 14:38:31.0887 3940 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/07/02 14:38:31.0918 3940 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/02 14:38:31.0949 3940 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/02 14:38:31.0981 3940 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/02 14:38:32.0027 3940 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/02 14:38:32.0090 3940 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/02 14:38:32.0121 3940 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/07/02 14:38:32.0183 3940 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/07/02 14:38:32.0246 3940 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/07/02 14:38:32.0308 3940 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/07/02 14:38:32.0339 3940 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/02 14:38:32.0371 3940 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/02 14:38:32.0433 3940 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/02 14:38:32.0464 3940 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/02 14:38:32.0511 3940 Beep (505506526a9d467307b3c393dedaf858-) C:\Windows\system32\drivers\Beep.sys
2011/07/02 14:38:32.0558 3940 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/02 14:38:32.0605 3940 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/02 14:38:32.0636 3940 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/02 14:38:32.0651 3940 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/02 14:38:32.0683 3940 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/02 14:38:32.0698 3940 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/02 14:38:32.0714 3940 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/02 14:38:32.0729 3940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/02 14:38:32.0761 3940 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/02 14:38:32.0792 3940 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/02 14:38:32.0823 3940 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/02 14:38:32.0870 3940 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/02 14:38:32.0901 3940 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/02 14:38:32.0948 3940 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/02 14:38:32.0963 3940 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/02 14:38:32.0995 3940 CNG (1b675691ed940766149c93e8f4488d68-) C:\Windows\system32\Drivers\cng.sys
2011/07/02 14:38:33.0010 3940 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/02 14:38:33.0041 3940 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/02 14:38:33.0073 3940 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/02 14:38:33.0104 3940 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/07/02 14:38:33.0166 3940 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/02 14:38:33.0197 3940 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/02 14:38:33.0229 3940 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/02 14:38:33.0275 3940 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/02 14:38:33.0338 3940 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/02 14:38:33.0463 3940 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/02 14:38:33.0619 3940 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/02 14:38:33.0634 3940 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/02 14:38:33.0681 3940 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/02 14:38:33.0697 3940 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/02 14:38:33.0728 3940 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/02 14:38:33.0759 3940 FileInfo (6cf00369c97f3cf563be99be983d13d8-) C:\Windows\system32\drivers\fileinfo.sys
2011/07/02 14:38:33.0775 3940 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/02 14:38:33.0790 3940 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/02 14:38:33.0821 3940 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/02 14:38:33.0853 3940 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/02 14:38:33.0915 3940 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/02 14:38:33.0946 3940 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/02 14:38:33.0993 3940 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/02 14:38:34.0024 3940 gagp30kx (65ee0c7a58b65e74ae05637418153938-) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/02 14:38:34.0087 3940 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/02 14:38:34.0227 3940 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/02 14:38:34.0258 3940 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 14:38:34.0289 3940 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/02 14:38:34.0321 3940 HidBth (89448f40e6df260c206a193a4683ba78-) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/02 14:38:34.0336 3940 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/02 14:38:34.0367 3940 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/02 14:38:34.0414 3940 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/02 14:38:34.0445 3940 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/02 14:38:34.0477 3940 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/02 14:38:34.0508 3940 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/02 14:38:34.0555 3940 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/07/02 14:38:34.0633 3940 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/02 14:38:34.0664 3940 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/02 14:38:34.0679 3940 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/02 14:38:34.0711 3940 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/02 14:38:34.0742 3940 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/02 14:38:34.0757 3940 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/02 14:38:34.0789 3940 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/02 14:38:34.0804 3940 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/02 14:38:34.0835 3940 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/02 14:38:34.0913 3940 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/07/02 14:38:34.0991 3940 JRAID (7d5053a827ff5be3a7d0ae5dd5dba308-) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/02 14:38:35.0038 3940 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/02 14:38:35.0069 3940 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/02 14:38:35.0101 3940 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/02 14:38:35.0147 3940 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/02 14:38:35.0194 3940 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/02 14:38:35.0241 3940 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/02 14:38:35.0257 3940 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/02 14:38:35.0272 3940 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/02 14:38:35.0288 3940 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/02 14:38:35.0319 3940 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/02 14:38:35.0397 3940 MBAMSwissArmy (148d5d488ba502381c2b7b615f7f84cf) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/02 14:38:35.0413 3940 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/02 14:38:35.0444 3940 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/02 14:38:35.0491 3940 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/02 14:38:35.0537 3940 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/02 14:38:35.0553 3940 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/02 14:38:35.0600 3940 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/02 14:38:35.0631 3940 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/02 14:38:35.0662 3940 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/02 14:38:35.0678 3940 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/02 14:38:35.0725 3940 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/02 14:38:35.0787 3940 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 14:38:35.0834 3940 mrxsmb10 (c108952d3660375dcb716b222912e868-) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 14:38:35.0881 3940 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 14:38:35.0896 3940 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/02 14:38:35.0927 3940 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/02 14:38:35.0959 3940 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/02 14:38:35.0974 3940 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/02 14:38:35.0990 3940 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/02 14:38:36.0021 3940 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/02 14:38:36.0052 3940 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/02 14:38:36.0068 3940 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/02 14:38:36.0083 3940 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/02 14:38:36.0099 3940 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/02 14:38:36.0115 3940 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/02 14:38:36.0146 3940 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/02 14:38:36.0193 3940 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/02 14:38:36.0208 3940 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/02 14:38:36.0239 3940 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/02 14:38:36.0286 3940 NDIS (23759d175a0a9baaf04d05047bc135a8-) C:\Windows\system32\drivers\ndis.sys
2011/07/02 14:38:36.0317 3940 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/02 14:38:36.0349 3940 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888-) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/02 14:38:36.0380 3940 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/02 14:38:36.0411 3940 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/02 14:38:36.0427 3940 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/02 14:38:36.0458 3940 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/02 14:38:36.0473 3940 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/02 14:38:36.0536 3940 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/02 14:38:36.0551 3940 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/02 14:38:36.0583 3940 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58-) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/02 14:38:36.0645 3940 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/07/02 14:38:36.0692 3940 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/02 14:38:36.0941 3940 nvlddmkm (583e0be0c10d0a74fd0e7e33c75f49bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/02 14:38:37.0160 3940 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/07/02 14:38:37.0175 3940 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/07/02 14:38:37.0222 3940 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/02 14:38:37.0253 3940 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/02 14:38:37.0316 3940 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/02 14:38:37.0347 3940 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/02 14:38:37.0363 3940 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/02 14:38:37.0394 3940 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/02 14:38:37.0409 3940 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/02 14:38:37.0441 3940 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/02 14:38:37.0456 3940 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/02 14:38:37.0503 3940 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/02 14:38:37.0612 3940 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/02 14:38:37.0628 3940 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/02 14:38:37.0675 3940 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/02 14:38:37.0721 3940 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/02 14:38:37.0768 3940 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/02 14:38:37.0799 3940 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/02 14:38:37.0815 3940 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/02 14:38:37.0846 3940 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/02 14:38:37.0877 3940 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 14:38:37.0893 3940 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/02 14:38:37.0924 3940 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/02 14:38:37.0955 3940 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/02 14:38:37.0971 3940 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/02 14:38:38.0002 3940 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 14:38:38.0018 3940 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/02 14:38:38.0049 3940 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/02 14:38:38.0065 3940 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/02 14:38:38.0080 3940 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/02 14:38:38.0111 3940 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/02 14:38:38.0158 3940 rspndr (032b0d36ad92b582d869879f5af5b928-) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/02 14:38:38.0221 3940 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/02 14:38:38.0267 3940 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/07/02 14:38:38.0330 3940 s116nd5 (306f85733671fe507470f0273025e768-) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/07/02 14:38:38.0361 3940 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/07/02 14:38:38.0392 3940 s3cap (5423d8437051e89dd34749f242c98648-) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/02 14:38:38.0439 3940 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/02 14:38:38.0455 3940 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/02 14:38:38.0517 3940 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/02 14:38:38.0548 3940 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/02 14:38:38.0579 3940 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/02 14:38:38.0595 3940 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/02 14:38:38.0626 3940 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/02 14:38:38.0642 3940 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/02 14:38:38.0657 3940 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/02 14:38:38.0689 3940 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/02 14:38:38.0704 3940 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/02 14:38:38.0735 3940 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/02 14:38:38.0751 3940 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/02 14:38:38.0782 3940 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/02 14:38:38.0845 3940 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
2011/07/02 14:38:39.0125 3940 SNP2STD (e7e68ecb968c9812d9faf68517426673) C:\Windows\system32\DRIVERS\snp2sxp.sys
2011/07/02 14:38:39.0422 3940 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/02 14:38:39.0500 3940 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/02 14:38:39.0515 3940 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/02 14:38:39.0562 3940 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/02 14:38:39.0625 3940 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/02 14:38:39.0640 3940 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/02 14:38:39.0671 3940 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/02 14:38:39.0687 3940 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/02 14:38:39.0765 3940 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/02 14:38:39.0843 3940 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/02 14:38:39.0874 3940 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/02 14:38:39.0905 3940 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/02 14:38:39.0921 3940 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/02 14:38:39.0937 3940 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/02 14:38:39.0952 3940 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/02 14:38:39.0999 3940 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 14:38:40.0030 3940 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/02 14:38:40.0046 3940 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/02 14:38:40.0077 3940 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/02 14:38:40.0108 3940 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/02 14:38:40.0139 3940 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/02 14:38:40.0171 3940 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/02 14:38:40.0217 3940 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
2011/07/02 14:38:40.0233 3940 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/02 14:38:40.0280 3940 usbehci (e4c436d914768ce965d5e659ba7eebd8-) C:\Windows\system32\drivers\usbehci.sys
2011/07/02 14:38:40.0311 3940 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/02 14:38:40.0358 3940 usbohci (eb2d819a639015253c871cda09d91d58-) C:\Windows\system32\drivers\usbohci.sys
2011/07/02 14:38:40.0389 3940 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/02 14:38:40.0436 3940 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 14:38:40.0451 3940 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/07/02 14:38:40.0498 3940 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/02 14:38:40.0514 3940 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/02 14:38:40.0529 3940 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/02 14:38:40.0561 3940 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/02 14:38:40.0592 3940 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/02 14:38:40.0607 3940 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/02 14:38:40.0623 3940 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/02 14:38:40.0639 3940 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/02 14:38:40.0654 3940 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/02 14:38:40.0685 3940 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/02 14:38:40.0701 3940 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/02 14:38:40.0732 3940 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/02 14:38:40.0763 3940 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/02 14:38:40.0795 3940 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/02 14:38:40.0826 3940 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/02 14:38:40.0857 3940 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 14:38:40.0857 3940 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 14:38:40.0904 3940 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/02 14:38:40.0935 3940 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/02 14:38:40.0982 3940 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/02 14:38:40.0997 3940 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/02 14:38:41.0107 3940 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/02 14:38:41.0153 3940 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/02 14:38:41.0185 3940 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/02 14:38:41.0216 3940 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/02 14:38:41.0263 3940 MBR (0x1B8-) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/07/02 14:38:41.0263 3940 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/02 14:38:41.0278 3940 Boot (0x1200) (8fd580a6b9bdd009183cd068ed1ed1ae) \Device\Harddisk0\DR0\Partition0
2011/07/02 14:38:41.0294 3940 Boot (0x1200) (96663cf80380db620630b289037fe619) \Device\Harddisk0\DR0\Partition1
2011/07/02 14:38:41.0309 3940 ================================================================================
2011/07/02 14:38:41.0309 3940 Scan finished
2011/07/02 14:38:41.0309 3940 ================================================================================
2011/07/02 14:38:41.0309 3196 Detected object count: 1
2011/07/02 14:38:41.0309 3196 Actual detected object count: 1
2011/07/02 14:38:52.0229 3196 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/02 14:38:52.0229 3196 \Device\Harddisk0\DR0 - ok
2011/07/02 14:38:52.0229 3196 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/02 14:38:59.0390 3668 Deinitialize success

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Restartuj PC, ponovo pokreni TDSSKiller i postavi log skeniranja.


Arrow Probaj sada da pokreneš ComboFix. Ako ne radi, postavi svež DDS.txt log.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Napisano: 02 Jul 2011 16:39

Ponovo skenirano ... "no threats found"..


2011/07/02 16:37:34.0006 3960 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 16:37:34.0240 3960 ================================================================================
2011/07/02 16:37:34.0240 3960 SystemInfo:
2011/07/02 16:37:34.0240 3960
2011/07/02 16:37:34.0240 3960 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/02 16:37:34.0240 3960 Product type: Workstation
2011/07/02 16:37:34.0240 3960 ComputerName: PAVLE-PC
2011/07/02 16:37:34.0240 3960 UserName: pavle
2011/07/02 16:37:34.0240 3960 Windows directory: C:\Windows
2011/07/02 16:37:34.0240 3960 System windows directory: C:\Windows
2011/07/02 16:37:34.0240 3960 Processor architecture: Intel x86
2011/07/02 16:37:34.0240 3960 Number of processors: 2
2011/07/02 16:37:34.0240 3960 Page size: 0x1000
2011/07/02 16:37:34.0240 3960 Boot type: Normal boot
2011/07/02 16:37:34.0240 3960 ================================================================================
2011/07/02 16:37:35.0457 3960 Initialize success
2011/07/02 16:37:36.0830 4020 ================================================================================
2011/07/02 16:37:36.0830 4020 Scan started
2011/07/02 16:37:36.0830 4020 Mode: Manual;
2011/07/02 16:37:36.0830 4020 ================================================================================
2011/07/02 16:37:38.0109 4020 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/02 16:37:38.0156 4020 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/02 16:37:38.0171 4020 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/02 16:37:38.0234 4020 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/02 16:37:38.0265 4020 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/02 16:37:38.0280 4020 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/02 16:37:38.0358 4020 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/02 16:37:38.0374 4020 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/02 16:37:38.0421 4020 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/02 16:37:38.0452 4020 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/02 16:37:38.0468 4020 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/02 16:37:38.0483 4020 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/02 16:37:38.0499 4020 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/02 16:37:38.0530 4020 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/02 16:37:38.0561 4020 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/07/02 16:37:38.0592 4020 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/02 16:37:38.0608 4020 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/07/02 16:37:38.0639 4020 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/02 16:37:38.0686 4020 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/02 16:37:38.0702 4020 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/02 16:37:38.0764 4020 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/02 16:37:38.0826 4020 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/02 16:37:38.0858 4020 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/07/02 16:37:38.0920 4020 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/07/02 16:37:38.0967 4020 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/07/02 16:37:38.0998 4020 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/07/02 16:37:39.0045 4020 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/02 16:37:39.0060 4020 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/02 16:37:39.0107 4020 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/02 16:37:39.0154 4020 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/02 16:37:39.0201 4020 Beep (505506526a9d467307b3c393dedaf858-) C:\Windows\system32\drivers\Beep.sys
2011/07/02 16:37:39.0232 4020 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/02 16:37:39.0263 4020 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/02 16:37:39.0279 4020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/02 16:37:39.0294 4020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/02 16:37:39.0326 4020 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/02 16:37:39.0341 4020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/02 16:37:39.0357 4020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/02 16:37:39.0372 4020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/02 16:37:39.0404 4020 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/02 16:37:39.0435 4020 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/02 16:37:39.0482 4020 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/02 16:37:39.0513 4020 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/02 16:37:39.0544 4020 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/02 16:37:39.0591 4020 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/02 16:37:39.0606 4020 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/02 16:37:39.0638 4020 CNG (1b675691ed940766149c93e8f4488d68-) C:\Windows\system32\Drivers\cng.sys
2011/07/02 16:37:39.0653 4020 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/02 16:37:39.0684 4020 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/02 16:37:39.0716 4020 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/02 16:37:39.0747 4020 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/07/02 16:37:39.0825 4020 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/02 16:37:39.0840 4020 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/02 16:37:39.0887 4020 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/02 16:37:39.0934 4020 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/02 16:37:39.0981 4020 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/02 16:37:40.0074 4020 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/02 16:37:40.0168 4020 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/02 16:37:40.0199 4020 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/02 16:37:40.0230 4020 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/02 16:37:40.0262 4020 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/02 16:37:40.0293 4020 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/02 16:37:40.0324 4020 FileInfo (6cf00369c97f3cf563be99be983d13d8-) C:\Windows\system32\drivers\fileinfo.sys
2011/07/02 16:37:40.0340 4020 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/02 16:37:40.0355 4020 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/02 16:37:40.0386 4020 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/02 16:37:40.0402 4020 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/02 16:37:40.0464 4020 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/02 16:37:40.0496 4020 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/02 16:37:40.0542 4020 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/02 16:37:40.0574 4020 gagp30kx (65ee0c7a58b65e74ae05637418153938-) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/02 16:37:40.0589 4020 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/02 16:37:40.0636 4020 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/02 16:37:40.0667 4020 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 16:37:40.0683 4020 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/02 16:37:40.0698 4020 HidBth (89448f40e6df260c206a193a4683ba78-) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/02 16:37:40.0714 4020 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/02 16:37:40.0745 4020 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/02 16:37:40.0776 4020 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/02 16:37:40.0823 4020 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/02 16:37:40.0839 4020 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/02 16:37:40.0886 4020 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/02 16:37:40.0917 4020 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/07/02 16:37:41.0010 4020 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/02 16:37:41.0026 4020 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/02 16:37:41.0042 4020 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/02 16:37:41.0057 4020 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/02 16:37:41.0088 4020 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/02 16:37:41.0120 4020 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/02 16:37:41.0151 4020 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/02 16:37:41.0166 4020 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/02 16:37:41.0182 4020 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/02 16:37:41.0276 4020 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/07/02 16:37:41.0354 4020 JRAID (7d5053a827ff5be3a7d0ae5dd5dba308-) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/02 16:37:41.0400 4020 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/02 16:37:41.0432 4020 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/02 16:37:41.0447 4020 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/02 16:37:41.0494 4020 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/02 16:37:41.0541 4020 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/02 16:37:41.0572 4020 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/02 16:37:41.0603 4020 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/02 16:37:41.0619 4020 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/02 16:37:41.0634 4020 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/02 16:37:41.0666 4020 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/02 16:37:41.0728 4020 MBAMSwissArmy (148d5d488ba502381c2b7b615f7f84cf) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/02 16:37:41.0759 4020 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/02 16:37:41.0790 4020 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/02 16:37:41.0822 4020 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/02 16:37:41.0868 4020 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/02 16:37:41.0884 4020 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/02 16:37:41.0915 4020 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/02 16:37:41.0962 4020 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/02 16:37:41.0993 4020 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/02 16:37:42.0009 4020 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/02 16:37:42.0024 4020 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/02 16:37:42.0087 4020 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 16:37:42.0102 4020 mrxsmb10 (c108952d3660375dcb716b222912e868-) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 16:37:42.0134 4020 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 16:37:42.0134 4020 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/02 16:37:42.0165 4020 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/02 16:37:42.0196 4020 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/02 16:37:42.0212 4020 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/02 16:37:42.0227 4020 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/02 16:37:42.0274 4020 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/02 16:37:42.0290 4020 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/02 16:37:42.0305 4020 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/02 16:37:42.0336 4020 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/02 16:37:42.0352 4020 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/02 16:37:42.0368 4020 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/02 16:37:42.0399 4020 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/02 16:37:42.0446 4020 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/02 16:37:42.0461 4020 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/02 16:37:42.0492 4020 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/02 16:37:42.0539 4020 NDIS (23759d175a0a9baaf04d05047bc135a8-) C:\Windows\system32\drivers\ndis.sys
2011/07/02 16:37:42.0586 4020 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/02 16:37:42.0617 4020 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888-) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/02 16:37:42.0633 4020 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/02 16:37:42.0648 4020 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/02 16:37:42.0680 4020 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/02 16:37:42.0695 4020 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/02 16:37:42.0726 4020 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/02 16:37:42.0789 4020 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/02 16:37:42.0804 4020 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/02 16:37:42.0836 4020 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58-) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/02 16:37:42.0898 4020 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/07/02 16:37:42.0945 4020 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/02 16:37:43.0179 4020 nvlddmkm (583e0be0c10d0a74fd0e7e33c75f49bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/02 16:37:43.0257 4020 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/07/02 16:37:43.0288 4020 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/07/02 16:37:43.0335 4020 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/02 16:37:43.0350 4020 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/02 16:37:43.0413 4020 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/02 16:37:43.0428 4020 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/02 16:37:43.0460 4020 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/02 16:37:43.0475 4020 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/02 16:37:43.0491 4020 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/02 16:37:43.0506 4020 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/02 16:37:43.0538 4020 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/02 16:37:43.0553 4020 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/02 16:37:43.0647 4020 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/02 16:37:43.0662 4020 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/02 16:37:43.0709 4020 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/02 16:37:43.0756 4020 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/02 16:37:43.0787 4020 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/02 16:37:43.0818 4020 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/02 16:37:43.0834 4020 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/02 16:37:43.0881 4020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/02 16:37:43.0896 4020 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 16:37:43.0928 4020 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/02 16:37:43.0959 4020 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/02 16:37:43.0974 4020 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/02 16:37:44.0006 4020 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/02 16:37:44.0021 4020 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 16:37:44.0037 4020 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/02 16:37:44.0068 4020 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/02 16:37:44.0099 4020 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/02 16:37:44.0099 4020 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/02 16:37:44.0146 4020 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/02 16:37:44.0177 4020 rspndr (032b0d36ad92b582d869879f5af5b928-) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/02 16:37:44.0240 4020 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/02 16:37:44.0286 4020 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/07/02 16:37:44.0333 4020 s116nd5 (306f85733671fe507470f0273025e768-) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/07/02 16:37:44.0364 4020 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/07/02 16:37:44.0380 4020 s3cap (5423d8437051e89dd34749f242c98648-) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/02 16:37:44.0427 4020 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/02 16:37:44.0442 4020 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/02 16:37:44.0505 4020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/02 16:37:44.0552 4020 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/02 16:37:44.0567 4020 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/02 16:37:44.0583 4020 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/02 16:37:44.0630 4020 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/02 16:37:44.0630 4020 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/02 16:37:44.0661 4020 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/02 16:37:44.0676 4020 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/02 16:37:44.0708 4020 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/02 16:37:44.0723 4020 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/02 16:37:44.0754 4020 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/02 16:37:44.0786 4020 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/02 16:37:44.0848 4020 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
2011/07/02 16:37:45.0098 4020 SNP2STD (e7e68ecb968c9812d9faf68517426673) C:\Windows\system32\DRIVERS\snp2sxp.sys
2011/07/02 16:37:45.0316 4020 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/02 16:37:45.0378 4020 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/02 16:37:45.0410 4020 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/02 16:37:45.0456 4020 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/02 16:37:45.0503 4020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/02 16:37:45.0534 4020 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/02 16:37:45.0550 4020 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/02 16:37:45.0566 4020 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/02 16:37:45.0659 4020 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/02 16:37:45.0722 4020 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/02 16:37:45.0753 4020 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/02 16:37:45.0784 4020 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/02 16:37:45.0800 4020 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/02 16:37:45.0815 4020 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/02 16:37:45.0831 4020 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/02 16:37:45.0878 4020 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 16:37:45.0909 4020 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/02 16:37:45.0924 4020 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/02 16:37:45.0956 4020 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/02 16:37:46.0611 4020 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/02 16:37:46.0658 4020 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/02 16:37:46.0673 4020 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/02 16:37:46.0720 4020 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
2011/07/02 16:37:46.0751 4020 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/02 16:37:46.0798 4020 usbehci (e4c436d914768ce965d5e659ba7eebd8-) C:\Windows\system32\drivers\usbehci.sys
2011/07/02 16:37:46.0829 4020 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/02 16:37:46.0876 4020 usbohci (eb2d819a639015253c871cda09d91d58-) C:\Windows\system32\drivers\usbohci.sys
2011/07/02 16:37:46.0907 4020 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/02 16:37:46.0938 4020 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 16:37:46.0954 4020 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/07/02 16:37:47.0001 4020 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/02 16:37:47.0032 4020 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/02 16:37:47.0048 4020 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/02 16:37:47.0063 4020 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/02 16:37:47.0094 4020 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/02 16:37:47.0110 4020 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/02 16:37:47.0141 4020 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/02 16:37:47.0157 4020 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/02 16:37:47.0172 4020 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/02 16:37:47.0188 4020 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/02 16:37:47.0219 4020 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/02 16:37:47.0235 4020 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/02 16:37:47.0282 4020 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/02 16:37:47.0297 4020 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/02 16:37:47.0328 4020 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/02 16:37:47.0360 4020 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 16:37:47.0375 4020 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 16:37:47.0453 4020 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/02 16:37:47.0500 4020 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/02 16:37:47.0547 4020 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/02 16:37:47.0562 4020 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/02 16:37:47.0672 4020 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/02 16:37:47.0718 4020 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/02 16:37:47.0765 4020 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/02 16:37:47.0796 4020 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/02 16:37:47.0828 4020 MBR (0x1B8-) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/02 16:37:47.0843 4020 Boot (0x1200) (8fd580a6b9bdd009183cd068ed1ed1ae) \Device\Harddisk0\DR0\Partition0
2011/07/02 16:37:47.0874 4020 Boot (0x1200) (96663cf80380db620630b289037fe619) \Device\Harddisk0\DR0\Partition1
2011/07/02 16:37:47.0874 4020 ================================================================================
2011/07/02 16:37:47.0874 4020 Scan finished
2011/07/02 16:37:47.0874 4020 ================================================================================
2011/07/02 16:37:47.0890 4012 Detected object count: 0
2011/07/02 16:37:47.0890 4012 Actual detected object count: 0

Dopuna: 02 Jul 2011 16:53

Evo, sad je i ComboFix odradio. Smile



ComboFix 11-07-01.02 - pavle 02.07.2011 16:44:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.3007.2181 [GMT 2:00]
Running from: c:\users\pavle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\q93fi6kf.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-02 14:50 . 2011-07-02 14:50 -------- d-----w- c:\users\pavle\AppData\Local\temp
2011-07-02 14:50 . 2011-07-02 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 19:44 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-01 18:46 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E64B95C7-5D9E-4F2B-BADD-C7C7D514B934}\mpengine.dll
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE5B3.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzA7E8.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz6C10.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz2BD4.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzEFEC.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzAFB1.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz739A.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz3755.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzFB5D.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzBF66.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz836E.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz4767.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz632.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzC5B8.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz8454.tmp
2011-06-30 22:32 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzB043.tmp
2011-06-30 22:31 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz5C58.tmp
2011-06-30 22:30 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE44B.tmp
2011-06-30 20:54 . 2011-06-30 20:54 -------- d-----w- c:\users\pavle\AppData\Local\{C0C03146-69D4-4E32-895C-CDE978E626A9}
2011-06-30 18:26 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 18:26 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 18:26 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 18:26 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 18:26 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 18:26 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 18:26 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 18:26 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 18:26 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 18:26 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-27 17:32 . 2011-06-27 17:32 -------- d-----w- c:\users\pavle\AppData\Local\2K Games
2011-06-27 17:24 . 2011-06-27 17:24 -------- d-----w- c:\program files\2K Games
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\UltraISO
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-06-24 17:21 . 2011-06-24 17:21 -------- d-----w- c:\program files\Blast! Entertainment Limited
2011-06-21 14:15 . 2011-06-21 14:15 -------- d-----w- c:\users\pavle\AppData\Local\{03437A56-EF75-4807-8E14-042FE4C44237}
2011-06-19 13:40 . 2011-06-19 13:40 -------- d-----w- c:\program files\Groove Games
2011-06-16 21:34 . 2011-06-16 21:34 -------- d-----w- c:\users\pavle\AppData\Local\{9679CE27-6238-4F76-8FDC-83FB15DEC64B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-10-24 12:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-10-24 14:40 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-24 14:40 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-10-24 14:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-24 14:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-10-24 14:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-24 14:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-10-24 14:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-22 19:36 . 2011-05-25 10:24 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-11 18:14 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:14 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 11:18 123904 ----a-w- c:\windows\system32\poqexec.exe
2006-10-11 08:04 . 2011-04-10 17:42 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2011-04-10 17:42 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2011-04-10 17:42 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2011-04-10 17:42 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2011-04-10 17:42 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-06-17 195856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-06-17 19096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 267880]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xsneqzjk
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\pavle\AppData\Roaming\Mozilla\Firefox\Profiles\522crx94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-02 16:51:31
ComboFix-quarantined-files.txt 2011-07-02 14:51
.
Pre-Run: 16.408.375.296 bytes free
Post-Run: 16.637.865.984 bytes free
.
- - End Of File - - 70F27A31F1756562E049A0047E877544

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

upload-uj file: C:\QooBox\Quarantine\D\q93fi6kf.exe.vir




Arrow Otvoriti Notepad i iskopirati sledeci tekst:


FileLook::
c:\windows\system32\trzE5B3.tmp

NetSvc::
xsneqzjk


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

File koji si tražio je upload-ovan, a evo i log:



ComboFix 11-07-01.02 - pavle 02.07.2011 17:38:09.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.3007.1867 [GMT 2:00]
Running from: c:\users\pavle\Desktop\ComboFix.exe
Command switches used :: c:\users\pavle\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-02 15:41 . 2011-07-02 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-02 15:06 . 2011-07-02 15:34 -------- d-----w- c:\users\pavle\AppData\Roaming\MCShield
2011-07-02 15:06 . 2011-07-02 15:06 -------- d-----w- c:\program files\MCShield
2011-07-02 14:51 . 2011-07-02 15:41 -------- d-----w- c:\users\pavle\AppData\Local\temp
2011-07-01 19:44 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-01 18:46 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E64B95C7-5D9E-4F2B-BADD-C7C7D514B934}\mpengine.dll
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE5B3.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzA7E8.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz6C10.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz2BD4.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzEFEC.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzAFB1.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz739A.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz3755.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzFB5D.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzBF66.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz836E.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz4767.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz632.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzC5B8.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz8454.tmp
2011-06-30 22:32 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzB043.tmp
2011-06-30 22:31 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz5C58.tmp
2011-06-30 22:30 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE44B.tmp
2011-06-30 20:54 . 2011-06-30 20:54 -------- d-----w- c:\users\pavle\AppData\Local\{C0C03146-69D4-4E32-895C-CDE978E626A9}
2011-06-30 18:26 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 18:26 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 18:26 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 18:26 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 18:26 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 18:26 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 18:26 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 18:26 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 18:26 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 18:26 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-27 17:32 . 2011-06-27 17:32 -------- d-----w- c:\users\pavle\AppData\Local\2K Games
2011-06-27 17:24 . 2011-06-27 17:24 -------- d-----w- c:\program files\2K Games
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\UltraISO
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-06-24 17:21 . 2011-06-24 17:21 -------- d-----w- c:\program files\Blast! Entertainment Limited
2011-06-21 14:15 . 2011-06-21 14:15 -------- d-----w- c:\users\pavle\AppData\Local\{03437A56-EF75-4807-8E14-042FE4C44237}
2011-06-19 13:40 . 2011-06-19 13:40 -------- d-----w- c:\program files\Groove Games
2011-06-16 21:34 . 2011-06-16 21:34 -------- d-----w- c:\users\pavle\AppData\Local\{9679CE27-6238-4F76-8FDC-83FB15DEC64B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-10-24 12:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-10-24 14:40 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-24 14:40 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-10-24 14:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-24 14:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-10-24 14:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-24 14:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-10-24 14:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-22 19:36 . 2011-05-25 10:24 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-11 18:14 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:14 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 11:18 123904 ----a-w- c:\windows\system32\poqexec.exe
2006-10-11 08:04 . 2011-04-10 17:42 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2011-04-10 17:42 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2011-04-10 17:42 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2011-04-10 17:42 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2011-04-10 17:42 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\trzE5B3.tmp ---
Company: Microsoft Corporation
File Description: Microsoft Distributed Transaction Coordinator Helper APIs DLL
File Version: 2001.12.8530.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: XOLEHLP.DLL
File size: 801792
Created time: 2011-06-30 22:36
Modified time: 2009-07-13 23:11
MD5: 884017B16B2C8DED1F1D773AB61EDCD5
SHA1: 7A40D107D98502EA705489804BF6E9B14D4C49A0
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-06-17 195856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-06-17 19096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 267880]
.
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\pavle\AppData\Roaming\Mozilla\Firefox\Profiles\522crx94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-02 17:42:58
ComboFix-quarantined-files.txt 2011-07-02 15:42
ComboFix2.txt 2011-07-02 14:51
.
Pre-Run: 16.690.266.112 bytes free
Post-Run: 16.644.038.656 bytes free
.
- - End Of File - - 7D38A05F6C956CD9C5C5B0FB5B458B5E

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok, ovo izgleda čisto.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Sa C: diska obriši TDSSKiller logove i folder (TDSSKiller_Quarantine) kao i sve ostale korišćene programe.





Citat:povremeno se (i kad nije otvoren ni jedan pretraživač) čuje "šuštanje" i zvuk sličan miješanju frekvencija neke radio-stanice

Otvori temu u Hardware forumu i potraži savete u vezi ovoga.

Ko je trenutno na forumu
 

Ukupno su 593 korisnika na forumu :: 18 registrovanih, 0 sakrivenih i 575 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bato, brundo65, darios, Daxi184, dekir, DH, dragoljub11987, GreenMan, ILGromovnik, kybonacci, nik8282, Oluj2.1, r77adder, Smiljke, Tas011, Vl veliki, zodiac94, Zvrk