System usporen, racunar cesto zakuje

1

System usporen, racunar cesto zakuje

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2630
  • Gde živiš: Milan, Italy

Kao sto pise u naslovu system je usporen i racunar cesto zakuje pa se mora restartovati. Vjerovatno mu treba jedno ciscenje od virusa i od ko zna cega sve. Evo logova...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_32
Run by user at 5:17:51 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.73 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\StarGPS\stargps2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
uWindows: load=?
uWindows: Run=?
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LXDDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDDtime.dll,_RunDLLEntry@16
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{A39DA86B-9064-4D5E-98BA-4D7108E94797} : NameServer = 195.66.189.137 195.66.189.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-20 165584]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-1-21 132744]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-20 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 40384]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-20 655944]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-1-21 138760]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-25 632792]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 40384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ivjwjmqqv;Update Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mtwglv;Boot Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S2 yoziqnbbr;Support Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-11 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-14 02:22:33 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-14 02:15:27 -------- d-----w- c:\windows\ServicePackFiles
2012-08-14 02:15:04 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-08-14 02:14:55 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-08-14 02:10:18 19569 ----a-w- c:\windows\003225_.tmp
2012-08-14 01:58:05 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-09 21:38:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30:44 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 5:18:44,78 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, Springfield


U toku rešavanja slučaja, zamolio bih te da se pridržavas sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
Ukoliko se desi nešto što ne stoji u uputstvu, a ne znaš šta je, zaustavi sve i pitaj;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo;
Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK



Ukoliko je taj racunar prikljucen na mrezu, otkaci ga sa iste.




Korak 1


Preuzmi Norton Removal Tool, pokreni i isprati instrukcije. Kada proces bude završen, restartuj računar.


Korak 2


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2630
  • Gde živiš: Milan, Italy

ComboFix 12-08-14.05 - user 15.08.2012 2:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.280 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user\Start Menu\Programs\Download programs.url
c:\documents and settings\user\Start Menu\Programs\Games.url
c:\documents and settings\user\Start Menu\Programs\Translator.url
c:\documents and settings\user\Start Menu\Programs\Videos.url
c:\documents and settings\user\WINDOWS
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 00:09 . 2012-08-15 00:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-15 00:06 . 2012-08-15 00:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-08-15 00:04 . 2012-08-15 00:05 -------- dc-h--w- c:\windows\ie8
2012-08-14 23:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-14 23:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-14 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-14 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-14 23:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-14 23:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-14 23:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-14 23:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-14 23:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-14 23:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-14 23:03 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-14 23:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-14 23:00 . 2009-03-08 02:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-08-14 23:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-14 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-14 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-14 22:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-14 22:54 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-14 02:15 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-14 01:58 . 2012-08-14 03:08 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15 . 2012-08-09 21:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:56 . 2012-07-17 02:58 -------- d-----w- c:\documents and settings\user\Application Data\Notepad++
2012-07-17 02:56 . 2012-07-17 02:56 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 21:38 . 2012-02-04 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30 . 2007-11-11 19:13 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-11-11 18:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-12-20 17:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-11-11 18:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-11-11 18:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-11-11 18:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-11-11 18:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-11-11 18:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-11 04:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"LXDDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Warcraft Config.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^windows.pif]
path=c:\documents and settings\user\Start Menu\Programs\Startup\windows.pif
backup=c:\windows\pss\windows.pifStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 06:30 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 07:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ATI Technologies\\ATI\\Mirc.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2435:TCP"= 2435:TCP:mypgmmon
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.12.2010 19:53 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2010 19:53 17744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:30 22344]
S2 ivjwjmqqv;Update Support;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 3:07 14336]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mtwglv
yoziqnbbr
ivjwjmqqv
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: Interfaces\{A39DA86B-9064-4D5E-98BA-4D7108E94797}: NameServer = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
MSConfigStartUp-Advanced WindowsCare 3 - c:\program files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-HService - c:\windows\msservice.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Sys32 - c:\windows\Sys32.exe
AddRemove-GTA2 - c:\program files\GTA2 DEMO\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 02:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0228e38a-0c5b-11e0-a647-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae1eb1e-cc44-11dd-94f1-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329e-8ff3-11dc-a39a-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329f-8ff3-11dc-a39a-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,df,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c32a1-8ff3-11dc-a39a-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501dd708-a2ae-11dd-94c4-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51979390-2787-11de-a3c9-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52a7709a-94b2-11dd-94be-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6640045c-3e2c-11dd-944c-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6afeea86-ed8a-11dd-950b-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf4738c-aa64-11dc-93e4-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5c8346-a5c5-11dd-94c7-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8efb215a-45d5-11dd-9454-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9350d7bc-8bd1-11dd-94bb-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c82786a-485d-11dd-945a-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6bd-7bac-11dd-94ae-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6d8-7bac-11dd-94ae-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4bd7fd0-c0bc-11dd-94e1-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6088d18-3319-11de-a3da-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bead24bc-7738-11dd-94ad-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d441f650-6803-11df-a56d-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e44ae51e-4601-11de-a41b-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea71d84e-4ce7-11dd-9460-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edeebd1f-40d6-11de-a408-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420c9-d0a8-11df-a5cb-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420ca-d0a8-11df-a5cb-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c058-51e4-11dd-9464-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c059-51e4-11dd-9464-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-15 02:31:31
ComboFix-quarantined-files.txt 2012-08-15 00:31
.
Pre-Run: 58.416.332.800 bytes free
Post-Run: 58.347.257.856 bytes free
.
- - End Of File - - 9D6EEEB836748823BE7E721A4F0EE163

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvoriti Notepad i iskopirati sledeći tekst:

Driver::
ivjwjmqqv

Netsvc::
mtwglv
yoziqnbbr
ivjwjmqqv

File::
c:\program files\BS_Player\tbBS_P.dll

Folder::
c:\program files\ConduitEngine

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2435:TCP"=-
"1723:TCP"=-
"1701:UDP"=-
"500:UDP"=-

RegLockDel::
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0228e38a-0c5b-11e0-a647-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae1eb1e-cc44-11dd-94f1-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329e-8ff3-11dc-a39a-806d6172696f}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329f-8ff3-11dc-a39a-806d6172696f}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c32a1-8ff3-11dc-a39a-806d6172696f}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501dd708-a2ae-11dd-94c4-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51979390-2787-11de-a3c9-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52a7709a-94b2-11dd-94be-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6640045c-3e2c-11dd-944c-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6afeea86-ed8a-11dd-950b-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf4738c-aa64-11dc-93e4-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5c8346-a5c5-11dd-94c7-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8efb215a-45d5-11dd-9454-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9350d7bc-8bd1-11dd-94bb-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c82786a-485d-11dd-945a-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6bd-7bac-11dd-94ae-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6d8-7bac-11dd-94ae-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4bd7fd0-c0bc-11dd-94e1-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6088d18-3319-11de-a3da-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bead24bc-7738-11dd-94ad-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d441f650-6803-11df-a56d-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e44ae51e-4601-11de-a41b-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea71d84e-4ce7-11dd-9460-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edeebd1f-40d6-11de-a408-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420c9-d0a8-11df-a5cb-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420ca-d0a8-11df-a5cb-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c058-51e4-11dd-9464-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c059-51e4-11dd-9464-001bfc1fdefc}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2630
  • Gde živiš: Milan, Italy

ComboFix 12-08-15.01 - user 16.08.2012 2:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.261 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\program files\BS_Player\tbBS_P.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BS_Player\tbBS_P.dll
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IVJWJMQQV
-------\Service_ivjwjmqqv
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-15 00:09 . 2012-08-15 00:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-15 00:06 . 2012-08-15 00:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-08-15 00:04 . 2012-08-15 00:05 -------- dc-h--w- c:\windows\ie8
2012-08-14 23:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-14 23:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-14 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-14 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-14 23:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-14 23:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-14 23:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-14 23:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-14 23:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-14 23:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-14 23:03 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-14 23:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-14 23:00 . 2009-03-08 02:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-08-14 23:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-14 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-14 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-14 22:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-14 22:54 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-14 02:15 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-14 01:58 . 2012-08-14 03:08 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15 . 2012-08-09 21:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:56 . 2012-07-17 02:58 -------- d-----w- c:\documents and settings\user\Application Data\Notepad++
2012-07-17 02:56 . 2012-07-17 02:56 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 21:38 . 2012-02-04 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30 . 2007-11-11 19:13 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-11-11 18:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-12-20 17:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-11-11 18:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-11-11 18:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-11-11 18:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-11-11 18:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-11-11 18:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-11 04:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_00.28.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 00:25 . 2012-08-16 00:25 16384 c:\windows\Temp\Perflib_Perfdata_390.dat
+ 2012-08-15 04:39 . 2012-08-15 04:39 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\ae762cdc59ea894dcea7c1f5b7e496dd\System.Xaml.Hosting.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\5172f64c070a65b834e61f5cd6d0e632\System.Windows.Presentation.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\94938a2770c5a8f8d5fe2eb4a78a1dd4\System.Web.Routing.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\3b25cac7d0e813760d06d71f4285a0aa\System.Web.DynamicData.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\6f92f45d86d82065a08bb5c20312d9b1\System.Web.Abstractions.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fe1aff4ad8dddc97204a371feba3599d\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76ba7b2f5232c390b8db9dfcd935af93\System.ServiceModel.Channels.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a5c37bc9caf315df294f8b680a1ccd6f\System.AddIn.Contract.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\ca5aa92ac8de0c5e875c0af8a15bd1e9\XamlBuildTask.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a64f6c2fbfed13a2bff7a4d5d00f700b\WindowsFormsIntegration.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\067c005d73ef58a2c3b85c1eb1f82468\UIAutomationClient.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29d24fe44bdfa436ea463565028dc849\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6adec34334da9c0762fe2e69f398b0df\System.Web.Extensions.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\2559ef16c23dd644f60fa31f11521aaa\System.Web.Entity.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\5979cc4d4fe53dbf0919ea82370fe261\System.Web.Entity.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c6737478e64d305aa13ed952ac69543b\System.Web.DynamicData.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\19e49ece4814c78f87a6a4c1bbf58bd1\System.Web.DataVisualization.Design.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f066bf86e14ba530d4c11d8134ef0719\System.ServiceModel.Activation.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c59256d906eb8bf251fdcade8d3e8db8\System.ServiceModel.Routing.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 652800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\24d2d4150f7c122d6c66cf7574db5b2f\System.Net.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\6816b81bbf5b0e4d948c7014270024e9\System.Messaging.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\5cb0d92749a57afb6f7fb8220fd5a23d\System.Management.Instrumentation.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ee6b0560b2f6fe2c590144b716767ac9\System.IO.Log.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\fc5861a7b6a55a0179ec33611a25725c\System.IdentityModel.Selectors.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\37878191c4d2cea35b7d78b3530f862b\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\6aaf2213386341b4c3d3b3ad0c6438dd\System.Device.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\8283fae01802be3191d597d68eaadf64\System.Data.Services.Design.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623f6a322d104b4424aae3a9fb34e13f\System.Data.DataSetExtensions.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\86c524ba4d7c611933fd831482fc37b2\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\847a89aa3ca79dd380995cb43694d6e9\System.AddIn.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\48a515b17e8631c620aa0b293a0eb594\System.Activities.DurableInstancing.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\699b33373dccad550e1c3816dd75c321\UIAutomationClientsideProviders.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\eed3da66d4b3306d756d3115df0f6bb1\System.WorkflowServices.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\0f273ab1c90c8ae0e99696d5775ceeaa\System.Workflow.Runtime.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\5acb45c358bf02fb59410bb895c9ec48\System.Workflow.ComponentModel.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\868856b522838fbf26dbe8cb705031b4\System.Workflow.Activities.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e4e27bb9487647504e4b9f5ed0711be6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f9f93f4c8b467bafeb32a325cfde622c\System.Web.Mobile.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\5a5c95719bc244782badb71e93920dba\System.Web.Extensions.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8d031a0cbe9ee927b5d99f0932065f0e\System.Web.DataVisualization.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 2010624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\55ff552cd61d1c825e65660fa705df81\System.Speech.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fb1dafd33ea1f8f4c8ced2c9299bd366\System.ServiceModel.Web.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cac970090ee40f6eb194fcc66391d99f\System.ServiceModel.Discovery.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\49d13cef799a2cbb948f3292a87995fe\System.ServiceModel.Activities.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:39 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a277b0dd5279e1f76d31604b4eeb31f\System.Management.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9c5381e06b81e9859210d9164288cd8b\System.IdentityModel.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\65200fd86ad84cb83eab83777f75d882\System.Data.Services.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\cda5338af4bedb3a42d01451e0cc0784\System.Data.Services.Client.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1408000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\61f1d7775319b93374b3ec1989c9580e\System.Data.Entity.Design.ni.dll
+ 2012-08-15 00:29 . 2012-08-15 00:29 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\69ed7b4d15e9637e3756f38833a8ae3a\System.Activities.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2514311fe2bd97e63d383a1aa7481290\System.Activities.Presentation.ni.dll
+ 2012-08-15 00:29 . 2012-08-15 00:29 1544192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\7c94adcec5f00ebe4357fc854e9568d3\System.Activities.Core.Presentation.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\9f600932530e718cc45e80939bcc1966\Microsoft.JScript.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8be0d48c6312a96e2ff0fd5bafb70469\System.ServiceModel.ni.dll
+ 2012-08-15 04:37 . 2012-08-15 04:37 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\4c3b8750cd9b5b61f300275a6dd9ed07\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"LXDDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Warcraft Config.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^windows.pif]
path=c:\documents and settings\user\Start Menu\Programs\Startup\windows.pif
backup=c:\windows\pss\windows.pifStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 06:30 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 07:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ATI Technologies\\ATI\\Mirc.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.12.2010 19:53 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2010 19:53 17744]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2010 19:30 655944]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [25.5.2010 15:45 632792]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:30 22344]
S2 mtwglv;Boot Center;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 3:07 14336]
S2 yoziqnbbr;Support Config;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 3:07 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11.8.2012 6:14 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 02:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-16 02:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 00:28
ComboFix2.txt 2012-08-15 00:31
.
Pre-Run: 58.163.159.040 bytes free
Post-Run: 58.067.390.464 bytes free
.
- - End Of File - - 03DD770B4C4412CD42554437AB5A76E5

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Snapshot::

Driver::
mtwglv
yoziqnbbr



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Kakvo je sada stanje sistema?

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2630
  • Gde živiš: Milan, Italy

Napisano: 17 Avg 2012 1:50

ComboFix 12-08-16.01 - user 17.08.2012 1:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.273 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MTWGLV
-------\Legacy_YOZIQNBBR
-------\Service_mtwglv
-------\Service_yoziqnbbr
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 23:08 . 2012-08-16 23:08 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2012-08-16 23:06 . 2012-08-16 23:06 -------- d-----w- c:\program files\Common Files\Java
2012-08-16 23:05 . 2012-08-16 23:05 -------- d-----w- c:\program files\Oracle
2012-08-16 23:05 . 2012-08-16 23:05 -------- d-----w- c:\documents and settings\user\Application Data\Oracle
2012-08-16 23:05 . 2012-07-05 20:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-16 23:05 . 2012-08-16 23:05 -------- d-----w- c:\program files\Java
2012-08-16 22:52 . 2012-08-16 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-08-16 22:52 . 2012-08-16 22:52 -------- d-----w- c:\program files\MCShield
2012-08-16 22:41 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-16 22:41 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-16 22:41 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-16 22:41 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-16 22:41 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-16 22:41 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-16 22:41 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-16 22:41 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-16 22:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-16 22:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-16 22:40 . 2012-08-16 22:40 -------- d-----w- c:\program files\AVAST Software
2012-08-16 22:40 . 2012-08-16 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-16 00:37 . 2012-08-16 00:37 -------- d-----w- c:\documents and settings\user\Application Data\Qualys
2012-08-15 00:09 . 2012-08-15 00:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-15 00:06 . 2012-08-15 00:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-08-15 00:04 . 2012-08-15 00:05 -------- dc-h--w- c:\windows\ie8
2012-08-14 23:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-14 23:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-14 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-14 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-14 23:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-14 23:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-14 23:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-14 23:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-14 23:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-14 23:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-14 23:03 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-14 23:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-14 23:00 . 2009-03-08 02:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-08-14 23:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-14 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-14 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-14 22:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-14 22:54 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-14 02:15 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-14 01:58 . 2012-08-14 03:08 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15 . 2012-08-16 23:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 23:08 . 2012-02-04 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30 . 2007-11-11 19:13 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 20:06 . 2012-05-05 00:35 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2010-10-13 22:30 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2007-11-11 18:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-12-20 17:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-11-11 18:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-11-11 18:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-11-11 18:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-11-11 18:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-11-11 18:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-11 04:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"LXDDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Warcraft Config.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^windows.pif]
path=c:\documents and settings\user\Start Menu\Programs\Startup\windows.pif
backup=c:\windows\pss\windows.pifStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 06:30 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 07:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ATI Technologies\\ATI\\Mirc.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.8.2012 0:41 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.8.2012 0:41 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2012 0:41 21256]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2010 19:30 655944]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [25.5.2010 15:45 632792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:30 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25.7.2012 0:15 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11.8.2012 6:14 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 23:08]
.
2012-08-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-16 16:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 01:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-17 01:43:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 23:43
ComboFix2.txt 2012-08-16 00:28
ComboFix3.txt 2012-08-15 00:31
.
Pre-Run: 57.939.193.856 bytes free
Post-Run: 57.924.509.696 bytes free
.
- - End Of File - - 0045275BEFC0CC8BE5084367D43465A1

Pa stanje je generalno bolje, jos sam ja update neke programe i tako to. Ali stanje je primijetno bolje e sad sa 512MB Ram-a kapiram da mora sjeckati i kociti cim se otvore 2programa a i star je racunar. Smile Uglavnom sto se tice malware system je cist?

Imam 1 pitanje, zasto ComboFix nije mogao da instalira recovery console?

Dopuna: 17 Avg 2012 2:39

I ovo ne mogu da unistaliram...


offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Racunar je bio zarazen Conficker crvom, koji je verovatno dosao preko USB-a, a sto je posledica neazuriranog sistema...

Potrebno je da skines i instaliras ovaj patch kako bi "zakrpio" tu rupu u sigurnosti.

Preporuka je da odradis kompletan Windows Update, tako sto ces u Control Panel ukljuciti Automatic Update ukoliko to vec nisi ucinio.
Manuelno apdejtove mozes instalirati tako sto ces kliknuti na Start -> All Program -> Windows Update i pratiti instrukcije.


Arrow Vidim da si instalirao MCShield (eh da si to pre uradio Mr. Green), no isprati takodje ovaj postupak kako bi sredili USB uredjaje

Preuzmi MCShield sa sljedeće adrese:

http://amf.mycity.rs/mcshield/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku



Arrow Kako bi se resili toolbarova, isprati ovaj postupak

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • 100%Milanista
  • Information Technology
  • Pridružio: 23 Avg 2008
  • Poruke: 2630
  • Gde živiš: Milan, Italy

Arrow Patch instalirao.

Arrow Update sistema sam zavrsio jos prije neku noc.

Arrow To sa USB memorijskim uredjiajima cemo da preskocimo jer je racunar davno zarazen a te USB uredjaje ja sada nemam kod sebe.

Arrow Evo log:
https://www.mycity.rs/must-login.png

Arrow Nisam dobio odgovor za recovery console? Mr. Green

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Pokreni ponovo ComboFix i postavi svez izvestaj Smile

Ko je trenutno na forumu
 

Ukupno su 371 korisnika na forumu :: 4 registrovanih, 2 sakrivenih i 365 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: havoc995, Misirac, Simon simonović, wolf431