komp se restartuje sam

2

komp se restartuje sam

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Prikaci mi komletan log. Ispod prozora za odgovor imas opciju Prikaci fajl

offline
  • Pridružio: 04 Jan 2011
  • Poruke: 79
  • Gde živiš: Niš

Napisano: 29 Maj 2011 17:29

koji log da prikacim?

Dopuna: 29 Maj 2011 17:30

ComboFix sam prikacio ceo izvestaj

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

gilespis ::Napisano: 29 Maj 2011 17:29

koji log da prikacim?

Dopuna: 29 Maj 2011 17:30

ComboFix sam prikacio ceo izvestaj



Nisi iskopirao ceo log. Pogledaj na C:\Combofix.txt i iskoristi opciju Prikaci fajl u sledecem postu.

offline
  • Pridružio: 04 Jan 2011
  • Poruke: 79
  • Gde živiš: Niš

ok, vidim
mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

RegLock::
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

------------------------------------------


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 04 Jan 2011
  • Poruke: 79
  • Gde živiš: Niš

Napisano: 30 Maj 2011 21:04

ovaj prvi deo, da postavim log koji bude bio nnapravljen na kraju ciscenja nisam bas razumeo, jer kad se sve zavrsilo nista nisam mogao da postavim

Dopuna: 30 Maj 2011 21:36

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 30.5.2011 21:12:06

Searching for connected USB Mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
========================================

Searching for other storage...
----------------------------------------
F: {55237bc5-411e-11e0-9ae4-806e6f6e6963}
C: {8ce65185-e62f-11df-861d-806e6f6e6963}
D: {8ce65186-e62f-11df-861d-806e6f6e6963}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on I:
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
No Desktop.ini files found on I:
No mimics found on drive I:
No .lnk/.pif/.com/.scr files found on drive I:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8ce65185-e62f-11df-861d-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8ce65186-e62f-11df-861d-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 55237bc5-411e-11e0-9ae4-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed I:
========================================


New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:18

Scanning for connected removable storage...
----------------------------------------
I: {8cdc1f57-3028-11e0-8448-00e04da51dad}
J: {8cdc1f5d-3028-11e0-8448-00e04da51dad}
Added J:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 30.5.2011 21:14:19

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
Sanitized mountpoint for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
No mountpoint found for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

========================================
Removed J:
========================================


New device connected at 30.5.2011 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 30.5.2011 21:18:14

Scanning for connected USB mass storage...
----------------------------------------
I: {f3366286-fbdd-11df-91b6-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for f3366286-fbdd-11df-91b6-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================
USBNoRisk 2.7 (28 December 2010) by bobby

Started at 30.5.2011 21:12:06

Searching for connected USB Mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
========================================

Searching for other storage...
----------------------------------------
F: {55237bc5-411e-11e0-9ae4-806e6f6e6963}
C: {8ce65185-e62f-11df-861d-806e6f6e6963}
D: {8ce65186-e62f-11df-861d-806e6f6e6963}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on I:
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
No Desktop.ini files found on I:
No mimics found on drive I:
No .lnk/.pif/.com/.scr files found on drive I:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8ce65185-e62f-11df-861d-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8ce65186-e62f-11df-861d-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 55237bc5-411e-11e0-9ae4-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed I:
========================================


New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:18

Scanning for connected removable storage...
----------------------------------------
I: {8cdc1f57-3028-11e0-8448-00e04da51dad}
J: {8cdc1f5d-3028-11e0-8448-00e04da51dad}
Added J:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 30.5.2011 21:14:19

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
Sanitized mountpoint for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

No blocked files found on J:
----------------------------------------
No autorun.inf files found on J:
No mountpoint found for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

========================================
Removed J:
========================================


New device connected at 30.5.2011 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 30.5.2011 21:18:14

Scanning for connected USB mass storage...
----------------------------------------
I: {f3366286-fbdd-11df-91b6-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
Sanitized mountpoint for f3366286-fbdd-11df-91b6-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================
USBNoRisk 2.7 (28 December 2010) by bobby

Started at 30.5.2011 21:12:06

Searching for connected USB Mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
========================================

Searching for other storage...
----------------------------------------
F: {55237bc5-411e-11e0-9ae4-806e6f6e6963}
C: {8ce65185-e62f-11df-861d-806e6f6e6963}
D: {8ce65186-e62f-11df-861d-806e6f6e6963}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on I:
No Autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
No Desktop.ini files found on I:
No mimics found on drive I:
No .lnk/.pif/.com/.scr files found on drive I:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8ce65185-e62f-11df-861d-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8ce65186-e62f-11df-861d-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 55237bc5-411e-11e0-9ae4-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed I:
========================================


New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 30.5.2011 21:14:18

Scanning for connected removable storage...
----------------------------------------
I: {8cdc1f57-3028-11e0-8448-00e04da51dad}
J: {8cdc1f5d-3028-11e0-8448-00e04da51dad}
Added J:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 30.5.2011 21:14:19

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No Autorun.inf files found on J:
Sanitized mountpoint for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

No blocked files found on J:
----------------------------------------
No Autorun.inf files found on J:
No mountpoint found for 8cdc1f5d-3028-11e0-8448-00e04da51dad
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive J:
========================================

========================================
Removed J:
========================================


New device connected at 30.5.2011 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
I: {bda035d3-e83b-11df-82d3-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No Autorun.inf files found on I:
Sanitized mountpoint for bda035d3-e83b-11df-82d3-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 30.5.2011 21:18:14

Scanning for connected USB mass storage...
----------------------------------------
I: {f3366286-fbdd-11df-91b6-00e04da51dad}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No Autorun.inf files found on I:
Sanitized mountpoint for f3366286-fbdd-11df-91b6-00e04da51dad
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================

Dopuna: 30 Maj 2011 21:37

sto se tice combofix, prijavljuje mi neki virus, i da je rizicno

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Citat:
sto se tice combofix, prijavljuje mi neki virus, i da je rizicno


Koji virus ti prijavljuje, da nije Rootkit?

Obrisi ikonicu Combofixa sa deskopa, preuzmi novi Combofix i pokreni ga. Ukoliko trazi restart ne diraj nista dok ne zavrsi, a zatim mi prikaci izvestaj.

Ne zaboravi da iskljucis antivirus.

Ne ubadaj fleske u komp dok ne zavrsimo, to cemo na kraju.

offline
  • Pridružio: 04 Jan 2011
  • Poruke: 79
  • Gde živiš: Niš

Napisano: 31 Maj 2011 19:22

mycity.rs/must-login.png


ComboFix 11-05-31.01 - Gile 31.05.2011 19:05:03.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1791.1104 [GMT 2:00]
Running from: c:\users\Gile\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 17:12 . 2011-05-31 17:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 17:12 . 2011-05-31 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 19:25 . 2011-05-30 19:25 -------- d-----w- c:\users\Gile\AppData\Local\{A21AF99C-8B80-4303-ABFF-4271D84D1148}
2011-05-30 19:11 . 2011-05-30 19:29 -------- d-----w- C:\USBNoRisk
2011-05-29 12:31 . 2011-05-31 17:12 -------- d-----w- c:\users\Gile\AppData\Local\temp
2011-05-25 14:51 . 2011-05-25 14:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-22 20:00 . 2011-05-22 20:00 -------- d-----w- c:\users\Gile\AppData\Local\{FB2BAC37-DC46-4782-A7AA-1042587DB014}
2011-05-20 23:30 . 2011-05-20 23:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 20:56 . 2011-05-18 20:56 -------- d-----w- c:\users\Gile\AppData\Local\{7BB8504B-423D-4952-9CB5-A68FA1DE7035}
2011-05-07 21:34 . 2011-05-07 21:34 -------- d-----w- c:\users\Gile\AppData\Local\{2F164867-F2E2-42CB-B3C1-59C489E5213F}
2011-05-07 02:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52B86E56-7D73-4A22-8708-670534E895B8}\mpengine.dll
2011-05-05 20:57 . 2011-05-05 20:57 -------- d-----w- c:\users\Gile\AppData\Local\{74B0B765-B41C-44EC-9C3C-C94C030D36E8}
2011-05-04 18:13 . 2011-05-04 18:13 -------- d-----w- c:\windows\Sun
2011-05-03 20:42 . 2011-05-03 20:42 -------- d-----w- c:\users\Gile\AppData\Local\{911A405C-CBC6-4503-B829-95F3B1B7CC3A}
2011-05-02 17:39 . 2011-05-02 17:39 -------- d-----w- c:\users\Gile\AppData\Local\{D7B84003-6D2C-4CBF-8215-1933D215B3C0}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 14:51 . 2007-04-20 17:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-25 14:51 . 2007-04-20 17:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-10 13:20 . 2011-04-10 13:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-10 13:20 . 2011-04-10 13:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-10 13:20 . 2011-04-10 13:20 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-10 13:20 . 2011-04-10 13:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-10 13:20 . 2011-04-10 13:20 367104 ----a-w- c:\windows\system32\html.iec
2011-04-10 13:20 . 2011-04-10 13:20 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-10 13:20 . 2011-04-10 13:20 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-10 13:20 . 2011-04-10 13:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-10 13:20 . 2011-04-10 13:20 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 13:20 . 2011-04-10 13:20 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-10 13:20 . 2011-04-10 13:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-10 13:20 . 2011-04-10 13:20 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-10 13:20 . 2011-04-10 13:20 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-10 13:20 . 2011-04-10 13:20 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-10 13:20 . 2011-04-10 13:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-10 13:20 . 2011-04-10 13:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-10 13:20 . 2011-04-10 13:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-10 13:20 . 2011-04-10 13:20 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-10 13:20 . 2011-04-10 13:20 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-10 13:18 . 2011-04-10 13:18 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-10 13:18 . 2011-04-10 13:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-10 13:18 . 2011-04-10 13:18 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-10 13:18 . 2011-04-10 13:18 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-10 13:18 . 2011-04-10 13:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-10 13:18 . 2011-04-10 13:18 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-10 13:18 . 2011-04-10 13:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-10 13:18 . 2011-04-10 13:18 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-10 13:18 . 2011-04-10 13:18 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-10 13:18 . 2011-04-10 13:18 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-10 13:18 . 2011-04-10 13:18 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-10 13:18 . 2011-04-10 13:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-10 13:18 . 2011-04-10 13:18 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-20 11:45 . 2011-03-20 11:45 200704 ----a-w- c:\windows\iesshell.dll
2011-03-19 09:11 . 2010-11-01 18:52 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-08 19:21 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 19:44 . 2011-03-22 19:02 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-05-29 08:55 . 2011-05-27 20:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-29_12.32.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-05-31 16:55 38540 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-01 18:27 . 2011-05-31 16:55 16268 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-645272826-3440467161-2187692222-1000_UserData.bin
- 2011-05-29 08:51 . 2011-05-29 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-31 16:52 . 2011-05-31 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-29 08:51 . 2011-05-29 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-31 16:52 . 2011-05-31 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-05-30 19:58 835550 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2011-05-31 04:13 300184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-05-29 08:50 300184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-05-30 19:30 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2011-05-28 10:06 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:05 . 2011-05-30 19:58 1400602 c:\windows\System32\perfh009.dat
+ 2010-11-07 11:37 . 2011-05-31 04:13 1937616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-07 11:37 . 2011-05-29 08:50 1937616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-05 23:59 . 2011-05-31 04:13 1524132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-645272826-3440467161-2187692222-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]
"HFALoader"="c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe" [2011-04-11 2887168]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-25 273544]
.
c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-1 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InSight.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InSight.lnk
backup=c:\windows\pss\InSight.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-02 18:09 136176 ----atw- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HFALoader]
2011-04-11 13:35 2887168 ----a-w- c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-02-22 15:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-25 14:51 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-16 13224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000Core.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000UA.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\e7vy9dxl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-31 19:14:09
ComboFix-quarantined-files.txt 2011-05-31 17:14
ComboFix2.txt 2011-05-29 12:36
.
Pre-Run: 9.612.902.400 bytes free
Post-Run: 9.421.275.136 bytes free
.
- - End Of File - - 14AE11C995E8A83BAA7E6F18A3CD7A96

Dopuna: 31 Maj 2011 19:24

kad sam prosli put ukljucio combo nije mi prikazivao virus, ve posle toga kad sam privlacio onaj notepade u kombo, sto si mi poslao

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ajde sad polako, nema frke Smile Ovo da odradimo i racunar ce biti ok, posle prelazimo na flesku.

Iskljuci AV obavezno

Otvoriti Notepad i iskopirati sledeci tekst:


Snapshot::

RegLock::
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
[HKEY_USERS\S-1-5-21-645272826-3440467161-2187692222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

---------------------------------

Odradi ovo, pa cemo posle fleske

offline
  • Pridružio: 04 Jan 2011
  • Poruke: 79
  • Gde živiš: Niš

mycity.rs/must-login.png


ComboFix 11-05-31.01 - Gile 31.05.2011 20:50:31.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1791.1116 [GMT 2:00]
Running from: c:\users\Gile\Desktop\ComboFix.exe
Command switches used :: c:\users\Gile\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 18:57 . 2011-05-31 18:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 18:57 . 2011-05-31 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 18:28 . 2011-05-31 18:28 -------- d-----w- c:\users\Gile\AppData\Local\{ECB2E076-0D8F-4F81-9253-7BEED1D580D8}
2011-05-30 19:25 . 2011-05-30 19:25 -------- d-----w- c:\users\Gile\AppData\Local\{A21AF99C-8B80-4303-ABFF-4271D84D1148}
2011-05-30 19:11 . 2011-05-30 19:29 -------- d-----w- C:\USBNoRisk
2011-05-29 12:31 . 2011-05-31 18:57 -------- d-----w- c:\users\Gile\AppData\Local\temp
2011-05-25 14:51 . 2011-05-25 14:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-22 20:00 . 2011-05-22 20:00 -------- d-----w- c:\users\Gile\AppData\Local\{FB2BAC37-DC46-4782-A7AA-1042587DB014}
2011-05-20 23:30 . 2011-05-20 23:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 20:56 . 2011-05-18 20:56 -------- d-----w- c:\users\Gile\AppData\Local\{7BB8504B-423D-4952-9CB5-A68FA1DE7035}
2011-05-07 21:34 . 2011-05-07 21:34 -------- d-----w- c:\users\Gile\AppData\Local\{2F164867-F2E2-42CB-B3C1-59C489E5213F}
2011-05-07 02:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52B86E56-7D73-4A22-8708-670534E895B8}\mpengine.dll
2011-05-05 20:57 . 2011-05-05 20:57 -------- d-----w- c:\users\Gile\AppData\Local\{74B0B765-B41C-44EC-9C3C-C94C030D36E8}
2011-05-04 18:13 . 2011-05-04 18:13 -------- d-----w- c:\windows\Sun
2011-05-03 20:42 . 2011-05-03 20:42 -------- d-----w- c:\users\Gile\AppData\Local\{911A405C-CBC6-4503-B829-95F3B1B7CC3A}
2011-05-02 17:39 . 2011-05-02 17:39 -------- d-----w- c:\users\Gile\AppData\Local\{D7B84003-6D2C-4CBF-8215-1933D215B3C0}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 14:51 . 2007-04-20 17:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-25 14:51 . 2007-04-20 17:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-10 13:20 . 2011-04-10 13:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-10 13:20 . 2011-04-10 13:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-10 13:20 . 2011-04-10 13:20 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-10 13:20 . 2011-04-10 13:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-10 13:20 . 2011-04-10 13:20 367104 ----a-w- c:\windows\system32\html.iec
2011-04-10 13:20 . 2011-04-10 13:20 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-10 13:20 . 2011-04-10 13:20 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-10 13:20 . 2011-04-10 13:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-10 13:20 . 2011-04-10 13:20 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-10 13:20 . 2011-04-10 13:20 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 13:20 . 2011-04-10 13:20 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-10 13:20 . 2011-04-10 13:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-10 13:20 . 2011-04-10 13:20 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-10 13:20 . 2011-04-10 13:20 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-10 13:20 . 2011-04-10 13:20 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-10 13:20 . 2011-04-10 13:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-10 13:20 . 2011-04-10 13:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-10 13:20 . 2011-04-10 13:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-10 13:20 . 2011-04-10 13:20 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-10 13:20 . 2011-04-10 13:20 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-10 13:18 . 2011-04-10 13:18 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-10 13:18 . 2011-04-10 13:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-10 13:18 . 2011-04-10 13:18 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-10 13:18 . 2011-04-10 13:18 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-10 13:18 . 2011-04-10 13:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-10 13:18 . 2011-04-10 13:18 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-10 13:18 . 2011-04-10 13:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-10 13:18 . 2011-04-10 13:18 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-10 13:18 . 2011-04-10 13:18 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-10 13:18 . 2011-04-10 13:18 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-10 13:18 . 2011-04-10 13:18 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-10 13:18 . 2011-04-10 13:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-10 13:18 . 2011-04-10 13:18 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-20 11:45 . 2011-03-20 11:45 200704 ----a-w- c:\windows\iesshell.dll
2011-03-19 09:11 . 2010-11-01 18:52 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-08 19:21 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 19:44 . 2011-03-22 19:02 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-05-29 08:55 . 2011-05-27 20:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]
"HFALoader"="c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe" [2011-04-11 2887168]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-25 273544]
.
c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-1 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InSight.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InSight.lnk
backup=c:\windows\pss\InSight.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Gile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-02 18:09 136176 ----atw- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HFALoader]
2011-04-11 13:35 2887168 ----a-w- c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-02-22 15:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-25 14:51 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-16 13224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000Core.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645272826-3440467161-2187692222-1000UA.job
- c:\users\Gile\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 18:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\e7vy9dxl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
Completion time: 2011-05-31 20:58:54
ComboFix-quarantined-files.txt 2011-05-31 18:58
ComboFix2.txt 2011-05-31 17:14
ComboFix3.txt 2011-05-29 12:36
.
Pre-Run: 9.293.451.264 bytes free
Post-Run: 9.323.978.752 bytes free
.
- - End Of File - - FB5A53BB140C52F5D3633CFB5CB022BD

Ko je trenutno na forumu
 

Ukupno su 958 korisnika na forumu :: 62 registrovanih, 6 sakrivenih i 890 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, amaterSRB, amonsrb, aramis s, arzak, Atomski čoban, babaroga, bakenzi01, bieffe, bladesu, Bobrock1, Boris Bosiljčić, botta, brundo65, CrazyDiablo, d bos, Dannyboy, dAre1988, Dejan84, dekan.m, delrey, Djokkinen, dolinalima, DonRumataEstorski, Drug pukovnik, dule10savic, filigranofil, Georgius, Krusarac, Mercury, milan op1978, milan47, milenko crazy north, MilosKop, Mitraljeta, nebidrag, nemkea71, operniki, opt1, Outis, Paja Pajser, Petarvu, raptorsi, raskoljnikov, Rogan33, S2M, sabros, Shilok, Shinobi, shone34, Stanlio, stegonosa, t84dar, Toni, trundle, VladaNS1978, vobo, vukovi, wulfy, Zandar, zdrebac, Živković