Poslao: 09 Apr 2012 20:49
|
offline
- Pridružio: 01 Jan 2012
- Poruke: 75
|
Napisano: 09 Apr 2012 20:24
Ok....postavljam izvestaj sto je pre moguce....
Dopuna: 09 Apr 2012 20:49
Nisam uspela deaktivirati antiviruse,ali je izvestaj gotov...
ComboFix 12-04-07.02 - Altior 09.04.2012 20:28:58.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.381.1033.18.3067.2328 [GMT 2:00]
Running from: c:\users\Altior\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\8.bin\F3EZSETP.DLL
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\6.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\6.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\6.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\6.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\6.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\6.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\6.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\6.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\6.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\6.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\6.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\6.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\6.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\6.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Object
c:\program files\Object\config.ini
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Temp\115172.exe
c:\windows\Temp\2244153.exe
c:\windows\Temp\58998255-loader2.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\update.tray-9-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 18:34 . 2012-04-09 18:36 -------- d-----w- c:\users\Altior\AppData\Local\temp
2012-04-09 18:34 . 2012-04-09 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 07:36 . 2012-04-09 11:52 -------- d-----w- c:\users\Altior\AppData\Local\Microsoft Games
2012-04-09 07:35 . 2012-04-09 07:35 -------- d-----w- c:\program files\Microsoft Games
2012-04-08 11:34 . 2012-04-09 18:34 -------- d--h--w- c:\windows\update.tray-7-0
2012-04-08 11:34 . 2012-04-09 11:21 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2012-04-08 11:33 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-08 11:32 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-08 11:32 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-06 16:57 . 2012-04-06 16:57 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-03-30 10:27 . 2012-03-30 10:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 22:50 . 2012-03-18 22:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 22:50 . 2012-03-18 22:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 10:27 . 2011-09-10 14:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 16:57 . 2010-11-13 14:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 22:50 . 2012-01-12 11:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E942F70-2AB9-659D-681F-0E0D1D2117A5}]
2009-07-14 01:16 200192 ----a-w- c:\windows\System32\ncci.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-10-27 10:45 2325528 ----a-w- c:\program files\Softonic_English\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-01 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-15 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-11 13789728]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-11 92704]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-10 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-17 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:27]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 17:44]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.allgameshome.com/
mStart Page = hxxp://home.allgameshome.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Altior\AppData\Roaming\Mozilla\Firefox\Profiles\k7fi2wmn.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-9-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-systemup - c:\windows\systemup.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-09 20:39:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 18:39
.
Pre-Run: 140.709.535.744 bytes free
Post-Run: 168.011.042.816 bytes free
.
- - End Of File - - BD624EC10B808ABE5CA2E5624C723DE7
|
|
|
|
|
Poslao: 10 Apr 2012 10:26
|
offline
- Pridružio: 01 Jan 2012
- Poruke: 75
|
Nisam uspela otkloniti ostatke McAfee i ESET-a....prilazem izvestaj koji se pojavio na desktopu prilikom rada na ESET-u
>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[04/10/12 09:44:38] C:\Users\Altior\Desktop\ESETUninstaller.exe 4.0.15.5
[04/10/12 09:44:38] Input arguments:
[04/10/12 09:44:38] Online (PC booted from fixed disk) mode detected.
[04/10/12 09:44:38] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y
[04/10/12 09:44:40] Scanning available operating systems ...
[04/10/12 09:44:40] Available operating systems, which AV product can be removed from:
[04/10/12 09:44:40] [1]
[04/10/12 09:44:40] Product Name: Windows 7 Professional
[04/10/12 09:44:40] Current Version: 6.1.0.7600.WinNT.x86
[04/10/12 09:44:40] Volume: C:\
[04/10/12 09:44:40] System Root: C:\Windows
[04/10/12 09:44:40] Program Files: C:\Program Files
[04/10/12 09:44:40] Program Files (x86):
[04/10/12 09:44:40] Common files: C:\Program Files\Common Files
[04/10/12 09:44:40] Common files (x86):
[04/10/12 09:44:40] Common application data folder: C:\ProgramData
[04/10/12 09:44:40] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[04/10/12 09:44:40] Device path folder: C:\Windows\inf
[04/10/12 09:44:40] Drives mapping:
[04/10/12 09:44:40] Current Letter: C Native Letter: C
[04/10/12 09:44:40] Building cache: COM: AppID -> DllName ...
[04/10/12 09:44:40] Building cache: COM: Category -> ReferenceCounter ...
[04/10/12 09:44:40] Scanning installed AV products ...
[04/10/12 09:44:40] Installed AV products:
[04/10/12 09:44:40] 1. SEP
[04/10/12 09:44:40] 2. Symantec LiveUpdate
[04/10/12 09:44:40] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1
[04/10/12 09:44:45] Are you sure to uninstall SEP from this OS? (y/n): y
[04/10/12 09:44:46] Product uninstallation: SEP
[04/10/12 09:44:46] Uninstallation in progress, please wait ...
[04/10/12 09:44:47] Current control set ... ControlSet001
[04/10/12 09:44:47] WSC: SEP unregistered of Windows Security Center
[04/10/12 09:44:47] WSC: SEP (WMI) unregistered of Windows Security Center
[04/10/12 09:44:47] Symantec Product: deleted: Symantec
[04/10/12 09:44:48] Uninstallation SEP finished successfully.
[04/10/12 09:44:48] Installed AV products:
[04/10/12 09:44:48] 1. Symantec LiveUpdate
[04/10/12 09:44:48] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1
[04/10/12 09:44:51] Are you sure to uninstall Symantec LiveUpdate from this OS? (y/n): y
[04/10/12 09:44:54] Product uninstallation: Symantec LiveUpdate
[04/10/12 09:44:54] Uninstallation in progress, please wait ...
[04/10/12 09:44:54] Current control set ... ControlSet001
[04/10/12 09:44:54] Uninstallation Symantec LiveUpdate finished successfully.
[04/10/12 09:44:54] Log file location: "C:\Users\Altior\Desktop\~ESETUninstaller.log"
[04/10/12 09:44:54] Uninstallation finished successfully, please restart your PC now.
[04/10/12 09:44:54] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[04/10/12 09:48:03] C:\Users\Altior\Desktop\ESETUninstaller.exe 4.0.15.5
[04/10/12 09:48:03] Input arguments:
[04/10/12 09:48:04] Online (PC booted from fixed disk) mode detected.
[04/10/12 09:48:04] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y
[04/10/12 09:48:05] Scanning available operating systems ...
[04/10/12 09:48:05] Available operating systems, which AV product can be removed from:
[04/10/12 09:48:05] [1]
[04/10/12 09:48:05] Product Name: Windows 7 Professional
[04/10/12 09:48:05] Current Version: 6.1.0.7600.WinNT.x86
[04/10/12 09:48:05] Volume: C:\
[04/10/12 09:48:05] System Root: C:\Windows
[04/10/12 09:48:05] Program Files: C:\Program Files
[04/10/12 09:48:05] Program Files (x86):
[04/10/12 09:48:05] Common files: C:\Program Files\Common Files
[04/10/12 09:48:05] Common files (x86):
[04/10/12 09:48:05] Common application data folder: C:\ProgramData
[04/10/12 09:48:05] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[04/10/12 09:48:05] Device path folder: C:\Windows\inf
[04/10/12 09:48:05] Drives mapping:
[04/10/12 09:48:05] Current Letter: C Native Letter: C
[04/10/12 09:48:05] Building cache: COM: AppID -> DllName ...
[04/10/12 09:48:05] Building cache: COM: Category -> ReferenceCounter ...
[04/10/12 09:48:06] Scanning installed AV products ...
[04/10/12 09:48:07] No supported AV product installed!
[04/10/12 09:48:07] Log file location: "C:\Users\Altior\Desktop\~ESETUninstaller.log"
[04/10/12 09:48:07] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
Poslao: 10 Apr 2012 12:14
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Uradi Korak 3 i Korak 4.
|
|
|
|
Poslao: 10 Apr 2012 15:28
|
offline
- Pridružio: 01 Jan 2012
- Poruke: 75
|
Napisano: 10 Apr 2012 15:25
Korak 3 sam uspela izvrsiti,evo izvestaja
ComboFix 12-04-07.02 - Altior 10.04.2012 15:02:29.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.381.1033.18.3067.2069 [GMT 2:00]
Running from: c:\users\Altior\Desktop\ComboFix.exe
Command switches used :: c:\users\Altior\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0-lnk\svchost.rar
c:\windows\update.tray-7-0
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 13:07 . 2012-04-10 13:09 -------- d-----w- c:\users\Altior\AppData\Local\temp
2012-04-09 07:36 . 2012-04-10 08:14 -------- d-----w- c:\users\Altior\AppData\Local\Microsoft Games
2012-04-09 07:35 . 2012-04-09 07:35 -------- d-----w- c:\program files\Microsoft Games
2012-04-08 11:32 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-06 16:57 . 2012-04-06 16:57 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-03-30 10:27 . 2012-04-09 19:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 22:50 . 2012-03-18 22:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 22:50 . 2012-03-18 22:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 08:47 . 2011-07-22 15:30 246272 ----a-w- c:\windows\unrar.exe
2012-04-09 19:41 . 2011-09-10 14:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 16:57 . 2010-11-13 14:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 22:50 . 2012-01-12 11:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E942F70-2AB9-659D-681F-0E0D1D2117A5}]
2009-07-14 01:16 200192 ----a-w- c:\windows\System32\ncci.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-01 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-15 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-11 13789728]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-11 92704]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-10 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-17 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:41]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 17:44]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.allgameshome.com/
mStart Page = hxxp://home.allgameshome.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Altior\AppData\Roaming\Mozilla\Firefox\Profiles\k7fi2wmn.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-10 15:12:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 13:12
ComboFix2.txt 2012-04-09 18:39
.
Pre-Run: 167.700.852.736 bytes free
Post-Run: 167.409.508.352 bytes free
.
- - End Of File - - 25A4935FAF9BEFF0E5974BFC26BC5AE2
Dopuna: 10 Apr 2012 15:28
A sto se tice koraka 4 prilikom pokretanja catchme.exe otvorio mi se crni prozor koji se ubrzo sam zatvorio,na desktopu je bio sledeci izvestaj
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
|
|
|
|
Poslao: 10 Apr 2012 15:39
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Što se tiče četvrtog koraka, idemo ručno.
Idi na sljedeći link:
http://www.mycity.rs/ambulanta-upload.php
Klikni na Browse
U polje za unos imena fajla kopiraj sljedeći tekst
c:\windows\System32\ncci.dll
Klikni na Open, a onda na Upload!.
Javi kad to uradiš i sačekaj dalja upustva.
|
|
|
|
|
|
Poslao: 10 Apr 2012 19:21
|
offline
- Pridružio: 01 Jan 2012
- Poruke: 75
|
evo novog izvestaja
ComboFix 12-04-10.01 - Altior 10.04.2012 19:08:19.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.381.1033.18.3067.2155 [GMT 2:00]
Running from: c:\users\Altior\Desktop\ComboFix.exe
Command switches used :: c:\users\Altior\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\System32\ncci.dll"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\System32\ncci.dll
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 17:13 . 2012-04-10 17:14 -------- d-----w- c:\users\Altior\AppData\Local\temp
2012-04-09 07:36 . 2012-04-10 08:14 -------- d-----w- c:\users\Altior\AppData\Local\Microsoft Games
2012-04-09 07:35 . 2012-04-09 07:35 -------- d-----w- c:\program files\Microsoft Games
2012-04-08 11:32 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-06 16:57 . 2012-04-06 16:57 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-03-30 10:27 . 2012-04-09 19:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 22:50 . 2012-03-18 22:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 22:50 . 2012-03-18 22:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 19:41 . 2011-09-10 14:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 16:57 . 2010-11-13 14:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 22:50 . 2012-01-12 11:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-01 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-15 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-11 13789728]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-11 92704]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-10 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-17 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:41]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 17:44]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.allgameshome.com/
mStart Page = hxxp://home.allgameshome.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Altior\AppData\Roaming\Mozilla\Firefox\Profiles\k7fi2wmn.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-10 19:17:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 17:17
ComboFix2.txt 2012-04-10 13:12
ComboFix3.txt 2012-04-09 18:39
.
Pre-Run: 166.976.589.824 bytes free
Post-Run: 166.913.892.352 bytes free
.
- - End Of File - - F93104A5E141477D1582B4CBA50963CC
|
|
|
|
|