[es] - Pomoc oko virusa

Nemanja_666
Nemanja Tatic
Gradiska

Član broj: 116292
Poruke: 221
*.dynamic.isp.telekom.rs.

+19 Profil

^{02.09.2010. u 23:29 - pre 166 meseci}

Prije par dan sam pokupio virus. Kada otvaram sa google-a rezultate pretrage neki linkovi se preusmjere. Nije bitno koji browser, desava se na svim. Sistem mi je Windows 7 32bit koji je updatovan. Za antivirus koristim samo Malwarebytes (skeniram sve sta skinem sa neta prije upotrebe).

Pa ako moze mala pomoc kako da se rijesim ovog napasnika :P

Jedino sto mi je sumljivo:
http://img188.imageshack.us/img188/506/pic01.gif

hijack log(123456.exe je hijackthis):

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:17:00, on 9/3/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nemanja666\Desktop\123456.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Wowd Page Grabber - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files\Wowd\ext\eiexxpw.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Wowd Home - {D7A4591C-912F-4E83-B90F-EB82E0AC1808} - C:\Program Files\Wowd\ext\eiexxpw.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{95116367-BED8-4407-ADE2-12F369620052}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95116367-BED8-4407-ADE2-12F369620052}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{95116367-BED8-4407-ADE2-12F369620052}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 5474 bytes

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Pomoc oko virusa

^{03.09.2010. u 07:37 - pre 166 meseci}

Malwarebytes nije AntiVirus! To je helperski program koji mozes intalirati uz AntiVirus.
cak ni MBAM sa real time zastitom ( radi automacki ono sto si ti napisao da radis rucno) ne moze da zameni pravi AntiVirus program

Uradi sledece:
Download-uj i instaliraj jedan od sledecih AntiVirus programa:

avast5 ili avira. Oba programa su bespraltna a dobri su AV programi.
http://www.avast.com/free-antivirus-download

http://www.avira.com/en/pages/index.php

Kad instaliras AntiVirus,odradi update da full scan sistema. Ukoliko se problem i dalje javlja onda ces uraditi sledece:

Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt

Oba izvestaja sacuvaj na Desktop.
Kopiraj mi DDS.txt

_{[Ovu poruku je menjao magna86 dana 03.09.2010. u 08:47 GMT+1]}

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

Nemanja_666
Nemanja Tatic
Gradiska

Član broj: 116292
Poruke: 221
*.dynamic.isp.telekom.rs.

+19 Profil

Re: Pomoc oko virusa

^{04.09.2010. u 06:32 - pre 166 meseci}

Skenirao sam sa avastom (Boot-Time scan Heuristics na High). Pronasao mi je par virusa u temp direktoriju i obrisao. Ali problem je i dalje ostao. Primjetio sam kad mi redirektuje stranice startuju se dva nova procesa dllhost.exe i potom se ugase.

DDS log:

Code:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Nemanja666 at  7:24:12.92 on Sat 09/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.1526.666 [GMT 2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Warcraft III\WarKey.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
C:\Program Files\NetBeans 6.9\bin\netbeans.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nemanja666\Desktop\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
BHO: Wowd Page Grabber: {99756919-c498-4d97-9e20-2076de0e42b9} - c:\program files\wowd\ext\eiexxpw.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [NetBalancer] c:\program files\netbalancer\SeriousBit.NetBalancer.Tray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {95116367-BED8-4407-ADE2-12F369620052} = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\nemanj~1\appdata\roaming\mozilla\firefox\profiles\mlsoz174.new\
FF - component: c:\users\nemanja666\appdata\roaming\mozilla\firefox\profiles\mlsoz174.new\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\nemanja666\appdata\roaming\mozilla\firefox\profiles\mlsoz174.new\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\winnt_x86-msvc\components\FFThrottle.dll
FF - component: c:\users\nemanja666\appdata\roaming\mozilla\firefox\profiles\mlsoz174.new\extensions\[email protected]\components\dwmxpcom.dll
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\nemanja666\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\nemanja666\appdata\roaming\facebook\npfbplugin_1_0_3.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-3 165456]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-3 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-3 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-3 40384]
R2 BlackfishSQL;BlackfishSQL;c:\program files\embarcadero\rad studio\7.0\bin\BSQLServer.exe [2009-11-19 65536]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-9-2 10240]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-3 40384]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2010-9-2 28776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 GarenaPEngine;GarenaPEngine;c:\users\nemanj~1\appdata\local\temp\IIR619F.tmp [2010-8-26 25616]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-11-25 3567]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-9 1343400]

=============== Created Last 30 ================

2010-09-04 01:32:44    0    d-----w-    c:\users\nemanja666\.system32
2010-09-03 14:23:10    50256    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-09-03 14:22:49    38848    ----a-w-    c:\windows\avastSS.scr
2010-09-03 14:22:47    0    d-----w-    c:\programdata\Alwil Software
2010-09-02 02:33:50    0    d-----w-    c:\users\nemanj~1\appdata\roaming\SeriousBit
2010-09-02 02:32:41    28776    ----a-w-    c:\windows\system32\drivers\nbdrv.sys
2010-09-02 02:32:41    0    d-----w-    c:\program files\NetBalancer
2010-08-31 14:59:03    103424    --sha-r-    c:\windows\system32\C_21027F.dll
2010-08-30 23:42:41    3912    ----a-w-    c:\users\nemanja666\.recently-used.xbel
2010-08-29 18:27:17    411480    ----a-w-    c:\windows\system32\tsccvid.dll
2010-08-29 18:27:15    0    d-----w-    c:\windows\system32\QuickTime
2010-08-29 18:26:32    0    d-----w-    c:\program files\common files\TechSmith Shared
2010-08-29 18:26:31    0    d-----w-    c:\programdata\TechSmith
2010-08-25 13:55:17    0    d-----w-    c:\programdata\Stardock
2010-08-24 21:20:33    571904    ----a-w-    c:\windows\system32\oleaut32.dll
2010-08-23 05:18:01    0    d-----w-    c:\program files\Stardock
2010-08-20 20:28:14    0    d-----w-    c:\users\nemanja666\dwhelper
2010-08-20 16:46:13    120693    ----a-w-    c:\users\nemanja666\Aleksandar_01.lvl
2010-08-18 18:05:56    405425    ----a-w-    c:\users\nemanja666\aco_src2.svg
2010-08-17 19:10:12    0    d-----w-    c:\users\nemanj~1\appdata\roaming\inkscape
2010-08-17 19:01:27    0    d-----w-    c:\program files\Inkscape
2010-08-16 19:20:17    0    d-----w-    c:\users\nemanj~1\appdata\roaming\Ultra Fractal 5
2010-08-16 15:48:06    0    d-----w-    c:\program files\Microsoft Synchronization Services
2010-08-16 15:47:39    0    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2010-08-16 15:44:52    0    d-----w-    c:\program files\Microsoft Analysis Services
2010-08-13 01:02:18    978432    ----a-w-    c:\windows\system32\wininet.dll
2010-08-13 01:02:18    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-08-12 05:24:41    0    d-----w-    C:\found.000
2010-08-11 07:44:35    1286016    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2010-08-11 07:44:19    82944    ----a-w-    c:\windows\system32\iccvid.dll
2010-08-11 07:44:19    197632    ----a-w-    c:\windows\system32\ir32_32.dll
2010-08-11 07:44:15    37376    ----a-w-    c:\windows\system32\rtutils.dll
2010-08-11 07:44:11    1233920    ----a-w-    c:\windows\system32\msxml3.dll
2010-08-11 07:44:07    310784    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-08-11 07:44:07    307200    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-08-11 07:44:07    113664    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-08-11 07:44:04    3955080    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-08-11 07:44:04    3899784    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-08-11 07:43:49    224256    ----a-w-    c:\windows\system32\schannel.dll
2010-08-11 07:43:48    2326016    ----a-w-    c:\windows\system32\win32k.sys
2010-08-10 07:16:41    0    d--h--w-    c:\program files\InstallJammer Registry
2010-08-10 07:16:40    0    d-----w-    c:\users\nemanj~1\appdata\roaming\Wowd
2010-08-10 07:13:46    0    d-----w-    c:\program files\Wowd
2010-08-10 05:39:31    0    d-----w-    c:\users\nemanj~1\appdata\roaming\Luxology
2010-08-05 15:03:58    0    ----a-w-    c:\windows\Setup.INI

==================== Find3M  ====================

2010-07-22 20:34:06    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
2010-07-11 13:17:49    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2010-07-11 13:17:49    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2010-06-30 12:25:03    83652    ----a-w-    c:\windows\fonts\TT_BOBO.TTF
2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-11-22 21:36:36    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112220091123\index.dat
2009-12-04 21:49:00    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120420091205\index.dat
2009-12-04 21:49:16    16384    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-12-04 21:49:16    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-12-04 21:49:16    16384    --sha-w-    c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2010-01-28 16:04:08    16384    --sha-w-    c:\windows\temp\cookies\index.dat
2010-01-28 16:04:08    32768    --sha-w-    c:\windows\temp\history\history.ie5\index.dat
2010-01-28 16:04:08    245760    --sha-w-    c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH:  7:25:22.60 ===============

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Pomoc oko virusa

^{04.09.2010. u 12:54 - pre 166 meseci}

*Start >> Run

Citat:

%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Ok

Postavi mi zadnja dva loga. tj. rezultate od zadnja dva scan-a. Obrati paznju na datumime. Meni trebaju dva najnovija (zadnja) loga

*Start >> Run kopiraj ovo:

Citat:

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report

Ok

pronadji notepad sa imenom aswBoot.txt i njegov sadrzaj zajedno sa dva loga od MBAM-a okaci uz poruku.

* Navedi mi na koje ti to sajtove ides ... linkove gde te reprodukuje .. itd...vise informacija

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

Nemanja_666
Nemanja Tatic
Gradiska

Član broj: 116292
Poruke: 221
*.dynamic.isp.telekom.rs.

+19 Profil

Re: Pomoc oko virusa

^{04.09.2010. u 19:20 - pre 166 meseci}

Hvala na pomoci do sada.
Kad unesem u google pretragu neki upit i otvaram linkove (koje do sada nisam) u firefox-u sa taba nestane bar za ucitavanje i title na par sekundi i zatim me baci na neku stranicu (porno, navlakusa da skinem neki "antivirus", stranica gdje treba samo da unesem neku capchu i imam dugme download, ...) Ovo se ne desava citavo vrijeme. Nekad me 10ak sati ne redirektuje, a nekad svaki novi link.

Logovi:

Malwarebyte zadnji (cist)

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4521

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/3/2010 00:23:28
mbam-log-2010-09-03 (00-23-28).txt

Scan type: Quick scan
Objects scanned: 9275
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Prezadnji:

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4521

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/1/2010 15:50:16
mbam-log-2010-09-01 (15-50-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 328754
Time elapsed: 1 hour(s), 16 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nemanja666\AppData\Local\Temp\0.22800867109505896.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Nemanja666\AppData\Local\Temp\0.7434789691876376.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

avast log:

Code:

09/03/2010 16:33
Scan of all local drives

File C:\Qt\2010.04\qt\examples\tools\treemodelcompleter\tmp\moc\release_shared\moc_treemodelcompleter.cpp|>org\openide\util\datatransfer\Bundle_ja.properties Error 42125 {ZIP archive is corrupted.}
File C:\Users\Nemanja666\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PA7E70K9\tube[1].htm is infected by JS:FakeCodec-AE [Trj], Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\6E96.exe is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\KB95.exe is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\KB97.exe is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\KB98.exe is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\_1362.tmp is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\_149A.tmp is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\_1EC7.tmp is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\_2FD7.tmp is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\Local\Temp\_3C17.tmp is infected by Win32:Malware-gen, Deleted
File C:\Users\Nemanja666\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1a3682d0-314f25d7 is infected by Win32:Crypt-HLH [Trj], Deleted
File C:\Users\Nemanja666\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1a3682d0-5ab7bc74 is infected by Win32:Crypt-HLH [Trj], Deleted
File C:\Users\Nemanja666\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\3dec7bd-5df57647|>Client.class is infected by Other:Malware-gen, Deleted
Number of searched folders: 25554
Number of tested files: 908284
Number of infected files: 14

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Pomoc oko virusa

^{04.09.2010. u 19:37 - pre 166 meseci}

Pazljivo procitaj sledece uputstvo:

* Skini Combofix program
Poseti ovu stranicu za download link i Uputstvo za koriscenje Combofix programa:
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

* Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html

* Pokreni Combofix!
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Kopiraj taj izvestaj ovde. (tipicna lokacija loga: C:\ComboFix.txt)

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

Nemanja_666
Nemanja Tatic
Gradiska

Član broj: 116292
Poruke: 221
*.dynamic.isp.telekom.rs.

+19 Profil

Re: Pomoc oko virusa

^{04.09.2010. u 20:10 - pre 166 meseci}

Log:

Code:

ComboFix 10-09-03.02 - Nemanja666 09/04/2010  20:55:18.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.1526.820 [GMT 2:00]
Running from: c:\users\Nemanja666\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BDSShellRes.dllBDSShellRes.dll.mui
c:\windows\system32\BDSShellRes140.dllBDSShellRes140.dll.mui
c:\windows\system32\sqlite3.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-04 to 2010-09-04  )))))))))))))))))))))))))))))))
.

2010-09-04 19:05 . 2010-09-04 19:05    --------    d-----w-    c:\users\Nemanja666\AppData\Local\temp
2010-09-04 19:05 . 2010-09-04 19:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-09-04 18:48 . 2010-09-04 18:49    --------    d-----w-    C:\32788R22FWJFW
2010-09-04 09:30 . 2010-09-04 09:30    --------    d-----w-    c:\program files\CCleaner
2010-09-04 08:30 . 2010-09-04 09:10    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\SPlayer
2010-09-04 08:30 . 2010-09-04 09:10    --------    d-----w-    c:\program files\SPlayer
2010-09-03 14:23 . 2010-06-28 20:37    165456    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-09-03 14:23 . 2010-06-28 20:32    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-09-03 14:23 . 2010-06-28 20:33    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-09-03 14:23 . 2010-06-28 20:37    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-09-03 14:23 . 2010-06-28 20:32    50256    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-09-03 14:22 . 2010-06-28 20:57    38848    ----a-w-    c:\windows\avastSS.scr
2010-09-03 14:22 . 2010-06-28 20:57    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-09-03 14:22 . 2010-09-03 14:22    --------    d-----w-    c:\programdata\Alwil Software
2010-09-03 14:22 . 2010-09-03 14:22    --------    d-----w-    c:\program files\Alwil Software
2010-09-02 02:33 . 2010-09-02 02:33    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\SeriousBit
2010-09-02 02:32 . 2010-09-02 02:33    --------    d-----w-    c:\program files\NetBalancer
2010-09-02 02:32 . 2010-05-14 22:04    28776    ----a-w-    c:\windows\system32\drivers\nbdrv.sys
2010-08-31 14:59 . 2010-08-31 14:59    103424    --sha-r-    c:\windows\system32\C_21027F.dll
2010-08-30 10:58 . 2010-08-30 10:58    --------    d-----w-    c:\users\Nemanja666\AppData\Local\TechSmith
2010-08-29 18:27 . 2010-03-04 15:27    411480    ----a-w-    c:\windows\system32\tsccvid.dll
2010-08-29 18:27 . 2010-08-29 18:27    --------    d-----w-    c:\windows\system32\QuickTime
2010-08-25 13:55 . 2010-08-25 13:55    --------    d-----w-    c:\programdata\Stardock
2010-08-24 21:20 . 2010-04-07 07:10    571904    ----a-w-    c:\windows\system32\oleaut32.dll
2010-08-23 05:18 . 2010-08-23 05:18    --------    d-----w-    c:\users\Nemanja666\AppData\Local\Stardock
2010-08-23 05:18 . 2010-08-23 05:18    --------    d-----w-    c:\program files\Stardock
2010-08-18 16:11 . 2010-08-18 16:11    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\gtk-2.0
2010-08-17 19:10 . 2010-08-17 19:10    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\inkscape
2010-08-17 19:01 . 2010-08-17 19:05    --------    d-----w-    c:\program files\Inkscape
2010-08-16 19:20 . 2010-08-30 21:08    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\Ultra Fractal 5
2010-08-16 15:48 . 2010-08-16 15:48    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2010-08-16 15:47 . 2010-08-16 15:47    --------    d-----w-    c:\program files\Microsoft.NET
2010-08-16 15:47 . 2010-08-16 15:47    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2010-08-16 15:44 . 2010-08-16 15:44    --------    d-----w-    c:\program files\Microsoft Analysis Services
2010-08-16 15:43 . 2010-08-16 15:43    --------    d-----r-    C:\MSOCache
2010-08-13 01:02 . 2010-06-30 06:25    978432    ----a-w-    c:\windows\system32\wininet.dll
2010-08-11 21:39 . 2010-08-11 21:39    --------    d-----w-    c:\users\Nemanja666\AppData\Local\Qt
2010-08-11 07:44 . 2010-06-14 06:12    1286016    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2010-08-11 07:44 . 2010-07-29 06:30    197632    ----a-w-    c:\windows\system32\ir32_32.dll
2010-08-11 07:44 . 2010-07-29 06:30    82944    ----a-w-    c:\windows\system32\iccvid.dll
2010-08-11 07:44 . 2010-06-19 06:23    37376    ----a-w-    c:\windows\system32\rtutils.dll
2010-08-11 07:44 . 2010-06-08 06:02    1233920    ----a-w-    c:\windows\system32\msxml3.dll
2010-08-11 07:44 . 2010-06-22 02:47    310784    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-08-11 07:44 . 2010-06-22 02:47    307200    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-08-11 07:44 . 2010-06-22 02:47    113664    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-08-11 07:44 . 2010-06-19 06:33    3955080    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-08-11 07:44 . 2010-06-19 06:33    3899784    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-08-11 07:43 . 2010-06-16 05:48    224256    ----a-w-    c:\windows\system32\schannel.dll
2010-08-11 07:43 . 2010-06-19 04:07    2326016    ----a-w-    c:\windows\system32\win32k.sys
2010-08-10 07:16 . 2010-08-10 07:16    --------    d--h--w-    c:\program files\InstallJammer Registry
2010-08-10 07:16 . 2010-08-10 07:34    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\Wowd
2010-08-10 07:13 . 2010-08-10 07:16    --------    d-----w-    c:\program files\Wowd
2010-08-10 05:39 . 2010-08-10 14:45    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\Luxology
2010-08-10 05:26 . 2010-08-10 05:26    --------    d-----w-    c:\users\Nemanja666\AppData\Local\Downloaded Installations
2010-08-06 10:11 . 2010-08-06 10:11    --------    d-----w-    c:\users\Nemanja666\AppData\Local\TickTail

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 09:40 . 2009-11-12 20:14    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\uTorrent
2010-09-04 02:20 . 2009-11-05 01:10    --------    d-----w-    c:\program files\Warcraft III
2010-09-04 01:38 . 2010-07-26 00:42    --------    d-----w-    c:\program files\DotAlicious Gaming Client
2010-09-04 01:37 . 2010-07-07 01:01    --------    d-----w-    c:\program files\Mozilla Firefox 4.0 Beta 1
2010-09-03 17:12 . 2009-11-05 01:05    --------    d-----w-    c:\program files\Garena
2010-08-30 21:09 . 2010-03-31 21:59    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-08-30 17:59 . 2010-07-10 07:11    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\Audacity
2010-08-23 15:52 . 2010-07-30 14:27    --------    d-----w-    c:\program files\eclipse
2010-08-17 01:01 . 2010-04-18 04:27    --------    d-----w-    c:\programdata\Microsoft Help
2010-08-16 21:12 . 2009-11-04 02:41    86944    ----a-w-    c:\users\Nemanja666\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 22:43 . 2010-07-06 05:07    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\Nokia
2010-08-08 11:32 . 2009-12-06 19:52    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\Skype
2010-08-07 22:00 . 2009-12-06 19:54    --------    d-----w-    c:\users\Nemanja666\AppData\Roaming\skypePM
2010-08-06 17:39 . 2009-12-02 03:57    --------    d-----w-    c:\program files\Crimson Editor
2010-08-06 00:11 . 2009-11-04 13:11    --------    d-----w-    c:\program files\Digsby
2010-07-30 14:32 . 2010-07-30 14:32    --------    d-----w-    c:\program files\Nokia
2010-07-22 20:34 . 2010-07-22 20:34    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
2010-07-11 13:18 . 2010-07-11 13:18    45056    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-11 13:18 . 2010-07-11 13:18    45056    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-11 13:18 . 2010-07-11 13:18    49152    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-11 13:18 . 2010-07-11 13:18    45056    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-11 13:18 . 2010-07-11 13:18    45056    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-11 13:18 . 2010-07-11 13:18    40960    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-11 13:18 . 2010-07-11 13:18    341600    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-11 13:18 . 2010-07-11 13:18    308808    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-11 13:18 . 2010-07-11 13:18    14848    ----a-w-    c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-11 13:18 . 2010-07-11 13:17    --------    d-----w-    c:\program files\Common Files\Real
2010-07-11 13:18 . 2010-07-11 13:17    --------    d-----w-    c:\program files\Real
2010-07-11 13:18 . 2010-07-11 13:18    --------    d-----w-    c:\program files\Common Files\xing shared
2010-07-11 13:17 . 2010-07-11 13:17    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2010-07-11 13:17 . 2010-07-11 13:17    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2010-07-10 07:25 . 2010-07-10 07:25    --------    d-----w-    c:\program files\Lame for Audacity
2010-07-10 07:11 . 2010-07-10 07:11    --------    d-----w-    c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-09 12:46 . 2009-11-22 20:39    --------    d-----w-    c:\program files\XMoto
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99756919-C498-4D97-9E20-2076DE0E42B9}]
2010-08-10 07:16    200704    ----a-w-    c:\program files\Wowd\ext\eiexxpw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2010-07-23 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39    1090952    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe

R3 GarenaPEngine;GarenaPEngine;c:\users\NEMANJ~1\AppData\Local\Temp\IIR619F.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-07 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-11-18 65536]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2010-07-23 10240]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [2010-05-14 28776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: {95116367-BED8-4407-ADE2-12F369620052} = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\
FF - component: c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - component: c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\extensions\[email protected]\components\dwmxpcom.dll
FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Nemanja666\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Nemanja666\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\NEMANJ~1\AppData\Local\Temp\IIR619F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-04  21:08:40
ComboFix-quarantined-files.txt  2010-09-04 19:08

Pre-Run: 12,773,814,272 bytes free
Post-Run: 12,680,814,592 bytes free

- - End Of File - - 822401909BE896897E45A0D5AFA5E6D0

Odgovor na temu