Pokupio sam neko cudo...

1

Pokupio sam neko cudo...

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Izgleda da sam pokupio neko cudo, dovlaci nesto sa neta kad je racunar neaktivan, za sat vremena je skinuo 20-30mb. (telekom adsl je u pitanju)

Avast ne detektuje nista, probao sam i u safe modu. U servisima i u startupu ne vidim nista sumnjivo.

Netstat je pokazao konekcije ka sledecim adresama:
http://188.72.201.217/
http://65.55.17.39/
http://174.36.1.86/


Ovo mi izgleda sumnjivo u dds logu: (nisam dirao nista dok ne dobijem dalje uputstvo)
C:\Windows\system32\srvany.exe
C:\Windows\system32\lsm.exe
C:\Windows\TEMP\Szj.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\TEMP\Szh.exe
C:\Windows\system32\conhost.exe

LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Korisnik at 20:16:42.44 on Thu 05/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2046.1222 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\Windows\Explorer.EXE
C:\Program Files\IconSaver\IconSaver.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\WizMouse\WizMouse.exe
D:\temp\vmouse\volumouse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\EventGhost\EventGhost.exe
C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume OSD.exe
C:\Windows\TEMP\Szj.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\TEMP\Szh.exe
C:\Program Files\Opera 10.50 pre-alpha\opera.exe
C:\Windows\system32\taskeng.exe
C:\Users\Korisnik\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Users\Korisnik\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mystart.incredimail.com/
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [WizMouse] "c:\program files\wizmouse\WizMouse.exe"
uRun: [$Volumouse$] "d:\temp\vmouse\volumouse.exe" /nodlg
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IconSaver] "c:\program files\iconsaver\IconSaver.exe"
mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
dRun: [Canaveral] rundll32.exe c:\windows\system32\sshnas21.dll,BackupReadW
dRun: [M5T8QL3YW3] c:\windows\temp\Szh.exe
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\eventg~1.lnk - c:\program files\eventghost\EventGhost.exe
StartupFolder: c:\users\korisnik\appdata\roaming\microsoft\windows\start menu\programs\startup\Volume OSD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-30 164048]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2010-5-13 28184]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\programi\benchmark\hwinfo32\HWiNFO32.sys [2010-1-5 19064]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-30 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-30 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R2 BT848;bt848 tweaked WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2009-4-13 204127]
R2 BTTUNER;bt848 tweaked WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2009-4-13 9251]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2009-4-13 8193]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-4-25 8192]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2010-1-17 261392]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-7 5430272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-7 157184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [2009-8-6 54083]
S2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\ralinkregistrywriter.exe --> c:\program files\ralink\common\RalinkRegistryWriter.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 29192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-12-30 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-12-30 24944]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-8-26 25480]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-2-3 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-2-3 11088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-30 187392]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-1-2 93336]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]

=============== Created Last 30 ================

2010-05-13 16:56:54 0 d-----w- c:\users\korisnik\appdata\roaming\Colasoft MAC Scanner
2010-05-13 16:56:54 0 d-----w- c:\program files\common files\Colasoft Shared
2010-05-13 16:56:52 0 d-----w- c:\users\korisnik\appdata\roaming\Packet Analyzer - Colasoft Capsa 7.1
2010-05-13 16:56:47 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
2010-05-13 16:56:47 0 d-----w- c:\program files\common files\Software FX Shared
2010-05-13 16:56:45 0 d-----w- c:\program files\Packet Analyzer - Colasoft Capsa 7.1 Demo
2010-05-13 16:54:17 0 d-----w- c:\program files\Flexbyte Software
2010-05-13 16:16:41 0 d-----w- c:\program files\Defraggler
2010-05-13 14:00:14 221184 ----a-w- c:\windows\system32\sshnas21.dll
2010-05-13 13:09:53 0 d-----w- c:\program files\Ask.com
2010-05-13 08:21:35 0 d-----w- c:\users\korisnik\appdata\roaming\AidMaker
2010-05-13 08:21:33 22 ----a-w- c:\windows\system32\dciman13.sys
2010-05-13 08:03:54 1376 ----a-w- c:\windows\system32\fpt9xq.ocx
2010-05-13 07:47:12 0 d-----w- c:\users\korisnik\appdata\roaming\AVS4YOU
2010-05-13 07:47:12 0 d-----w- c:\programdata\AVS4YOU
2010-05-13 07:46:38 0 d-----w- c:\program files\common files\AVSMedia
2010-05-13 07:46:27 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-13 07:46:27 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-13 07:46:27 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-13 07:46:27 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 07:46:27 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-13 07:46:27 0 d-----w- c:\program files\AVS4YOU
2010-05-08 15:51:01 0 d-----w- c:\program files\IVT Corporation
2010-05-08 15:50:59 32 ----a-w- c:\windows\0
2010-05-08 15:50:59 0 ----a-w- c:\windows\system32\0
2010-05-08 15:33:14 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-08 15:19:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-08 15:18:42 0 d-----w- c:\programdata\PC Suite
2010-05-08 15:18:16 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-08 15:17:48 0 d-----w- c:\programdata\Installations
2010-05-07 14:20:24 0 d-----w- c:\users\korisnik\appdata\roaming\DScaler4
2010-05-07 14:20:24 0 d-----w- c:\program files\DScaler
2010-05-06 07:11:32 0 d-----w- c:\users\korisnik\appdata\roaming\The Creative Assembly
2010-05-05 13:10:24 0 d-----w- c:\program files\The KMPlayer
2010-05-05 09:04:48 0 d-----w- c:\program files\Gigatron Konfigurator
2010-05-02 16:02:49 0 d-----w- c:\users\korisnik\appdata\roaming\Thinstall
2010-05-01 09:32:01 0 d-----w- c:\program files\common files\NSV
2010-04-30 22:11:08 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-30 11:21:09 0 d-----w- c:\users\korisnik\appdata\roaming\PCF-VLC
2010-04-30 11:18:03 0 d-----w- c:\users\korisnik\appdata\roaming\Participatory Culture Foundation
2010-04-30 11:17:30 0 d-----w- c:\program files\Participatory Culture Foundation
2010-04-30 07:15:22 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-30 07:13:59 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-30 07:13:58 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-30 07:13:57 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-04-30 07:13:57 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-30 07:13:10 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-30 07:13:10 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-30 07:13:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-30 07:03:20 0 d-----w- c:\programdata\ATI
2010-04-26 06:01:55 0 d-----w- c:\program files\TweakNow PowerPack 2010
2010-04-25 08:00:25 8192 ----a-w- c:\windows\system32\srvany.exe
2010-04-25 08:00:25 77824 ----a-w- c:\windows\KMService.exe
2010-04-21 12:29:24 0 d-----w- c:\users\korisnik\appdata\roaming\Bump Technologies, Inc
2010-04-21 10:53:20 0 d-----w- c:\programdata\Sun
2010-04-21 10:53:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 06:38:22 0 d-----w- c:\program files\Readon Technology

==================== Find3M ====================

2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-07 02:43:20 5430272 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16:20 489472 ----a-w- c:\windows\system32\aticfx32.dll
2010-04-07 02:13:10 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12:38 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12:12 14321664 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 02:12:04 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:10:48 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-04-07 02:10:32 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 02:10:18 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 02:10:10 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 02:06:26 3164160 ----a-w- c:\windows\system32\atidxx32.dll
2010-04-07 01:46:48 50176 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40:46 3707904 ----a-w- c:\windows\system32\atiumdag.dll
2010-04-07 01:40:18 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 01:40:10 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 01:38:12 4018176 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:23:52 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23:40 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23:32 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-04-07 01:23:10 157184 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22:44 28160 ----a-w- c:\windows\system32\atiuxpag.dll
2010-04-07 01:22:30 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-04-07 01:22:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21:08 2983936 ----a-w- c:\windows\system32\atiumdva.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:13:58 3066912 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-06 15:58:58 1759264 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-06 15:58:52 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-06 15:58:52 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-06 15:58:52 2649632 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-02 16:09:08 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-30 18:35:32 299936 ----a-w- c:\windows\system32\FMAPO.dll
2010-03-29 08:12:21 249856 ------w- c:\windows\Setup1.exe
2010-03-29 08:12:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-22 12:22:42 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-17 15:06:30 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 07:26:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-05 22:08:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:16:56.34 ===============





https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

ComboFix 10-05-13.03 - Korisnik 05/14/2010 9:37.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2046.1255 [GMT 2:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\wc98pp.dll

Infected copy of c:\windows\system32\drivers\partmgr.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-14 07:41 . 2010-05-14 07:41 -------- d-----w- c:\users\Korisnik\AppData\Local\temp
2010-05-14 07:41 . 2010-05-14 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Colasoft MAC Scanner
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Common Files\Colasoft Shared
2010-05-13 16:56 . 2010-05-13 16:57 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Packet Analyzer - Colasoft Capsa 7.1
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Common Files\Software FX Shared
2010-05-13 16:56 . 2009-12-14 16:11 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Packet Analyzer - Colasoft Capsa 7.1 Demo
2010-05-13 16:54 . 2010-05-13 16:54 -------- d-----w- c:\program files\Flexbyte Software
2010-05-13 16:16 . 2010-05-13 16:16 -------- d-----w- c:\program files\Defraggler
2010-05-13 13:09 . 2010-05-13 13:09 -------- d-----w- c:\program files\Ask.com
2010-05-13 08:21 . 2010-05-13 08:21 0 ----a-w- c:\users\Korisnik\AppData\Roaming\AidMaker\AIDMAKERSILENTBUNDLESETUP.EXE
2010-05-13 08:21 . 2010-05-13 08:21 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AidMaker
2010-05-13 08:21 . 2007-02-07 09:01 22 ----a-w- c:\windows\system32\dciman13.sys
2010-05-13 07:47 . 2010-05-13 07:47 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVS4YOU
2010-05-13 07:47 . 2010-05-13 07:47 -------- d-----w- c:\programdata\AVS4YOU
2010-05-13 07:46 . 2010-05-13 16:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-13 07:46 . 2010-05-13 16:03 -------- d-----w- c:\program files\AVS4YOU
2010-05-13 07:46 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-13 07:46 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-13 07:46 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-13 07:46 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-13 07:46 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-12 11:05 . 2010-05-12 11:05 45056 ---ha-w- c:\users\Korisnik\AppData\Roaming\Microsoft\Emulator for Windows CE\VPCKeyboard.dll
2010-05-09 21:50 . 2010-05-09 21:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-05-09 21:48 . 2010-05-09 21:48 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-09 21:46 . 2010-05-09 21:46 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-08 16:15 . 2008-09-08 13:11 13099456 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\PCCS.exe
2010-05-07 14:20 . 2010-05-13 08:32 -------- d-----w- c:\program files\DScaler
2010-05-07 14:20 . 2010-05-07 14:25 -------- d-----w- c:\users\Korisnik\AppData\Roaming\DScaler4
2010-05-06 07:11 . 2010-05-06 07:11 -------- d-----w- c:\users\Korisnik\AppData\Roaming\The Creative Assembly
2010-05-05 13:10 . 2010-05-05 13:10 -------- d-----w- c:\program files\The KMPlayer
2010-05-05 09:04 . 2010-05-05 09:05 -------- d-----w- c:\program files\Gigatron Konfigurator
2010-05-02 16:02 . 2010-05-02 16:02 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Thinstall
2010-05-02 16:02 . 2010-05-02 16:02 -------- d-----w- c:\users\Korisnik\AppData\Local\Thinstall
2010-05-01 09:32 . 2010-05-01 09:32 -------- d-----w- c:\program files\Common Files\NSV
2010-04-30 22:11 . 2010-04-30 22:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-30 11:21 . 2010-04-30 11:21 -------- d-----w- c:\users\Korisnik\AppData\Roaming\PCF-VLC
2010-04-30 11:18 . 2010-04-30 11:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Participatory Culture Foundation
2010-04-30 11:17 . 2010-04-30 11:17 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-04-30 07:15 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-30 07:13 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-30 07:13 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-30 07:13 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-30 07:13 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-04-30 07:13 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-30 07:13 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-30 07:13 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-30 07:03 . 2010-04-30 07:03 -------- d-----w- c:\programdata\ATI
2010-04-26 06:01 . 2010-04-27 10:20 -------- d-----w- c:\program files\TweakNow PowerPack 2010
2010-04-25 08:00 . 2010-04-10 07:03 77824 ----a-w- c:\windows\KMService.exe
2010-04-25 08:00 . 2003-04-18 17:06 8192 ----a-w- c:\windows\system32\srvany.exe
2010-04-24 09:27 . 2010-04-24 09:27 -------- d-----w- c:\program files\7-Zip
2010-04-21 12:29 . 2010-04-21 12:29 -------- d-----w- c:\users\Korisnik\AppData\Local\Bump Technologies, Inc
2010-04-21 12:29 . 2010-04-21 12:29 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Bump Technologies, Inc
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\windows\Sun
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\program files\Common Files\Java
2010-04-21 10:53 . 2010-04-21 10:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\program files\Java
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_F7BD5300A94D01B980311C.exe
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_6FEFF9B68218417F98F549.exe
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_4C2FBD8A940F15BB854FB5.exe
2010-04-20 06:38 . 2010-04-20 06:38 -------- d-----w- c:\program files\Readon Technology

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 07:42 . 2009-12-30 14:43 -------- d-----w- c:\program files\SpeedFan
2010-05-13 22:26 . 2009-12-30 14:51 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Skype
2010-05-13 22:24 . 2009-12-30 14:55 -------- d-----w- c:\users\Korisnik\AppData\Roaming\uTorrent
2010-05-13 16:16 . 2009-12-31 09:40 -------- d-----w- c:\program files\CCleaner
2010-05-13 16:15 . 2010-03-17 23:12 -------- d-----w- c:\program files\RocketDock
2010-05-13 16:09 . 2009-12-30 14:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-13 16:07 . 2009-12-30 20:53 -------- d-----w- c:\program files\Ray Adams
2010-05-13 16:05 . 2010-03-29 08:12 -------- d-----w- c:\program files\iGoEditor
2010-05-13 08:51 . 2010-02-02 21:23 -------- d-----w- c:\users\Korisnik\AppData\Roaming\vlc
2010-05-13 08:38 . 2009-12-30 20:50 111592 ----a-w- c:\users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-13 06:17 . 2010-01-23 22:31 -------- d-----w- c:\program files\MSI Kombustor
2010-05-12 08:24 . 2009-12-30 14:56 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AIMP
2010-05-10 08:10 . 2010-03-09 14:51 -------- d-----w- c:\programdata\VMware
2010-05-09 15:33 . 2009-12-31 11:29 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Wildfire
2010-05-08 16:15 . 2010-05-08 16:15 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-08 16:15 . 2010-05-08 15:17 -------- d-----w- c:\programdata\Installations
2010-05-08 15:51 . 2009-12-30 14:30 -------- d-----w- c:\program files\fraps
2010-05-08 15:51 . 2010-05-08 15:51 -------- d-----w- c:\program files\IVT Corporation
2010-05-08 15:33 . 2010-05-08 15:33 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\PC Suite
2010-05-08 15:19 . 2010-05-08 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Nokia
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\programdata\PC Suite
2010-05-08 15:18 . 2009-12-30 15:01 -------- d-----w- c:\program files\DIFX
2010-05-08 15:18 . 2010-05-08 15:18 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-08 15:18 . 2010-05-08 15:18 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-08 15:18 . 2010-05-08 15:18 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-08 15:18 . 2010-05-08 15:18 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-08 15:16 . 2009-12-30 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 07:59 . 2009-12-31 09:19 -------- d-----w- c:\users\Korisnik\AppData\Roaming\.purple
2010-05-06 20:59 . 2009-12-30 15:08 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-12-30 15:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-12-30 15:08 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-12-30 15:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2009-12-30 15:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2009-12-30 15:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 08:40 . 2009-12-30 15:33 -------- d--h--w- c:\program files\Temp
2010-05-03 10:08 . 2010-03-09 14:58 -------- d-----w- c:\users\Korisnik\AppData\Roaming\VMware
2010-05-02 19:40 . 2010-01-09 08:52 -------- d-----w- c:\program files\Opera 10.50 pre-alpha
2010-04-30 07:03 . 2010-02-12 09:50 -------- d-----w- c:\program files\ATI
2010-04-30 07:00 . 2009-12-30 22:43 -------- d-----w- c:\program files\ATI Technologies
2010-04-16 08:10 . 2009-12-30 15:59 -------- d-----w- c:\users\Korisnik\AppData\Roaming\My Games
2010-04-14 16:47 . 2009-12-30 15:08 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-13 20:29 . 2010-03-05 09:21 -------- d-----w- c:\programdata\MumboJumbo
2010-04-12 20:46 . 2010-04-12 20:46 -------- d-----w- c:\program files\NRadioBox
2010-04-08 13:15 . 2009-12-30 20:36 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Nero
2010-04-08 12:56 . 2010-04-08 12:55 -------- d-----w- c:\programdata\DVD Shrink
2010-04-08 12:55 . 2010-04-08 12:55 -------- d-----w- c:\program files\DVD Shrink
2010-04-07 13:35 . 2010-04-07 13:35 -------- d-----w- c:\program files\7room
2010-04-07 02:43 . 2010-04-07 02:43 5430272 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16 . 2010-04-07 02:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16 . 2010-02-03 04:23 489472 ----a-w- c:\windows\system32\aticfx32.dll
2010-04-07 02:13 . 2010-04-07 02:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12 . 2010-04-07 02:12 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12 . 2010-04-07 02:12 14321664 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 02:12 . 2010-04-07 02:12 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:10 . 2010-04-07 02:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-04-07 02:10 . 2010-04-07 02:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 02:10 . 2010-04-07 02:10 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 02:10 . 2010-04-07 02:10 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10 . 2010-04-07 02:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 02:06 . 2009-09-23 22:22 3164160 ----a-w- c:\windows\system32\atidxx32.dll
2010-04-07 01:46 . 2010-02-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40 . 2009-09-23 22:06 3707904 ----a-w- c:\windows\system32\atiumdag.dll
2010-04-07 01:40 . 2010-04-07 01:40 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 01:40 . 2010-04-07 01:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 01:38 . 2010-04-07 01:38 4018176 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:23 . 2009-11-25 02:25 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 157184 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22 . 2010-02-03 03:23 28160 ----a-w- c:\windows\system32\atiuxpag.dll
2010-04-07 01:22 . 2010-02-03 03:22 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-04-07 01:22 . 2010-04-07 01:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21 . 2009-09-23 21:48 2983936 ----a-w- c:\windows\system32\atiumdva.dll
2010-04-07 01:08 . 2010-04-07 01:08 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:08 . 2010-04-07 01:08 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:13 . 2010-05-05 08:40 3066912 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-06 15:58 . 2010-05-05 08:40 1759264 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-06 15:58 . 2010-05-05 08:40 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-06 15:58 . 2010-05-05 08:40 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-06 15:58 . 2010-05-05 08:40 2649632 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-06 10:19 . 2010-02-03 16:15 -------- d-----w- c:\program files\Partition Wizard Home Edition 4.1
2010-04-03 16:46 . 2009-12-30 14:55 -------- d-----w- c:\program files\AIMP2
2010-04-02 16:09 . 2010-04-02 16:09 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-30 18:35 . 2010-05-05 08:40 299936 ----a-w- c:\windows\system32\FMAPO.dll
2010-03-29 08:12 . 2010-03-29 08:12 249856 ------w- c:\windows\Setup1.exe
2010-03-29 08:12 . 2010-03-29 08:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-28 17:48 . 2009-12-30 14:51 -------- d-----w- c:\program files\Universal Share Download
2010-03-27 16:52 . 2010-03-16 05:48 -------- d-----w- c:\users\Korisnik\AppData\Roaming\skypePM
2010-03-23 13:16 . 2010-03-23 13:16 -------- d-----w- c:\users\Korisnik\AppData\Roaming\MAXON
2010-03-23 09:21 . 2010-03-23 09:17 -------- d-----w- c:\programdata\TrackMania
2010-03-22 12:22 . 2010-05-05 08:40 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-22 09:25 . 2010-03-22 09:25 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-22 09:25 . 2009-12-30 14:48 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-22 09:25 . 2009-12-30 14:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-20 08:22 . 2009-12-30 14:54 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Thunderbird
2010-03-17 15:06 . 2010-03-17 15:06 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-16 22:15 . 2010-03-16 05:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-16 05:48 . 2010-03-16 05:48 -------- d-----w- c:\program files\Common Files\Skype
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-01-16 07:59 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 15:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2009-03-06 552184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IconSaver"="c:\program files\IconSaver\IconSaver.exe" [2002-02-18 110592]
"PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2009-12-20 445680]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]

c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files\EventGhost\EventGhost.exe [2009-12-30 30208]
Volume OSD.exe [2009-1-17 216652]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-04-06 19:25 102400 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 29192]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-01-06 17488]
R3 GarenaPEngine;GarenaPEngine;c:\users\Korisnik\AppData\Local\Temp\HYC207D.tmp [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2010-01-06 24944]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [2009-08-24 93336]
R3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R3 speccy;speccy;c:\users\Korisnik\AppData\Local\Temp\830202641571742035463306544speccy.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
S1 aswSP;aswSP; [x]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2009-12-14 28184]
S1 HWiNFO32;HWiNFO32 Kernel Driver;d:\programi\Benchmark\HWInfo32\HWiNFO32.SYS [2009-07-16 19064]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 BT848;bt848 tweaked WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2001-04-27 204127]
S2 BTTUNER;bt848 tweaked WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-04-27 9251]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2001-04-27 8193]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2009-10-27 261392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\DRIVERS\LSWLUSB.sys [2002-05-28 54083]

.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43753074-2541558060-2943434843-1000Core.job
- c:\users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 15:51]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43753074-2541558060-2943434843-1000UA.job
- c:\users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Canaveral - c:\windows\system32\sshnas21.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Korisnik\AppData\Local\Temp\HYC207D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-43753074-2541558060-2943434843-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,fd,a3,bc,4e,de,a0,d5,89,03,b8,ee,be,34,5a,67,65,04,5f,5e,2d,68,c8,
18,f2,3a,42,ab,04,02,55,86,40,87,60,0c,24,40,cb,8f,92,c1,97,16,d3,8a,56,e5,\
"??"=hex:b3,24,74,8a,67,e8,cb,e0,96,03,bf,6e,ed,3e,8b,d6

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3916)
c:\program files\EventGhost\plugins\Task\hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume OSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-05-14 09:45:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 07:45

Pre-Run: 7,402,086,400 bytes free
Post-Run: 7,212,355,584 bytes free

- - End Of File - - 1A374EB570BB145D7114CEE51F8D7A9C

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Postavi mi sveze gmer logove.

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Napisano: 14 Maj 2010 11:42

Za par minuta, samo da zavrsi...

Dopuna: 14 Maj 2010 11:49

Evo:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje..? Jel ti Avast funkcionalan... ?

Citat:C:\Windows\system32\srvany.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe


Ovo su legitmni procesi.. Skini ProcessXp pa pogledaj njihov opis. Smile

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Avast je i bio funkcionalan, samo nije nasao nista. Danas nisam primetio neku neobicnu mreznu aktivnost. Videcemo za dan dva...

Hvala na pomoci!

btw, je li combofix nesto obrisao?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jeste, i usput je izvrsio dezinfekciju nekih fajlova... Zato sam ti trazio ponovo gmer. Da vidim dal nisu ponovo inficirani.

Neka ostane CF i ova tema dva tri dana pa javi dal se nesto promenilo.

offline
  • Pridružio: 02 Sep 2003
  • Poruke: 4955

Ok je sve za sada...

Hvala jos jednom!

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Drago nas je Mr. Green

Uradi jos ovo :

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Pozzz

Ko je trenutno na forumu
 

Ukupno su 977 korisnika na forumu :: 36 registrovanih, 13 sakrivenih i 928 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, bojcistv, Boris90, Brana01, Cassius Clay, cvrle312, Dimitrije Paunovic, Dorcolac, hooraay, Još malo pa deda, Karla, Lieutenant, loon123, Lord Nem, Metanoja, milimoj, milos.cbr, milutin134, Misirac, Mitraljeta, Mixelotti, naki011, pera bager, powSrb, procesor, S2M, Srle993, Steeeefan, stegonosa, vladulns, Yugol33, zbazin, zlaya011, |_MeD_|, 79693