"Duhovi" u kompjuteru

1

"Duhovi" u kompjuteru

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Radi se o kompjuteru mog sina, koji uglavnom služi za igranje igrica i gledanje crtaća... Unazad dva-tri dana nešto je sporiji startup, povremeno se (i kad nije otvoren ni jedan pretraživač) čuje "šuštanje" i zvuk sličan miješanju frekvencija neke radio-stanice (radio-amateri bi me ovdje odlično razumjeli Smile), a od juče Avast prijavljuje rootkit u System32.



Evo logova:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by pavle at 22:11:17 on 2011-07-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.3007.1755 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Opera\opera.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Little%20Shop%20-%20Memories/Images/stg_drm.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70C73CEB-C206-4A62-8549-ED1CE67548C6} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pavle\appdata\roaming\mozilla\firefox\profiles\522crx94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-24 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-24 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-24 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-1 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-8 369256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-30 267880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-2 38160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-07-01 19:44:02 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-01 18:46:41 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e64b95c7-5d9e-4f2b-badd-c7c7d514b934}\mpengine.dll
2011-06-30 22:36:54 801792 ----a-w- c:\windows\system32\trzE5B3.tmp
2011-06-30 22:36:38 801792 ----a-w- c:\windows\system32\trzA7E8.tmp
2011-06-30 22:36:23 801792 ----a-w- c:\windows\system32\trz6C10.tmp
2011-06-30 22:36:06 801792 ----a-w- c:\windows\system32\trz2BD4.tmp
2011-06-30 22:35:51 801792 ----a-w- c:\windows\system32\trzEFEC.tmp
2011-06-30 22:35:34 801792 ----a-w- c:\windows\system32\trzAFB1.tmp
2011-06-30 22:35:19 801792 ----a-w- c:\windows\system32\trz739A.tmp
2011-06-30 22:35:04 801792 ----a-w- c:\windows\system32\trz3755.tmp
2011-06-30 22:34:48 801792 ----a-w- c:\windows\system32\trzFB5D.tmp
2011-06-30 22:34:33 801792 ----a-w- c:\windows\system32\trzBF66.tmp
2011-06-30 22:34:18 801792 ----a-w- c:\windows\system32\trz836E.tmp
2011-06-30 22:34:02 801792 ----a-w- c:\windows\system32\trz4767.tmp
2011-06-30 22:33:46 801792 ----a-w- c:\windows\system32\trz632.tmp
2011-06-30 22:33:29 801792 ----a-w- c:\windows\system32\trzC5B8.tmp
2011-06-30 22:33:12 801792 ----a-w- c:\windows\system32\trz8454.tmp
2011-06-30 22:32:18 801792 ----a-w- c:\windows\system32\trzB043.tmp
2011-06-30 22:31:56 801792 ----a-w- c:\windows\system32\trz5C58.tmp
2011-06-30 22:30:20 801792 ----a-w- c:\windows\system32\trzE44B.tmp
2011-06-30 20:54:21 -------- d-----w- c:\users\pavle\appdata\local\{C0C03146-69D4-4E32-895C-CDE978E626A9}
2011-06-30 18:26:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 18:26:16 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 18:26:16 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 18:26:15 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 18:26:15 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 18:26:15 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 18:26:15 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 18:26:15 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 18:26:15 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 18:26:15 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-27 17:32:51 -------- d-----w- c:\users\pavle\appdata\local\2K Games
2011-06-27 17:24:22 -------- d-----w- c:\program files\2K Games
2011-06-27 17:06:55 -------- d-----w- c:\program files\UltraISO
2011-06-27 17:06:55 -------- d-----w- c:\program files\common files\EZB Systems
2011-06-24 17:21:27 -------- d-----w- c:\program files\Blast! Entertainment Limited
2011-06-21 14:15:30 -------- d-----w- c:\users\pavle\appdata\local\{03437A56-EF75-4807-8E14-042FE4C44237}
2011-06-19 13:40:32 -------- d-----w- c:\program files\Groove Games
2011-06-16 21:34:14 -------- d-----w- c:\users\pavle\appdata\local\{9679CE27-6238-4F76-8FDC-83FB15DEC64B}
.
==================== Find3M ====================
.
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD2500AAJS-08VWA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86224439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8622a7d0]; MOV EAX, [0x8622a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82A42428] -> \Device\Harddisk0\DR0[0x86204030]
3 CLASSPNP[0x8AC0459E] -> ntkrnlpa!IofCallDriver[0x82A42428] -> [0x85C37918]
5 ACPI[0x8323C3B2] -> ntkrnlpa!IofCallDriver[0x82A42428] -> \IdeDeviceP1T0L0-1[0x85C9B908]
\Driver\atapi[0x862091C0] -> IRP_MJ_CREATE -> 0x86224439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskWDC_WD2500AAJS-08VWA0___________________12.01B02#5&bd98cf6&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 22:11:40,28 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



Tek sad, kad sam odradila ove logove, vidim da mi je "Windows Defender enabled" Bebee Dol
Ako je to problem, odradiću ponovo sa isključenim win. defenderom, a ako nije, još bolje. :-)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pa, zdravo. Razz



Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Ne znam da li je normalno da se komp restartuje 15 i više puta u toku rada Combofix-a, a kraja ni na vidiku. Onaj zeleni indikator dođe uvijek negdje do polovine i onda ide restart.
Je l' treba da forsiram i dalje ili ...?

I, da - zdravo Very Happy.
(Akcija liječenja kompa je shvaćena veoma ozbiljno, pa se i ja, kao prava mama, uozbiljila i zaboravila da pozdravim Razz)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaćemo drugačije.



Arrow Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Shocked Kaspersky, po običaju, k'o zmaj! Za 2 minuta odradio Smile ... evo log:

2011/07/02 14:38:26.0879 4060 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 14:38:27.0113 4060 ================================================================================
2011/07/02 14:38:27.0113 4060 SystemInfo:
2011/07/02 14:38:27.0113 4060
2011/07/02 14:38:27.0113 4060 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/02 14:38:27.0113 4060 Product type: Workstation
2011/07/02 14:38:27.0113 4060 ComputerName: PAVLE-PC
2011/07/02 14:38:27.0113 4060 UserName: pavle
2011/07/02 14:38:27.0113 4060 Windows directory: C:\Windows
2011/07/02 14:38:27.0113 4060 System windows directory: C:\Windows
2011/07/02 14:38:27.0113 4060 Processor architecture: Intel x86
2011/07/02 14:38:27.0113 4060 Number of processors: 2
2011/07/02 14:38:27.0113 4060 Page size: 0x1000
2011/07/02 14:38:27.0113 4060 Boot type: Normal boot
2011/07/02 14:38:27.0113 4060 ================================================================================
2011/07/02 14:38:28.0190 4060 Initialize success
2011/07/02 14:38:30.0421 3940 ================================================================================
2011/07/02 14:38:30.0421 3940 Scan started
2011/07/02 14:38:30.0421 3940 Mode: Manual;
2011/07/02 14:38:30.0421 3940 ================================================================================
2011/07/02 14:38:31.0388 3940 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/02 14:38:31.0435 3940 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/02 14:38:31.0466 3940 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/02 14:38:31.0497 3940 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/02 14:38:31.0528 3940 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/02 14:38:31.0544 3940 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/02 14:38:31.0622 3940 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/02 14:38:31.0637 3940 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/02 14:38:31.0684 3940 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/02 14:38:31.0715 3940 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/02 14:38:31.0731 3940 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/02 14:38:31.0747 3940 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/02 14:38:31.0778 3940 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/02 14:38:31.0793 3940 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/02 14:38:31.0840 3940 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/07/02 14:38:31.0856 3940 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/02 14:38:31.0887 3940 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/07/02 14:38:31.0918 3940 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/02 14:38:31.0949 3940 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/02 14:38:31.0981 3940 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/02 14:38:32.0027 3940 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/02 14:38:32.0090 3940 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/02 14:38:32.0121 3940 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/07/02 14:38:32.0183 3940 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/07/02 14:38:32.0246 3940 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/07/02 14:38:32.0308 3940 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/07/02 14:38:32.0339 3940 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/02 14:38:32.0371 3940 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/02 14:38:32.0433 3940 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/02 14:38:32.0464 3940 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/02 14:38:32.0511 3940 Beep (505506526a9d467307b3c393dedaf858-) C:\Windows\system32\drivers\Beep.sys
2011/07/02 14:38:32.0558 3940 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/02 14:38:32.0605 3940 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/02 14:38:32.0636 3940 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/02 14:38:32.0651 3940 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/02 14:38:32.0683 3940 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/02 14:38:32.0698 3940 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/02 14:38:32.0714 3940 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/02 14:38:32.0729 3940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/02 14:38:32.0761 3940 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/02 14:38:32.0792 3940 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/02 14:38:32.0823 3940 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/02 14:38:32.0870 3940 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/02 14:38:32.0901 3940 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/02 14:38:32.0948 3940 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/02 14:38:32.0963 3940 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/02 14:38:32.0995 3940 CNG (1b675691ed940766149c93e8f4488d68-) C:\Windows\system32\Drivers\cng.sys
2011/07/02 14:38:33.0010 3940 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/02 14:38:33.0041 3940 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/02 14:38:33.0073 3940 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/02 14:38:33.0104 3940 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/07/02 14:38:33.0166 3940 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/02 14:38:33.0197 3940 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/02 14:38:33.0229 3940 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/02 14:38:33.0275 3940 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/02 14:38:33.0338 3940 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/02 14:38:33.0463 3940 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/02 14:38:33.0619 3940 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/02 14:38:33.0634 3940 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/02 14:38:33.0681 3940 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/02 14:38:33.0697 3940 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/02 14:38:33.0728 3940 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/02 14:38:33.0759 3940 FileInfo (6cf00369c97f3cf563be99be983d13d8-) C:\Windows\system32\drivers\fileinfo.sys
2011/07/02 14:38:33.0775 3940 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/02 14:38:33.0790 3940 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/02 14:38:33.0821 3940 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/02 14:38:33.0853 3940 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/02 14:38:33.0915 3940 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/02 14:38:33.0946 3940 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/02 14:38:33.0993 3940 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/02 14:38:34.0024 3940 gagp30kx (65ee0c7a58b65e74ae05637418153938-) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/02 14:38:34.0087 3940 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/02 14:38:34.0227 3940 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/02 14:38:34.0258 3940 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 14:38:34.0289 3940 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/02 14:38:34.0321 3940 HidBth (89448f40e6df260c206a193a4683ba78-) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/02 14:38:34.0336 3940 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/02 14:38:34.0367 3940 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/02 14:38:34.0414 3940 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/02 14:38:34.0445 3940 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/02 14:38:34.0477 3940 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/02 14:38:34.0508 3940 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/02 14:38:34.0555 3940 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/07/02 14:38:34.0633 3940 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/02 14:38:34.0664 3940 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/02 14:38:34.0679 3940 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/02 14:38:34.0711 3940 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/02 14:38:34.0742 3940 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/02 14:38:34.0757 3940 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/02 14:38:34.0789 3940 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/02 14:38:34.0804 3940 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/02 14:38:34.0835 3940 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/02 14:38:34.0913 3940 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/07/02 14:38:34.0991 3940 JRAID (7d5053a827ff5be3a7d0ae5dd5dba308-) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/02 14:38:35.0038 3940 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/02 14:38:35.0069 3940 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/02 14:38:35.0101 3940 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/02 14:38:35.0147 3940 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/02 14:38:35.0194 3940 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/02 14:38:35.0241 3940 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/02 14:38:35.0257 3940 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/02 14:38:35.0272 3940 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/02 14:38:35.0288 3940 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/02 14:38:35.0319 3940 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/02 14:38:35.0397 3940 MBAMSwissArmy (148d5d488ba502381c2b7b615f7f84cf) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/02 14:38:35.0413 3940 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/02 14:38:35.0444 3940 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/02 14:38:35.0491 3940 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/02 14:38:35.0537 3940 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/02 14:38:35.0553 3940 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/02 14:38:35.0600 3940 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/02 14:38:35.0631 3940 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/02 14:38:35.0662 3940 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/02 14:38:35.0678 3940 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/02 14:38:35.0725 3940 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/02 14:38:35.0787 3940 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 14:38:35.0834 3940 mrxsmb10 (c108952d3660375dcb716b222912e868-) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 14:38:35.0881 3940 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 14:38:35.0896 3940 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/02 14:38:35.0927 3940 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/02 14:38:35.0959 3940 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/02 14:38:35.0974 3940 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/02 14:38:35.0990 3940 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/02 14:38:36.0021 3940 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/02 14:38:36.0052 3940 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/02 14:38:36.0068 3940 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/02 14:38:36.0083 3940 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/02 14:38:36.0099 3940 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/02 14:38:36.0115 3940 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/02 14:38:36.0146 3940 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/02 14:38:36.0193 3940 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/02 14:38:36.0208 3940 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/02 14:38:36.0239 3940 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/02 14:38:36.0286 3940 NDIS (23759d175a0a9baaf04d05047bc135a8-) C:\Windows\system32\drivers\ndis.sys
2011/07/02 14:38:36.0317 3940 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/02 14:38:36.0349 3940 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888-) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/02 14:38:36.0380 3940 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/02 14:38:36.0411 3940 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/02 14:38:36.0427 3940 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/02 14:38:36.0458 3940 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/02 14:38:36.0473 3940 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/02 14:38:36.0536 3940 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/02 14:38:36.0551 3940 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/02 14:38:36.0583 3940 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58-) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/02 14:38:36.0645 3940 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/07/02 14:38:36.0692 3940 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/02 14:38:36.0941 3940 nvlddmkm (583e0be0c10d0a74fd0e7e33c75f49bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/02 14:38:37.0160 3940 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/07/02 14:38:37.0175 3940 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/07/02 14:38:37.0222 3940 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/02 14:38:37.0253 3940 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/02 14:38:37.0316 3940 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/02 14:38:37.0347 3940 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/02 14:38:37.0363 3940 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/02 14:38:37.0394 3940 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/02 14:38:37.0409 3940 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/02 14:38:37.0441 3940 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/02 14:38:37.0456 3940 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/02 14:38:37.0503 3940 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/02 14:38:37.0612 3940 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/02 14:38:37.0628 3940 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/02 14:38:37.0675 3940 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/02 14:38:37.0721 3940 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/02 14:38:37.0768 3940 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/02 14:38:37.0799 3940 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/02 14:38:37.0815 3940 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/02 14:38:37.0846 3940 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/02 14:38:37.0877 3940 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 14:38:37.0893 3940 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/02 14:38:37.0924 3940 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/02 14:38:37.0955 3940 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/02 14:38:37.0971 3940 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/02 14:38:38.0002 3940 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 14:38:38.0018 3940 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/02 14:38:38.0049 3940 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/02 14:38:38.0065 3940 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/02 14:38:38.0080 3940 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/02 14:38:38.0111 3940 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/02 14:38:38.0158 3940 rspndr (032b0d36ad92b582d869879f5af5b928-) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/02 14:38:38.0221 3940 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/02 14:38:38.0267 3940 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/07/02 14:38:38.0330 3940 s116nd5 (306f85733671fe507470f0273025e768-) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/07/02 14:38:38.0361 3940 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/07/02 14:38:38.0392 3940 s3cap (5423d8437051e89dd34749f242c98648-) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/02 14:38:38.0439 3940 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/02 14:38:38.0455 3940 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/02 14:38:38.0517 3940 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/02 14:38:38.0548 3940 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/02 14:38:38.0579 3940 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/02 14:38:38.0595 3940 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/02 14:38:38.0626 3940 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/02 14:38:38.0642 3940 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/02 14:38:38.0657 3940 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/02 14:38:38.0689 3940 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/02 14:38:38.0704 3940 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/02 14:38:38.0735 3940 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/02 14:38:38.0751 3940 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/02 14:38:38.0782 3940 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/02 14:38:38.0845 3940 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
2011/07/02 14:38:39.0125 3940 SNP2STD (e7e68ecb968c9812d9faf68517426673) C:\Windows\system32\DRIVERS\snp2sxp.sys
2011/07/02 14:38:39.0422 3940 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/02 14:38:39.0500 3940 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/02 14:38:39.0515 3940 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/02 14:38:39.0562 3940 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/02 14:38:39.0625 3940 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/02 14:38:39.0640 3940 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/02 14:38:39.0671 3940 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/02 14:38:39.0687 3940 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/02 14:38:39.0765 3940 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/02 14:38:39.0843 3940 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/02 14:38:39.0874 3940 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/02 14:38:39.0905 3940 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/02 14:38:39.0921 3940 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/02 14:38:39.0937 3940 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/02 14:38:39.0952 3940 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/02 14:38:39.0999 3940 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 14:38:40.0030 3940 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/02 14:38:40.0046 3940 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/02 14:38:40.0077 3940 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/02 14:38:40.0108 3940 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/02 14:38:40.0139 3940 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/02 14:38:40.0171 3940 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/02 14:38:40.0217 3940 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
2011/07/02 14:38:40.0233 3940 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/02 14:38:40.0280 3940 usbehci (e4c436d914768ce965d5e659ba7eebd8-) C:\Windows\system32\drivers\usbehci.sys
2011/07/02 14:38:40.0311 3940 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/02 14:38:40.0358 3940 usbohci (eb2d819a639015253c871cda09d91d58-) C:\Windows\system32\drivers\usbohci.sys
2011/07/02 14:38:40.0389 3940 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/02 14:38:40.0436 3940 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 14:38:40.0451 3940 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/07/02 14:38:40.0498 3940 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/02 14:38:40.0514 3940 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/02 14:38:40.0529 3940 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/02 14:38:40.0561 3940 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/02 14:38:40.0592 3940 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/02 14:38:40.0607 3940 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/02 14:38:40.0623 3940 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/02 14:38:40.0639 3940 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/02 14:38:40.0654 3940 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/02 14:38:40.0685 3940 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/02 14:38:40.0701 3940 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/02 14:38:40.0732 3940 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/02 14:38:40.0763 3940 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/02 14:38:40.0795 3940 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/02 14:38:40.0826 3940 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/02 14:38:40.0857 3940 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 14:38:40.0857 3940 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 14:38:40.0904 3940 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/02 14:38:40.0935 3940 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/02 14:38:40.0982 3940 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/02 14:38:40.0997 3940 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/02 14:38:41.0107 3940 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/02 14:38:41.0153 3940 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/02 14:38:41.0185 3940 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/02 14:38:41.0216 3940 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/02 14:38:41.0263 3940 MBR (0x1B8-) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/07/02 14:38:41.0263 3940 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/02 14:38:41.0278 3940 Boot (0x1200) (8fd580a6b9bdd009183cd068ed1ed1ae) \Device\Harddisk0\DR0\Partition0
2011/07/02 14:38:41.0294 3940 Boot (0x1200) (96663cf80380db620630b289037fe619) \Device\Harddisk0\DR0\Partition1
2011/07/02 14:38:41.0309 3940 ================================================================================
2011/07/02 14:38:41.0309 3940 Scan finished
2011/07/02 14:38:41.0309 3940 ================================================================================
2011/07/02 14:38:41.0309 3196 Detected object count: 1
2011/07/02 14:38:41.0309 3196 Actual detected object count: 1
2011/07/02 14:38:52.0229 3196 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/02 14:38:52.0229 3196 \Device\Harddisk0\DR0 - ok
2011/07/02 14:38:52.0229 3196 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/02 14:38:59.0390 3668 Deinitialize success

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Restartuj PC, ponovo pokreni TDSSKiller i postavi log skeniranja.


Arrow Probaj sada da pokreneš ComboFix. Ako ne radi, postavi svež DDS.txt log.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Napisano: 02 Jul 2011 16:39

Ponovo skenirano ... "no threats found"..


2011/07/02 16:37:34.0006 3960 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 16:37:34.0240 3960 ================================================================================
2011/07/02 16:37:34.0240 3960 SystemInfo:
2011/07/02 16:37:34.0240 3960
2011/07/02 16:37:34.0240 3960 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/02 16:37:34.0240 3960 Product type: Workstation
2011/07/02 16:37:34.0240 3960 ComputerName: PAVLE-PC
2011/07/02 16:37:34.0240 3960 UserName: pavle
2011/07/02 16:37:34.0240 3960 Windows directory: C:\Windows
2011/07/02 16:37:34.0240 3960 System windows directory: C:\Windows
2011/07/02 16:37:34.0240 3960 Processor architecture: Intel x86
2011/07/02 16:37:34.0240 3960 Number of processors: 2
2011/07/02 16:37:34.0240 3960 Page size: 0x1000
2011/07/02 16:37:34.0240 3960 Boot type: Normal boot
2011/07/02 16:37:34.0240 3960 ================================================================================
2011/07/02 16:37:35.0457 3960 Initialize success
2011/07/02 16:37:36.0830 4020 ================================================================================
2011/07/02 16:37:36.0830 4020 Scan started
2011/07/02 16:37:36.0830 4020 Mode: Manual;
2011/07/02 16:37:36.0830 4020 ================================================================================
2011/07/02 16:37:38.0109 4020 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/02 16:37:38.0156 4020 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/02 16:37:38.0171 4020 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/02 16:37:38.0234 4020 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/02 16:37:38.0265 4020 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/02 16:37:38.0280 4020 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/02 16:37:38.0358 4020 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/02 16:37:38.0374 4020 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/02 16:37:38.0421 4020 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/02 16:37:38.0452 4020 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/02 16:37:38.0468 4020 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/02 16:37:38.0483 4020 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/02 16:37:38.0499 4020 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/02 16:37:38.0530 4020 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/02 16:37:38.0561 4020 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/07/02 16:37:38.0592 4020 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/02 16:37:38.0608 4020 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/07/02 16:37:38.0639 4020 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/02 16:37:38.0686 4020 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/02 16:37:38.0702 4020 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/02 16:37:38.0764 4020 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/02 16:37:38.0826 4020 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/02 16:37:38.0858 4020 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/07/02 16:37:38.0920 4020 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/07/02 16:37:38.0967 4020 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/07/02 16:37:38.0998 4020 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/07/02 16:37:39.0045 4020 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/02 16:37:39.0060 4020 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/02 16:37:39.0107 4020 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/02 16:37:39.0154 4020 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/02 16:37:39.0201 4020 Beep (505506526a9d467307b3c393dedaf858-) C:\Windows\system32\drivers\Beep.sys
2011/07/02 16:37:39.0232 4020 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/02 16:37:39.0263 4020 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/02 16:37:39.0279 4020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/02 16:37:39.0294 4020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/02 16:37:39.0326 4020 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/02 16:37:39.0341 4020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/02 16:37:39.0357 4020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/02 16:37:39.0372 4020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/02 16:37:39.0404 4020 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/02 16:37:39.0435 4020 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/02 16:37:39.0482 4020 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/02 16:37:39.0513 4020 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/02 16:37:39.0544 4020 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/02 16:37:39.0591 4020 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/02 16:37:39.0606 4020 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/02 16:37:39.0638 4020 CNG (1b675691ed940766149c93e8f4488d68-) C:\Windows\system32\Drivers\cng.sys
2011/07/02 16:37:39.0653 4020 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/02 16:37:39.0684 4020 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/02 16:37:39.0716 4020 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/02 16:37:39.0747 4020 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/07/02 16:37:39.0825 4020 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/02 16:37:39.0840 4020 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/02 16:37:39.0887 4020 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/02 16:37:39.0934 4020 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/02 16:37:39.0981 4020 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/02 16:37:40.0074 4020 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/02 16:37:40.0168 4020 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/02 16:37:40.0199 4020 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/02 16:37:40.0230 4020 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/02 16:37:40.0262 4020 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/02 16:37:40.0293 4020 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/02 16:37:40.0324 4020 FileInfo (6cf00369c97f3cf563be99be983d13d8-) C:\Windows\system32\drivers\fileinfo.sys
2011/07/02 16:37:40.0340 4020 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/02 16:37:40.0355 4020 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/02 16:37:40.0386 4020 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/02 16:37:40.0402 4020 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/02 16:37:40.0464 4020 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/02 16:37:40.0496 4020 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/02 16:37:40.0542 4020 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/02 16:37:40.0574 4020 gagp30kx (65ee0c7a58b65e74ae05637418153938-) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/02 16:37:40.0589 4020 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/02 16:37:40.0636 4020 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/02 16:37:40.0667 4020 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/02 16:37:40.0683 4020 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/02 16:37:40.0698 4020 HidBth (89448f40e6df260c206a193a4683ba78-) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/02 16:37:40.0714 4020 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/02 16:37:40.0745 4020 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/02 16:37:40.0776 4020 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/02 16:37:40.0823 4020 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/02 16:37:40.0839 4020 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/02 16:37:40.0886 4020 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/02 16:37:40.0917 4020 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/07/02 16:37:41.0010 4020 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/02 16:37:41.0026 4020 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/02 16:37:41.0042 4020 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/02 16:37:41.0057 4020 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/02 16:37:41.0088 4020 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/02 16:37:41.0120 4020 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/02 16:37:41.0151 4020 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/02 16:37:41.0166 4020 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/02 16:37:41.0182 4020 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/02 16:37:41.0276 4020 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/07/02 16:37:41.0354 4020 JRAID (7d5053a827ff5be3a7d0ae5dd5dba308-) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/02 16:37:41.0400 4020 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/02 16:37:41.0432 4020 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/02 16:37:41.0447 4020 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/02 16:37:41.0494 4020 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/02 16:37:41.0541 4020 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/02 16:37:41.0572 4020 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/02 16:37:41.0603 4020 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/02 16:37:41.0619 4020 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/02 16:37:41.0634 4020 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/02 16:37:41.0666 4020 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/02 16:37:41.0728 4020 MBAMSwissArmy (148d5d488ba502381c2b7b615f7f84cf) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/02 16:37:41.0759 4020 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/02 16:37:41.0790 4020 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/02 16:37:41.0822 4020 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/02 16:37:41.0868 4020 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/02 16:37:41.0884 4020 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/02 16:37:41.0915 4020 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/02 16:37:41.0962 4020 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/02 16:37:41.0993 4020 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/02 16:37:42.0009 4020 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/02 16:37:42.0024 4020 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/02 16:37:42.0087 4020 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/02 16:37:42.0102 4020 mrxsmb10 (c108952d3660375dcb716b222912e868-) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/02 16:37:42.0134 4020 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/02 16:37:42.0134 4020 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/02 16:37:42.0165 4020 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/02 16:37:42.0196 4020 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/02 16:37:42.0212 4020 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/02 16:37:42.0227 4020 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/02 16:37:42.0274 4020 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/02 16:37:42.0290 4020 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/02 16:37:42.0305 4020 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/02 16:37:42.0336 4020 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/02 16:37:42.0352 4020 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/02 16:37:42.0368 4020 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/02 16:37:42.0399 4020 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/02 16:37:42.0446 4020 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/02 16:37:42.0461 4020 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/02 16:37:42.0492 4020 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/02 16:37:42.0539 4020 NDIS (23759d175a0a9baaf04d05047bc135a8-) C:\Windows\system32\drivers\ndis.sys
2011/07/02 16:37:42.0586 4020 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/02 16:37:42.0617 4020 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888-) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/02 16:37:42.0633 4020 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/02 16:37:42.0648 4020 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/02 16:37:42.0680 4020 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/02 16:37:42.0695 4020 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/02 16:37:42.0726 4020 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/02 16:37:42.0789 4020 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/02 16:37:42.0804 4020 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/02 16:37:42.0836 4020 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58-) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/02 16:37:42.0898 4020 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/07/02 16:37:42.0945 4020 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/02 16:37:43.0179 4020 nvlddmkm (583e0be0c10d0a74fd0e7e33c75f49bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/02 16:37:43.0257 4020 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/07/02 16:37:43.0288 4020 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/07/02 16:37:43.0335 4020 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/02 16:37:43.0350 4020 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/02 16:37:43.0413 4020 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/02 16:37:43.0428 4020 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/02 16:37:43.0460 4020 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/02 16:37:43.0475 4020 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/02 16:37:43.0491 4020 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/02 16:37:43.0506 4020 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/02 16:37:43.0538 4020 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/02 16:37:43.0553 4020 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/02 16:37:43.0647 4020 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/02 16:37:43.0662 4020 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/02 16:37:43.0709 4020 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/02 16:37:43.0756 4020 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/02 16:37:43.0787 4020 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/02 16:37:43.0818 4020 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/02 16:37:43.0834 4020 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/02 16:37:43.0881 4020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/02 16:37:43.0896 4020 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/02 16:37:43.0928 4020 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/02 16:37:43.0959 4020 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/02 16:37:43.0974 4020 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/02 16:37:44.0006 4020 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/02 16:37:44.0021 4020 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/02 16:37:44.0037 4020 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/02 16:37:44.0068 4020 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/02 16:37:44.0099 4020 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/02 16:37:44.0099 4020 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/02 16:37:44.0146 4020 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/02 16:37:44.0177 4020 rspndr (032b0d36ad92b582d869879f5af5b928-) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/02 16:37:44.0240 4020 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/02 16:37:44.0286 4020 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/07/02 16:37:44.0333 4020 s116nd5 (306f85733671fe507470f0273025e768-) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/07/02 16:37:44.0364 4020 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/07/02 16:37:44.0380 4020 s3cap (5423d8437051e89dd34749f242c98648-) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/02 16:37:44.0427 4020 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/02 16:37:44.0442 4020 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/02 16:37:44.0505 4020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/02 16:37:44.0552 4020 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/02 16:37:44.0567 4020 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/02 16:37:44.0583 4020 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/02 16:37:44.0630 4020 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/02 16:37:44.0630 4020 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/02 16:37:44.0661 4020 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/02 16:37:44.0676 4020 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/02 16:37:44.0708 4020 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/02 16:37:44.0723 4020 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/02 16:37:44.0754 4020 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/02 16:37:44.0786 4020 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/02 16:37:44.0848 4020 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
2011/07/02 16:37:45.0098 4020 SNP2STD (e7e68ecb968c9812d9faf68517426673) C:\Windows\system32\DRIVERS\snp2sxp.sys
2011/07/02 16:37:45.0316 4020 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/02 16:37:45.0378 4020 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/02 16:37:45.0410 4020 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/02 16:37:45.0456 4020 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/02 16:37:45.0503 4020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/02 16:37:45.0534 4020 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/02 16:37:45.0550 4020 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/02 16:37:45.0566 4020 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/02 16:37:45.0659 4020 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/02 16:37:45.0722 4020 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/02 16:37:45.0753 4020 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/02 16:37:45.0784 4020 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/02 16:37:45.0800 4020 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/02 16:37:45.0815 4020 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/02 16:37:45.0831 4020 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/02 16:37:45.0878 4020 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/02 16:37:45.0909 4020 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/02 16:37:45.0924 4020 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/02 16:37:45.0956 4020 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/02 16:37:46.0611 4020 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/02 16:37:46.0658 4020 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/02 16:37:46.0673 4020 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/02 16:37:46.0720 4020 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
2011/07/02 16:37:46.0751 4020 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/02 16:37:46.0798 4020 usbehci (e4c436d914768ce965d5e659ba7eebd8-) C:\Windows\system32\drivers\usbehci.sys
2011/07/02 16:37:46.0829 4020 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/02 16:37:46.0876 4020 usbohci (eb2d819a639015253c871cda09d91d58-) C:\Windows\system32\drivers\usbohci.sys
2011/07/02 16:37:46.0907 4020 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/02 16:37:46.0938 4020 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/02 16:37:46.0954 4020 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/07/02 16:37:47.0001 4020 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/02 16:37:47.0032 4020 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/02 16:37:47.0048 4020 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/02 16:37:47.0063 4020 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/02 16:37:47.0094 4020 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/02 16:37:47.0110 4020 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/02 16:37:47.0141 4020 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/02 16:37:47.0157 4020 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/02 16:37:47.0172 4020 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/02 16:37:47.0188 4020 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/02 16:37:47.0219 4020 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/02 16:37:47.0235 4020 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/02 16:37:47.0282 4020 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/02 16:37:47.0297 4020 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/02 16:37:47.0328 4020 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/02 16:37:47.0360 4020 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 16:37:47.0375 4020 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/02 16:37:47.0453 4020 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/02 16:37:47.0500 4020 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/02 16:37:47.0547 4020 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/02 16:37:47.0562 4020 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/02 16:37:47.0672 4020 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/02 16:37:47.0718 4020 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/02 16:37:47.0765 4020 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/02 16:37:47.0796 4020 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/02 16:37:47.0828 4020 MBR (0x1B8-) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/02 16:37:47.0843 4020 Boot (0x1200) (8fd580a6b9bdd009183cd068ed1ed1ae) \Device\Harddisk0\DR0\Partition0
2011/07/02 16:37:47.0874 4020 Boot (0x1200) (96663cf80380db620630b289037fe619) \Device\Harddisk0\DR0\Partition1
2011/07/02 16:37:47.0874 4020 ================================================================================
2011/07/02 16:37:47.0874 4020 Scan finished
2011/07/02 16:37:47.0874 4020 ================================================================================
2011/07/02 16:37:47.0890 4012 Detected object count: 0
2011/07/02 16:37:47.0890 4012 Actual detected object count: 0

Dopuna: 02 Jul 2011 16:53

Evo, sad je i ComboFix odradio. Smile



ComboFix 11-07-01.02 - pavle 02.07.2011 16:44:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.3007.2181 [GMT 2:00]
Running from: c:\users\pavle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\q93fi6kf.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-02 14:50 . 2011-07-02 14:50 -------- d-----w- c:\users\pavle\AppData\Local\temp
2011-07-02 14:50 . 2011-07-02 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 19:44 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-01 18:46 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E64B95C7-5D9E-4F2B-BADD-C7C7D514B934}\mpengine.dll
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE5B3.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzA7E8.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz6C10.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz2BD4.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzEFEC.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzAFB1.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz739A.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz3755.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzFB5D.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzBF66.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz836E.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz4767.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz632.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzC5B8.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz8454.tmp
2011-06-30 22:32 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzB043.tmp
2011-06-30 22:31 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz5C58.tmp
2011-06-30 22:30 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE44B.tmp
2011-06-30 20:54 . 2011-06-30 20:54 -------- d-----w- c:\users\pavle\AppData\Local\{C0C03146-69D4-4E32-895C-CDE978E626A9}
2011-06-30 18:26 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 18:26 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 18:26 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 18:26 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 18:26 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 18:26 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 18:26 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 18:26 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 18:26 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 18:26 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-27 17:32 . 2011-06-27 17:32 -------- d-----w- c:\users\pavle\AppData\Local\2K Games
2011-06-27 17:24 . 2011-06-27 17:24 -------- d-----w- c:\program files\2K Games
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\UltraISO
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-06-24 17:21 . 2011-06-24 17:21 -------- d-----w- c:\program files\Blast! Entertainment Limited
2011-06-21 14:15 . 2011-06-21 14:15 -------- d-----w- c:\users\pavle\AppData\Local\{03437A56-EF75-4807-8E14-042FE4C44237}
2011-06-19 13:40 . 2011-06-19 13:40 -------- d-----w- c:\program files\Groove Games
2011-06-16 21:34 . 2011-06-16 21:34 -------- d-----w- c:\users\pavle\AppData\Local\{9679CE27-6238-4F76-8FDC-83FB15DEC64B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-10-24 12:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-10-24 14:40 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-24 14:40 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-10-24 14:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-24 14:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-10-24 14:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-24 14:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-10-24 14:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-22 19:36 . 2011-05-25 10:24 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-11 18:14 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:14 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 11:18 123904 ----a-w- c:\windows\system32\poqexec.exe
2006-10-11 08:04 . 2011-04-10 17:42 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2011-04-10 17:42 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2011-04-10 17:42 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2011-04-10 17:42 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2011-04-10 17:42 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-06-17 195856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-06-17 19096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 267880]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xsneqzjk
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\pavle\AppData\Roaming\Mozilla\Firefox\Profiles\522crx94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-02 16:51:31
ComboFix-quarantined-files.txt 2011-07-02 14:51
.
Pre-Run: 16.408.375.296 bytes free
Post-Run: 16.637.865.984 bytes free
.
- - End Of File - - 70F27A31F1756562E049A0047E877544

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

upload-uj file: C:\QooBox\Quarantine\D\q93fi6kf.exe.vir




Arrow Otvoriti Notepad i iskopirati sledeci tekst:


FileLook::
c:\windows\system32\trzE5B3.tmp

NetSvc::
xsneqzjk


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

File koji si tražio je upload-ovan, a evo i log:



ComboFix 11-07-01.02 - pavle 02.07.2011 17:38:09.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.3007.1867 [GMT 2:00]
Running from: c:\users\pavle\Desktop\ComboFix.exe
Command switches used :: c:\users\pavle\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-02 15:41 . 2011-07-02 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-02 15:06 . 2011-07-02 15:34 -------- d-----w- c:\users\pavle\AppData\Roaming\MCShield
2011-07-02 15:06 . 2011-07-02 15:06 -------- d-----w- c:\program files\MCShield
2011-07-02 14:51 . 2011-07-02 15:41 -------- d-----w- c:\users\pavle\AppData\Local\temp
2011-07-01 19:44 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-01 18:46 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E64B95C7-5D9E-4F2B-BADD-C7C7D514B934}\mpengine.dll
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE5B3.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzA7E8.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz6C10.tmp
2011-06-30 22:36 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz2BD4.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzEFEC.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzAFB1.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz739A.tmp
2011-06-30 22:35 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz3755.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzFB5D.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzBF66.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz836E.tmp
2011-06-30 22:34 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz4767.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz632.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzC5B8.tmp
2011-06-30 22:33 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz8454.tmp
2011-06-30 22:32 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzB043.tmp
2011-06-30 22:31 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trz5C58.tmp
2011-06-30 22:30 . 2009-07-13 23:11 801792 ----a-w- c:\windows\system32\trzE44B.tmp
2011-06-30 20:54 . 2011-06-30 20:54 -------- d-----w- c:\users\pavle\AppData\Local\{C0C03146-69D4-4E32-895C-CDE978E626A9}
2011-06-30 18:26 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-30 18:26 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-30 18:26 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-30 18:26 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-30 18:26 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 18:26 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-30 18:26 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-30 18:26 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 18:26 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-30 18:26 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-27 17:32 . 2011-06-27 17:32 -------- d-----w- c:\users\pavle\AppData\Local\2K Games
2011-06-27 17:24 . 2011-06-27 17:24 -------- d-----w- c:\program files\2K Games
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\UltraISO
2011-06-27 17:06 . 2011-06-27 17:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-06-24 17:21 . 2011-06-24 17:21 -------- d-----w- c:\program files\Blast! Entertainment Limited
2011-06-21 14:15 . 2011-06-21 14:15 -------- d-----w- c:\users\pavle\AppData\Local\{03437A56-EF75-4807-8E14-042FE4C44237}
2011-06-19 13:40 . 2011-06-19 13:40 -------- d-----w- c:\program files\Groove Games
2011-06-16 21:34 . 2011-06-16 21:34 -------- d-----w- c:\users\pavle\AppData\Local\{9679CE27-6238-4F76-8FDC-83FB15DEC64B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-10-24 12:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-10-24 14:40 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-24 14:40 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-10-24 14:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-24 14:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-10-24 14:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-24 14:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-10-24 14:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-22 19:36 . 2011-05-25 10:24 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-11 18:14 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:14 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 11:18 123904 ----a-w- c:\windows\system32\poqexec.exe
2006-10-11 08:04 . 2011-04-10 17:42 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2011-04-10 17:42 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2011-04-10 17:42 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2011-04-10 17:42 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2011-04-10 17:42 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\trzE5B3.tmp ---
Company: Microsoft Corporation
File Description: Microsoft Distributed Transaction Coordinator Helper APIs DLL
File Version: 2001.12.8530.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: XOLEHLP.DLL
File size: 801792
Created time: 2011-06-30 22:36
Modified time: 2009-07-13 23:11
MD5: 884017B16B2C8DED1F1D773AB61EDCD5
SHA1: 7A40D107D98502EA705489804BF6E9B14D4C49A0
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-06-17 195856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-06-17 19096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 267880]
.
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\pavle\AppData\Roaming\Mozilla\Firefox\Profiles\522crx94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1811456442-464137937-3942348620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-02 17:42:58
ComboFix-quarantined-files.txt 2011-07-02 15:42
ComboFix2.txt 2011-07-02 14:51
.
Pre-Run: 16.690.266.112 bytes free
Post-Run: 16.644.038.656 bytes free
.
- - End Of File - - 7D38A05F6C956CD9C5C5B0FB5B458B5E

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok, ovo izgleda čisto.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Sa C: diska obriši TDSSKiller logove i folder (TDSSKiller_Quarantine) kao i sve ostale korišćene programe.





Citat:povremeno se (i kad nije otvoren ni jedan pretraživač) čuje "šuštanje" i zvuk sličan miješanju frekvencija neke radio-stanice

Otvori temu u Hardware forumu i potraži savete u vezi ovoga.

Ko je trenutno na forumu
 

Ukupno su 664 korisnika na forumu :: 47 registrovanih, 8 sakrivenih i 609 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, anbeast, Battlehammer, bobomicek, Boris90, Brana01, Bubimir, ccoogg123, cemix, dankisha, Darko_X, darkojbn, dozorni, dragon986, DragoslavS, FOX, Goran 0000, HrcAk47, hyla, JOntra, Karla, kikisp, Kubovac, Leonov, ljuba, mercedesamg, mikrimaus, mile23, Milometer, mnn2, mrvica78, Nemanja1971, Parker, raptorsi, rodoljub, ruma, Shinobi, simazr, Steeeefan, stegonosa, vathra, vladulns, voja64, Wrangler, šumar bk2, Čivi, 125