Gadan Malware

1

Gadan Malware

offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12345

Brat je pokupio neki gadan malware.
Malware piše poruke preko FB-a i MSN-a drugim ljudima, onemogućio mu je pristup e-mailu te nismo mogli ni nalog ovde da kreiramo takođe sve linkove redirektuje na drugi sajt tako da nismo ni programe mogli da skinemo za skeniranje. Srećom imam fleš te sam skinuo kod mene fajlove i skenirao komp kod njega, koristio sam mcshield da se ne bih zarazio.

Primer ovog četa, čet log : https://www.mycity.rs/must-login.png
Skinuo sam link iz dokumenta u slučaju da neko od korisnika otvori taj txt.

Pitao sam ga da li je možda kliknuo na YT link koji je tražio da instalira flash player, kaže da nije.
Isključio sam ethernet kabl da se zaraza ne bi širila dalje jer su nam umreženi računari.
Ko zna šta je pokupio Bebee Dol

4mb/s kablovski
AVG 2012 Free
Online Armor
MCShield

Evo logova :

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Niki at 0:52:18 on 2012-01-07
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1428 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\713xRMT.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Online Armor\OAhlp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\TV Expert\ADTVScheduleAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Niki\AppData\Roaming\MegaCloud\MegaCloud.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.speedbit.com/?aff=105
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMT.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\niki\appdata\roaming\micros~1\windows\startm~1\programs\startup\megacl~1.lnk - c:\users\niki\appdata\roaming\megacloud\MegaCloud.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tvexpe~1.lnk - d:\program files\tv expert\ADTVScheduleAgent.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 178.79.22.6 178.79.0.3
TCP: Interfaces\{02B74EA4-0375-48EF-89B9-EFDB062C1425} : DhcpNameServer = 178.79.22.6 178.79.0.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~1\oaevent.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\niki\appdata\roaming\mozilla\firefox\profiles\o1xdr72p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\niki\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-14 239168]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-14 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-14 40296]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-14 25192]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-14 2253120]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-11-14 207936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-11-14 4363040]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-19 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-11-14 139880]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2011-11-14 29312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
.
=============== Created Last 30 ================
.
2012-01-05 11:00:45 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-01-05 11:00:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-01-05 11:00:44 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-01-05 11:00:44 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-01-04 23:35:50 -------- d-----w- c:\program files\Conduit
2012-01-04 23:35:42 -------- d-----w- c:\users\niki\appdata\local\Conduit
2012-01-04 23:35:40 -------- d-----w- c:\program files\uTorrentBar
2012-01-04 23:34:18 -------- d-----w- c:\users\niki\appdata\roaming\uTorrent
2012-01-03 18:12:11 -------- d-----w- c:\windows\Farm Frenzy 3
2012-01-03 18:11:24 -------- d-----w- c:\windows\Farm Frenzy Pizza Party
2012-01-03 18:11:22 -------- d-----w- c:\programdata\AlawarWrapper
2012-01-03 18:10:36 -------- d-----w- c:\program files\Alawar
2012-01-03 18:08:51 -------- d-----w- c:\windows\Farm Frenzy 2
2012-01-03 15:28:27 -------- d-----w- c:\users\niki\appdata\local\playlogic
2012-01-03 13:04:05 637952 ----a-w- c:\windows\is-5UAA5.exe
2012-01-03 13:03:54 94480 ----a-w- c:\windows\system32\msjro.dll
2012-01-03 13:03:51 -------- d-----w- c:\program files\Artwork Develop
2012-01-03 12:56:24 -------- d-----w- c:\programdata\SpeedBit
2012-01-03 12:56:18 -------- d-----w- c:\program files\common files\SpeedBit
2012-01-03 12:56:16 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2012-01-03 12:56:16 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2012-01-03 12:56:12 -------- d-----w- c:\program files\DAP
2012-01-03 12:55:52 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-01-03 09:24:20 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2012-01-02 22:37:27 -------- d-----r- c:\users\niki\MegaCloud
2012-01-02 22:36:02 -------- d-----w- c:\users\niki\appdata\roaming\MegaCloud
2012-01-02 22:35:29 -------- d-----w- c:\programdata\Web Installer
2012-01-02 09:19:46 -------- d-----w- c:\users\niki\appdata\local\LogMeIn Hamachi
2012-01-02 09:18:24 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-29 11:11:27 -------- d-----w- c:\program files\SystemRequirementsLab
2011-12-21 05:40:15 -------- d-----w- c:\users\niki\appdata\local\Oleg_Zhuk
2011-12-20 16:56:03 -------- d-----w- c:\users\niki\riotsGamesLogs
2011-12-20 16:49:54 -------- d-----w- c:\users\niki\appdata\roaming\LolClient
2011-12-19 13:25:16 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-19 00:45:17 -------- d-----w- c:\programdata\PopCap Games
2011-12-16 18:02:59 -------- d-----w- c:\users\niki\appdata\local\Mozilla
2011-12-15 16:14:20 -------- d-----w- c:\users\niki\appdata\roaming\OpenCandy
2011-12-15 16:12:50 -------- d-----w- c:\users\niki\appdata\roaming\GetRightToGo
2011-12-14 20:19:31 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-14 20:18:29 -------- d-----w- c:\users\niki\appdata\roaming\DAEMON Tools Lite
2011-12-11 22:55:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-11 10:14:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 01:48:33 -------- d-----w- c:\program files\facemoods.com
2011-12-10 01:01:12 -------- d-----w- c:\users\niki\appdata\roaming\FOG Downloader
2011-12-10 01:00:20 -------- d-----w- c:\users\niki\rune of magick
2011-12-08 14:26:19 -------- d-----w- c:\program files\common files\Blizzard Entertainment
.
==================== Find3M ====================
.
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 22:48:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-01 19:34:28 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-11-01 19:34:10 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-11-01 19:34:08 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-11-01 19:34:08 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-22 11:21:38 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-15 08:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-15 05:48:52 534528 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 0:53:39.84 ===============

https://www.mycity.rs/must-login.png

Attach
https://www.mycity.rs/must-login.png


Gmer :

1 scan
https://www.mycity.rs/must-login.png

2 Non MS
https://www.mycity.rs/must-login.png

3 Autorun
https://www.mycity.rs/must-login.png

Ja sam mu izvadio ethernet kabl i promeniću mu lozinke preko mog računara.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.
Klikni na Scan.
Kada zavrsi skeniranje, klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12345

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 04:39:39
-----------------------------
04:39:39.160 OS Version: Windows 6.1.7600
04:39:39.160 Number of processors: 3 586 0x502
04:39:39.162 ComputerName: NIKI-PC UserName: Niki
04:39:40.801 Initialize success
04:39:45.955 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
04:39:45.957 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
04:39:46.049 Disk 0 MBR read successfully
04:39:46.051 Disk 0 MBR scan
04:39:46.053 Disk 0 Windows 7 default MBR code
04:39:46.101 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:39:46.149 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100839 MB offset 206848
04:39:46.215 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 375999 MB offset 206725120
04:39:46.288 Disk 0 scanning sectors +976771072
04:39:46.650 Disk 0 scanning C:\Windows\system32\drivers
04:40:59.359 Service scanning
04:41:00.633 Modules scanning
04:42:33.911 Disk 0 trace - called modules:
04:42:33.966 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
04:42:33.972 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867b2460]
04:42:33.977 3 CLASSPNP.SYS[8b3df59e] -> nt!IofCallDriver -> [0x86487e40]
04:42:33.982 5 ACPI.sys[8399b3b2] -> nt!IofCallDriver -> \Device\00000066[0x86487450]
04:42:33.987 Scan finished successfully
04:42:43.600 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
04:42:43.612 The log file has been saved successfully to "G:\aswMBR.txt"

Btw, zamenio sam lozinke e-mail naloga i fb-a preko mog računara međutim dotična osoba je i dalje online na MSN-u iako sam se odjavio sa msn-a preko hotmail-a što je jako čudno jer to znači da je morao ponovo da se konektuje sa novom lozinkom na msn a kako je došao do nove lozinke ne znam...
I izvinjavam se za dds log Smile hvala.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Srki moraces da deinstaliras AVG privremeno, jer ta verzija ne moze da se iskljuci vise od 15min. pa da nam ne pravi problem, kasnije kad zavrsimo instaliraces ga ponovo.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12345

ComboFix 12-01-06.03 - Niki 01/07/2012 6:06.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2212 [GMT -8:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\users\Niki\AppData\Roaming\Roaming
c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P.rar
c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\INSTALL.txt
c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\minecraft.jar
c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft_Beta_(zabranjeno)ed_v1.7.3.exe
c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Uploader [legjobbzene.blogspot.hu ].rar
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 14:25 . 2012-01-07 14:25 -------- d-----w- c:\users\Niki\AppData\Local\temp
2012-01-07 14:25 . 2012-01-07 14:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-07 14:25 . 2012-01-07 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 14:03 . 2012-01-07 14:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\offreg.dll
2012-01-05 11:00 . 2001-09-05 12:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-05 11:00 . 2001-09-05 12:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-01-05 11:00 . 2001-09-05 12:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-01-05 11:00 . 2001-09-05 12:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\Conduit
2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\users\Niki\AppData\Local\Conduit
2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\uTorrentBar
2012-01-04 23:34 . 2012-01-06 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\uTorrent
2012-01-03 18:12 . 2012-01-03 18:12 -------- d-----w- c:\windows\Farm Frenzy 3
2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\windows\Farm Frenzy Pizza Party
2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\programdata\AlawarWrapper
2012-01-03 18:10 . 2012-01-03 18:11 -------- d-----w- c:\program files\Alawar
2012-01-03 18:08 . 2012-01-03 18:08 -------- d-----w- c:\windows\Farm Frenzy 2
2012-01-03 15:28 . 2012-01-03 15:28 -------- d-----w- c:\users\Niki\AppData\Local\playlogic
2012-01-03 13:04 . 2012-01-03 13:04 637952 ----a-w- c:\windows\is-5UAA5.exe
2012-01-03 13:03 . 2002-04-15 21:20 94480 ----a-w- c:\windows\system32\msjro.dll
2012-01-03 13:03 . 2012-01-03 13:03 -------- d-----w- c:\program files\Artwork Develop
2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\programdata\SpeedBit
2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\program files\Common Files\SpeedBit
2012-01-03 12:56 . 2012-01-03 12:55 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2012-01-03 12:56 . 2012-01-03 12:55 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2012-01-03 12:56 . 2012-01-03 13:05 -------- d-----w- c:\program files\DAP
2012-01-03 12:55 . 2012-01-03 12:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-01-03 09:24 . 2012-01-03 09:22 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2012-01-02 22:37 . 2012-01-07 14:01 -------- d-----r- c:\users\Niki\MegaCloud
2012-01-02 22:36 . 2012-01-07 14:01 -------- d-----w- c:\users\Niki\AppData\Roaming\MegaCloud
2012-01-02 22:35 . 2012-01-02 22:35 -------- d-----w- c:\programdata\Web Installer
2012-01-02 09:19 . 2012-01-07 14:01 -------- d-----w- c:\users\Niki\AppData\Local\LogMeIn Hamachi
2012-01-02 09:18 . 2012-01-02 09:18 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\program files\SystemRequirementsLab
2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\users\Niki\AppData\Roaming\SystemRequirementsLab
2011-12-27 11:01 . 2011-12-27 11:01 -------- d-----w- c:\program files\Microsoft.NET
2011-12-21 05:40 . 2011-12-21 05:40 -------- d-----w- c:\users\Niki\AppData\Local\Oleg_Zhuk
2011-12-20 16:56 . 2011-12-20 16:56 -------- d-----w- c:\users\Niki\riotsGamesLogs
2011-12-20 16:49 . 2011-12-20 16:49 -------- d-----w- c:\users\Niki\AppData\Roaming\LolClient
2011-12-19 00:45 . 2011-12-19 00:45 -------- d-----w- c:\programdata\PopCap Games
2011-12-16 18:02 . 2011-12-16 18:02 -------- d-----w- c:\users\Niki\AppData\Local\Mozilla
2011-12-15 16:14 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\OpenCandy
2011-12-15 16:12 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\GetRightToGo
2011-12-14 20:19 . 2011-12-14 20:19 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-14 20:18 . 2011-12-14 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\DAEMON Tools Lite
2011-12-11 22:55 . 2011-12-14 20:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-11 10:14 . 2012-01-02 22:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:56 . 2011-12-10 21:56 -------- d-----w- c:\program files\Opera
2011-12-10 01:48 . 2011-12-10 01:48 1161 ----a-w- C:\prefs.js
2011-12-10 01:01 . 2011-12-10 01:12 -------- d-----w- c:\users\Niki\AppData\Roaming\FOG Downloader
2011-12-10 01:00 . 2011-12-10 01:00 -------- d-----w- c:\users\Niki\rune of magick
2011-12-08 14:26 . 2011-12-08 14:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 16:32 . 2011-11-25 16:32 49152 ----a-r- c:\users\Niki\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2011-11-19 22:48 . 2011-11-19 22:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-01 19:34 . 2011-11-14 13:28 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-11-01 19:34 . 2011-11-14 13:28 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-11-01 19:34 . 2011-11-14 13:28 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-11-01 19:34 . 2011-11-14 13:28 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-18 09:28 . 2011-11-14 08:56 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\mpengine.dll
2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-15 08:53 . 2011-11-14 14:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-11-14 14:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2011-11-14 14:37 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-11-14 14:37 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-11-14 14:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-11-14 14:37 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-15 08:53 . 2011-11-14 14:37 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-11-14 14:37 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-11-14 14:37 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-14 14:37 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-14 14:37 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-14 14:37 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2011-11-14 14:37 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-14 14:37 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-14 14:37 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-10-15 08:53 . 2011-11-14 14:37 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-14 14:37 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2011-11-14 14:37 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-01-03 12:55 . 2012-01-03 12:58 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2011-12-19 01:29 . 2011-12-16 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-11-01 2531104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2008-05-26 520192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208]
.
c:\users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MegaCloud.lnk - c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloud.exe [2012-1-2 9825424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TV Expert Schedule Agent.lnk - d:\program files\TV Expert\ADTVScheduleAgent.exe [2011-12-2 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-11-01 358840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-14 239168]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-01 205864]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-01 40296]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-01 25192]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 1361288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-11-01 207936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-11-01 4363040]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-11-01 29312]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000Core.job
- c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000UA.job
- c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.speedbit.com/?aff=105
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: DhcpNameServer = 178.79.22.6 178.79.0.3
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\o1xdr72p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-Bus-Tram-Cable Car Simulator_is1 - d:\program files\Bus-Tram-Cable Car Simulator\unins000.exe
AddRemove-Euro Truck Simulator - d:\program files\Euro Truck Simulator\uninst.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Farm Frenzy 3 Russian Roulette 1.0 - d:\program files\Alawar Entertainment\Farm Frenzy 3 Russian Roulette\Uninstall.exe
AddRemove-Race Injection_is1 - d:\program files\SimBin\Race Injection\unins000.exe
AddRemove-Tanker Truck Simulator 2011_is1 - d:\program files\Tanker Truck Simulator 2011\unins000.exe
AddRemove-Verkehrsplaner - Die Simulation - d:\program files\Verkehrsplaner - Die Simulation\uninstall.exe
AddRemove-{A8DE8C34-7F51-4cc8-B326-C425793EE741} - d:\program files\Starbreeze Studios\Riddick EFBB\Uninstall.exe
AddRemove-{AEF59382-3FF1-4EBF-A93E-CCC474DCEA3F}_is1 - d:\program files\Bau-Simulator 2012\unins000.exe
AddRemove-Traktor Simulator Srbija - d:\program files\Traktor Simulator Srbija\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-351254513-1549663279-2964313904-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,74,3c,1c,d6,af,28,bd,ee,bb,fd,dc,c4,ab,78,02,fb,57,f5,a4,50,98,84,
1c,18,c5,a9,f3,71,ab,2e,0e,1f,3d,66,0f,41,5b,8f,44,1b,17,51,db,30,13,4c,b0,\
"??"=hex:4f,52,22,1b,28,88,7f,45,21,75,6b,a6,d3,23,5a,2e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-07 06:29:04
ComboFix-quarantined-files.txt 2012-01-07 14:29
.
Pre-Run: 26,235,830,272 bytes free
Post-Run: 33,108,078,592 bytes free
.
- - End Of File - - 63F2632432369118F70E2B4C1A459E36

https://www.mycity.rs/must-login.png

Nisam uspeo da obrišem AVG do kraja, ostala je glavna aplikacija iz nekog razloga međutim moduli za zaštitu su obrisani prilikom deinstalacije tako da nije imao šta da pokrene za zaštitu.
Online Armor sam deaktivirao tokom skeniranja i sve je prošlo ok.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Raruj mi ovaj fajl

c:\windows\is-5UAA5.exe

Posalji ga na proveru preko ovog linka i obavesti me kad posaljes
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12345

Okačio. Ujedno dodao i list fajl koji ima isto ime.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pre nego bilo sta uradis preuzmi ovaj alat i sa njim deinstaliraj AVG
http://www.avg.com/ww-en/utilities

Posle mozes da instaliras koji god hoces AV.



Otvoriti Notepad i iskopirati sledeci tekst:

DDS::
uStart Page = hxxp://home.speedbit.com/?aff=105

Firefox::
FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\o1xdr72p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

RegNull::
[HKEY_USERS\S-1-5-21-351254513-1549663279-2964313904-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,74,3c,1c,d6,af,28,bd,ee,bb,fd,dc,c4,ab,78,02,fb,57,f5,a4,50,98,84,
1c,18,c5,a9,f3,71,ab,2e,0e,1f,3d,66,0f,41,5b,8f,44,1b,17,51,db,30,13,4c,b0,\
"??"=hex:4f,52,22,1b,28,88,7f,45,21,75,6b,a6,d3,23,5a,2e


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12345

https://www.mycity.rs/must-login.png
ComboFix 12-01-06.03 - Niki 01/07/2012 12:37:41.2.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2262 [GMT -8:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 20:44 . 2012-01-07 20:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-07 20:44 . 2012-01-07 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 20:37 . 2012-01-07 20:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\offreg.dll
2012-01-07 14:29 . 2012-01-07 20:44 -------- d-----w- c:\users\Niki\AppData\Local\temp
2012-01-05 11:00 . 2001-09-05 12:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-05 11:00 . 2001-09-05 12:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-01-05 11:00 . 2001-09-05 12:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-01-05 11:00 . 2001-09-05 12:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\Conduit
2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\users\Niki\AppData\Local\Conduit
2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\uTorrentBar
2012-01-04 23:34 . 2012-01-06 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\uTorrent
2012-01-03 18:12 . 2012-01-03 18:12 -------- d-----w- c:\windows\Farm Frenzy 3
2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\windows\Farm Frenzy Pizza Party
2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\programdata\AlawarWrapper
2012-01-03 18:10 . 2012-01-03 18:11 -------- d-----w- c:\program files\Alawar
2012-01-03 18:08 . 2012-01-03 18:08 -------- d-----w- c:\windows\Farm Frenzy 2
2012-01-03 15:28 . 2012-01-03 15:28 -------- d-----w- c:\users\Niki\AppData\Local\playlogic
2012-01-03 13:04 . 2012-01-03 13:04 637952 ----a-w- c:\windows\is-5UAA5.exe
2012-01-03 13:03 . 2002-04-15 21:20 94480 ----a-w- c:\windows\system32\msjro.dll
2012-01-03 13:03 . 2012-01-03 13:03 -------- d-----w- c:\program files\Artwork Develop
2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\programdata\SpeedBit
2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\program files\Common Files\SpeedBit
2012-01-03 12:56 . 2012-01-03 12:55 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2012-01-03 12:56 . 2012-01-03 12:55 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2012-01-03 12:56 . 2012-01-03 13:05 -------- d-----w- c:\program files\DAP
2012-01-03 12:55 . 2012-01-03 12:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-01-03 09:24 . 2012-01-03 09:22 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2012-01-02 22:37 . 2012-01-07 20:35 -------- d-----r- c:\users\Niki\MegaCloud
2012-01-02 22:36 . 2012-01-07 20:35 -------- d-----w- c:\users\Niki\AppData\Roaming\MegaCloud
2012-01-02 22:35 . 2012-01-02 22:35 -------- d-----w- c:\programdata\Web Installer
2012-01-02 09:19 . 2012-01-07 20:45 -------- d-----w- c:\users\Niki\AppData\Local\LogMeIn Hamachi
2012-01-02 09:18 . 2012-01-02 09:18 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\program files\SystemRequirementsLab
2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\users\Niki\AppData\Roaming\SystemRequirementsLab
2011-12-27 11:01 . 2011-12-27 11:01 -------- d-----w- c:\program files\Microsoft.NET
2011-12-21 05:40 . 2011-12-21 05:40 -------- d-----w- c:\users\Niki\AppData\Local\Oleg_Zhuk
2011-12-20 16:56 . 2011-12-20 16:56 -------- d-----w- c:\users\Niki\riotsGamesLogs
2011-12-20 16:49 . 2011-12-20 16:49 -------- d-----w- c:\users\Niki\AppData\Roaming\LolClient
2011-12-19 00:45 . 2011-12-19 00:45 -------- d-----w- c:\programdata\PopCap Games
2011-12-16 18:02 . 2011-12-16 18:02 -------- d-----w- c:\users\Niki\AppData\Local\Mozilla
2011-12-15 16:14 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\OpenCandy
2011-12-15 16:12 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\GetRightToGo
2011-12-14 20:19 . 2011-12-14 20:19 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-14 20:18 . 2011-12-14 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\DAEMON Tools Lite
2011-12-11 22:55 . 2011-12-14 20:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-11 10:14 . 2012-01-02 22:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:56 . 2011-12-10 21:56 -------- d-----w- c:\program files\Opera
2011-12-10 01:48 . 2011-12-10 01:48 1161 ----a-w- C:\prefs.js
2011-12-10 01:01 . 2011-12-10 01:12 -------- d-----w- c:\users\Niki\AppData\Roaming\FOG Downloader
2011-12-10 01:00 . 2011-12-10 01:00 -------- d-----w- c:\users\Niki\rune of magick
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 16:32 . 2011-11-25 16:32 49152 ----a-r- c:\users\Niki\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2011-11-19 22:48 . 2011-11-19 22:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-01 19:34 . 2011-11-14 13:28 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-11-01 19:34 . 2011-11-14 13:28 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-11-01 19:34 . 2011-11-14 13:28 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-11-01 19:34 . 2011-11-14 13:28 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-18 09:28 . 2011-11-14 08:56 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\mpengine.dll
2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-15 08:53 . 2011-11-14 14:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-11-14 14:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2011-11-14 14:37 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-11-14 14:37 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-11-14 14:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-11-14 14:37 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-15 08:53 . 2011-11-14 14:37 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-11-14 14:37 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-11-14 14:37 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-14 14:37 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-14 14:37 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-14 14:37 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2011-11-14 14:37 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-14 14:37 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-14 14:37 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-10-15 08:53 . 2011-11-14 14:37 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-14 14:37 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2011-11-14 14:37 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-01-03 12:55 . 2012-01-03 12:58 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2011-12-19 01:29 . 2011-12-16 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-11-01 2531104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2008-05-26 520192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208]
.
c:\users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MegaCloud.lnk - c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloud.exe [2012-1-2 9825424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TV Expert Schedule Agent.lnk - d:\program files\TV Expert\ADTVScheduleAgent.exe [2011-12-2 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-11-01 358840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-14 239168]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-01 205864]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-01 40296]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-01 25192]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 1361288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-11-01 207936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-11-01 4363040]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-11-01 29312]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000Core.job
- c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000UA.job
- c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15]
.
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: DhcpNameServer = 178.79.22.6 178.79.0.3
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\o1xdr72p.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2388-)
c:\windows\System32\netshell.dll
.
Completion time: 2012-01-07 12:47:02
ComboFix-quarantined-files.txt 2012-01-07 20:47
ComboFix2.txt 2012-01-07 14:29
.
Pre-Run: 33,107,030,016 bytes free
Post-Run: 33,045,315,584 bytes free
.
- - End Of File - - CE865E2CF2BB6FF8E46F7A5C417B840C

Ta poslednja skripta je onesposobila većinu stvari, browsere launchere itd btw ali ima restore za svaki slučaj.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kako onesposobila, pojasni malo.

Ko je trenutno na forumu
 

Ukupno su 546 korisnika na forumu :: 12 registrovanih, 0 sakrivenih i 534 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ctrl x, Despot1, dragoljub11987, GreenMan, krkalon, Krusarac, kybonacci, Leonardo, Mixelotti, Radiša, Steeeefan, Vzor50