MyCity » Ambulanta -> Arhiva Ambulante » Infekcija kao u igrici, mislim da je stigla sa FB

Infekcija kao u igrici, mislim da je stigla sa FB

Napisano na dan: 21.2.2012
1

Infekcija kao u igrici, mislim da je stigla sa FB
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Feb 2012 12:34
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Napisano: 21 Feb 2012 12:15

Na jedvite jade sam uspio da napravim log Gmer1, a prije nego li nastavim i ispratim sva uputstva, okačiću ovo što sam uspio do sada da prikupim.
Dobijam obavještenja kao na slikama:






Problem je počeo iznenada, danas dok sam na FB pregledao jednu aplikaciju na kojoj sam navodno označen. Bio je neki sajt nemanja0 ili sl.
Non-stop mi iskaču upozorenja kao na slikama i čak sam moram da izlazim iz njih dok sam na ovom dijelu foruma pokušavao da zakačim slike, toliko je naporno, kao u onoj prahistorijskoj igrici kada iskaču prozori sa dosadnim pitanjima koje je nemoguće zatvoriti.
Win je 32 - bita.
Evo prvog loga a okačiću i ostale:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-21 11:44:31
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: e45lq7k7.exe; Driver: C:\Users\Druid\AppData\Local\Temp\pgloapod.sys


---- System - GMER 1.0.15 ----

SSDT 9173073E ZwCreateSection
SSDT 91730743 ZwSetContextThread
SSDT 917306DF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83484569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834A9092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 834B0950 4 Bytes [3E, 07, 73, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 834B0CF0 4 Bytes [43, 07, 73, 91] {INC EBX; POP ES; JAE 0xffffffffffffff95}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 834B0DC8 4 Bytes [DF, 06, 73, 91] {FILD WORD [ESI]; JAE 0xffffffffffffff95}
? C:\Users\Druid\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3376] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4876] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtCreateFile + 6 77CE4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtCreateFile + B 77CE487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtMapViewOfSection + 6 77CE4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtMapViewOfSection + B 77CE4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenFile + 6 77CE4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenFile + B 77CE4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenProcess + 6 77CE5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenProcess + B 77CE503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenProcessToken + B 77CE504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenProcessTokenEx + B 77CE505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenThread + 6 77CE50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenThread + B 77CE50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenThreadToken + 6 77CE50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenThreadToken + B 77CE50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtOpenThreadTokenEx + B 77CE50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtQueryAttributesFile + 6 77CE51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtQueryAttributesFile + B 77CE51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtQueryFullAttributesFile + B 77CE529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtSetInformationFile + 6 77CE58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtSetInformationFile + B 77CE58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtSetInformationThread + 6 77CE5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtSetInformationThread + B 77CE594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtUnmapViewOfSection + 6 77CE5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5256] ntdll.dll!NtUnmapViewOfSection + B 77CE5C6B 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\HPSIsvc.exe[864] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\HPSIsvc.exe[864] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\HPSIsvc.exe[864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\HPSIsvc.exe[864] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\HPSIsvc.exe[864] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\HPSIsvc.exe[864] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2192] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2492] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74592494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74575624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745756E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7459250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74588573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74584D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745850CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745851A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745866D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745882CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74588819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7458907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7458E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3972] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74584C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5476] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5476] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[6044] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75D95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@001bee45bf09 0x24 0x41 0x06 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@0cddefe0a4d2 0x9E 0x08 0x22 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@0017e4c21884 0x5F 0x6A 0xB1 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@a87e33171021 0x53 0x2F 0xC5 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@002345af7a32 0xC2 0xF2 0x8F 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@70f395f67b44 0x74 0x1E 0x0C 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@002265952984 0xFA 0x8B 0x30 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e377657@0018138a6a4a 0x06 0xD8 0x80 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@001bee45bf09 0x24 0x41 0x06 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@0cddefe0a4d2 0x9E 0x08 0x22 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@0017e4c21884 0x5F 0x6A 0xB1 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@a87e33171021 0x53 0x2F 0xC5 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@002345af7a32 0xC2 0xF2 0x8F 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@70f395f67b44 0x74 0x1E 0x0C 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@002265952984 0xFA 0x8B 0x30 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e377657@0018138a6a4a 0x06 0xD8 0x80 0x24 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 947464195
Disk \Device\Harddisk0\DR0 PE file @ sector 947464217

Dopuna: 21 Feb 2012 12:18

I da ne griješim dušu da je infekcija stigla sa FB, prije će biti sa nekog drugog sajta do kojeg sam došao sa FB.

Dopuna: 21 Feb 2012 12:27

I da prijatelji mi telefonom javljaju da ih na FB obilježavam (prije pet sekundi) a kunem se da na FB nisam bio nekoliko sati.

Dopuna: 21 Feb 2012 12:34

Vidim da mi se na FB zaista, bez moje želje, umnožava ova aplikacija pogledajte svoju provalu: nemanjan00.binhoster.com

Poslao: 21 Feb 2012 13:01
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Napisano: 21 Feb 2012 12:45

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Druid at 12:41:40 on 2012-02-21
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3039.1828 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\HPSIsvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\ProgramData\Mobilni internet\OnlineUpdate\ouc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Druid\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
uSearch Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
mStart Page = hxxp://search.myheritage.com
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
mSearchAssistant = hxxp://start.facemoods.com/?a=kno&s={searchTerms}&f=4
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi3c8a~1\datamngr\IEBHO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\celebrity toolbar\mhxpcomi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\toolbar\searchqudtx.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\druid\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DATAMNGR] c:\progra~1\wi3c8a~1\datamngr\DATAMN~1.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\druid\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{35BF7CA1-C907-47D9-8635-FDC813155513} : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{82AAB405-D844-41D3-A8D4-8FC0AA3F92B7} : DhcpNameServer = 79.143.168.8 79.143.160.20 62.68.96.8
TCP: Interfaces\{BD0C2ED1-75F1-4B05-B721-EE3661ACFEC4} : DhcpNameServer = 87.250.98.250 208.67.222.222
TCP: Interfaces\{BD0C2ED1-75F1-4B05-B721-EE3661ACFEC4}\C41444F46594E414 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CE4D80B2-BB1B-4E72-9C29-86B1E0B62233} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CE4D80B2-BB1B-4E72-9C29-86B1E0B62233}\4494F4E49435 : DhcpNameServer = 79.143.168.8 79.143.160.20
TCP: Interfaces\{CE4D80B2-BB1B-4E72-9C29-86B1E0B62233}\44A757E676C6160213 : DhcpNameServer = 79.143.168.8 79.143.160.20
TCP: Interfaces\{CE4D80B2-BB1B-4E72-9C29-86B1E0B62233}\94E647567627160205 : DhcpNameServer = 192.168.0.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\IEBHO.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2010-12-23 23128]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-4 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-4 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-4 66616]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-12-27 99896]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-2-24 13336]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-13 2984832]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-24 33320]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-10-13 73216]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-8-24 140376]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-31 7122944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-24 122984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-24 328808]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
S2 Mobilni internet. RunOuc;Mobilni internet. OUC;c:\program files\mobilni internet\updatedog\ouc.exe [2011-10-13 246112]
S3 {72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD};{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD};c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-10-13 102784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-12-27 17408]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-10-22 103552]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-18 1343400]
.
=============== Created Last 30 ================
.
2012-02-01 10:58:34 -------- d-----w- c:\users\druid\appdata\roaming\mIRC
2012-01-26 13:30:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-25 09:38:12 -------- d-----w- c:\users\druid\appdata\local\Eraser 6
2012-01-25 00:13:58 -------- d-----w- c:\program files\Eraser
.
==================== Find3M ====================
.
2012-02-21 11:40:01 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-12 14:35:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 11:38:03 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-12-23 14:49:27 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-12-23 14:49:27 13824 ----a-w- c:\windows\system32\slwga.dll
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:42:46,79 ===============

Dopuna: 21 Feb 2012 12:52

https://www.mycity.rs/must-login.png

Dopuna: 21 Feb 2012 13:00

https://www.mycity.rs/must-login.png

Dopuna: 21 Feb 2012 13:01

https://www.mycity.rs/must-login.png

Poslao: 21 Feb 2012 15:39
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav Dubara!










U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------





Arrow


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.






goran9888 (AMF Tim)

Poslao: 21 Feb 2012 16:00
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

@goran9888 (AMF TiM)
ComboFix je odradio svoje ali oni dosadni prozori i dalje iskaču. Čekam ostala uputstva a prije toga evo loga koji je napravljen:


ComboFix 12-02-21.02 - Druid 21.02.2012 15:47:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3039.1735 [GMT 1:00]
Running from: c:\users\Druid\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Druid\AppData\Roaming\mIRC\logs\status.log
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-12 14:35 . 2012-02-12 14:35 -------- d-----w- c:\program files\Java
2012-02-01 10:58 . 2012-02-09 16:26 -------- d-----w- c:\users\Druid\AppData\Roaming\mIRC
2012-01-26 13:30 . 2012-01-26 13:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-25 09:38 . 2012-01-25 09:38 -------- d-----w- c:\users\Druid\AppData\Local\Eraser 6
2012-01-25 00:13 . 2012-01-25 00:13 -------- d-----w- c:\program files\Eraser
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 14:45 . 2011-12-06 10:56 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-12 14:35 . 2010-11-12 23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-23 14:49 . 2011-02-18 16:44 13824 ----a-w- c:\windows\system32\slwga.dll
2011-12-23 14:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-12-10 14:24 . 2011-12-01 11:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-10-27 09:27 225584 ----a-w- c:\program files\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-10-27 09:27 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Druid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-12-23 23128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [2010-06-17 40960]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 Mobilni internet. RunOuc;Mobilni internet. OUC;c:\program files\Mobilni internet\UpdateDog\ouc.exe [2011-10-13 246112]
R3 {72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD};{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD};c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 {80BD11AF-E1C4-457F-A90ECFE3B350EE8C};{80BD11AF-E1C4-457F-A90ECFE3B350EE8C};c:\windows\TEMP\E664.tmp [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-10-13 102784]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-08-24 140376]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2010-06-17 103552]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-18 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-09 136360]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-13 2984832]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-10-13 73216]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD}
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 21:14]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 21:14]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001Core.job
- c:\users\Druid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 10:07]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001UA.job
- c:\users\Druid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 10:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
mStart Page = hxxp://search.myheritage.com
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 79.143.168.8 79.143.160.20
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
AddRemove-Celebrity Toolbar - c:\program files\Celebrity Toolbar\ToolUninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-UseNeXT_is1 - c:\program files\UseNeXT\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD}]
"ServiceDll"="c:\users\Druid\AppData\Local\Temp\6A32.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{80BD11AF-E1C4-457F-A90ECFE3B350EE8C}]
"ImagePath"="\??\c:\windows\TEMP\E664.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-21 15:56:22
ComboFix-quarantined-files.txt 2012-02-21 14:56
.
Pre-Run: 115.235.803.136 bytes free
Post-Run: 114.997.411.840 bytes free
.
- - End Of File - - 370D9D2BF876B0D16514178AEA2A0C04

Poslao: 22 Feb 2012 01:30
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Exclamation Izvinjavam se sto malo kasnim sa odgovorom - privatne obaveze.





Idi u Start -> Control Panel -> Programs and features i deinstaliraj bukvalno sve aplikacije koje ti ne trebaju ili ne koristis. Takodje, deinstaliraj sve toolbar-ove koje imas instalirane. Lako ces ih naci jer obicno u nazivu imaju rec 'toolbar' (u tvom slucaju: YouTube Downloader Toolbar, Softonic-Eng7 Toolbar, Celebrity toolbar (MHTBPos00), Conduit Engine, QuickStores-Toolbar, Searchqu Toolbar, itd).



Takodje, bi bilo jako pozeljno da update-ujes sistem tako sto ces otici u Start -> Control Panel -> Windows Update -> Check for updates i instaliras sve najnovije zakrpe (prvenstveno Important) koje postoje za tvoj sistem. Tvoj sistem cak nema instaliran ni skup zakrpa (service pack 1) pa je samim tim izlozen velukom riziku na internetu od 'hakera' i malware-a.



Nakon sto ovo uradis, isprati sledece uputstvo - detaljno ...


Arrow

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD}
{80BD11AF-E1C4-457F-A90ECFE3B350EE8C}

File::
c:\windows\TEMP\E664.tmp
c:\users\Druid\AppData\Local\Temp\6A32.tmp

NetSvc::
{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD}


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.











goran9888 (AMF Tim)

Poslao: 22 Feb 2012 10:43
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Pozdrav gorane9888,
Uradio sam sve što si rekao ali dosadni prozor sa porukom kakva je na slici i dalje iskače. Sada pokušava da preuzme AntiVirus.exe a u međuvremenu sa Toolbara je nestao moj pravi antivirus Avira Antivir.
Evo loga koji je došao nakon jednog restarta:



ComboFix 12-02-21.02 - Druid 22.02.2012 10:02:17.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.3039.1653 [GMT 1:00]
Running from: c:\users\Druid\Desktop\ComboFix.exe
Command switches used :: c:\users\Druid\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Druid\AppData\Local\Temp\6A32.tmp"
"c:\windows\TEMP\E664.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{72DC7A00-2C4F-4D0F-9CAAE0D1B9D514BD}
-------\Service_{80BD11AF-E1C4-457F-A90ECFE3B350EE8C}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 09:08 . 2012-02-22 09:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 08:43 . 2012-02-22 08:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{422FAD46-42B6-4FAB-A079-5178A2C8F5C9}\offreg.dll
2012-02-22 08:16 . 2012-02-22 08:16 -------- d-----w- c:\windows\system32\SPReview
2012-02-22 08:15 . 2012-02-22 08:15 -------- d-----w- c:\windows\system32\EventProviders
2012-02-22 08:06 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{422FAD46-42B6-4FAB-A079-5178A2C8F5C9}\mpengine.dll
2012-02-22 08:02 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 08:02 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-22 08:02 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-22 08:02 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-22 08:02 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-22 08:01 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-22 08:01 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-22 07:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-22 07:55 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 14:56 . 2012-02-22 09:17 -------- d-----w- c:\users\Druid\AppData\Local\temp
2012-02-12 14:35 . 2012-02-12 14:35 -------- d-----w- c:\program files\Java
2012-02-01 10:58 . 2012-02-09 16:26 -------- d-----w- c:\users\Druid\AppData\Roaming\mIRC
2012-01-26 13:30 . 2012-01-26 13:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-25 09:38 . 2012-01-25 09:38 -------- d-----w- c:\users\Druid\AppData\Local\Eraser 6
2012-01-25 00:13 . 2012-01-25 00:13 -------- d-----w- c:\program files\Eraser
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 09:10 . 2011-12-06 10:56 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-22 08:30 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-12 14:35 . 2010-11-12 23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 04:10 . 2010-10-04 12:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-12-01 11:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-10-27 09:27 225584 ----a-w- c:\program files\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-10-27 09:27 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Druid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-12-23 23128]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 Mobilni internet. RunOuc;Mobilni internet. OUC;c:\program files\Mobilni internet\UpdateDog\ouc.exe [2011-10-13 246112]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-10-13 102784]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-08-24 140376]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2010-06-17 103552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-18 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-09 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [2010-06-17 40960]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-10-13 73216]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 21:14]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 21:14]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001Core.job
- c:\users\Druid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 10:07]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001UA.job
- c:\users\Druid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 10:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
mStart Page = hxxp://search.myheritage.com
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 79.143.168.8 79.143.160.20
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3920)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\programdata\Mobilni internet\OnlineUpdate\ouc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
.
**************************************************************************
.
Completion time: 2012-02-22 10:21:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 09:21
ComboFix2.txt 2012-02-21 14:56
.
Pre-Run: 111.788.371.968 bytes free
Post-Run: 111.599.603.712 bytes free
.
- - End Of File - - E33323AFE162596F3556FC9A94B66872

Poslao: 22 Feb 2012 11:04
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Koliko vidim i nisi bas ocistio sve toolbar-ove ...
Start -> Programs and Features -> Windows iLivid Toolbar (deinstaliraj i sve ostalo sto nosi naziv toolbar)





Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"=-
[-HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[-HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[-HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

Folder::
c:\program files\Celebrity Toolbar
c:\program files\BrowserCompanion

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.











goran9888 (AMF Tim)

Poslao: 22 Feb 2012 11:42
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Kod mene u programs and Features nema ni jednog toolbara. Sve sam ih odmah počistio.

Evo najnovijeg izvještaja:


ComboFix 12-02-21.02 - Druid 22.02.2012 11:16:01.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.3039.1281 [GMT 1:00]
Running from: c:\users\Druid\Desktop\ComboFix.exe
Command switches used :: c:\users\Druid\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\BCHelper.exe
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\sqlite3.dll
c:\program files\BrowserCompanion\updatebhoWin32.dll
c:\program files\BrowserCompanion\updatebhoWin32.dll_1
c:\program files\Celebrity Toolbar
c:\program files\Celebrity Toolbar\404.htm
c:\program files\Celebrity Toolbar\about.gif
c:\program files\Celebrity Toolbar\about.html
c:\program files\Celebrity Toolbar\active.html
c:\program files\Celebrity Toolbar\active.html.bak
c:\program files\Celebrity Toolbar\addPhotos.gif
c:\program files\Celebrity Toolbar\alerts.gif
c:\program files\Celebrity Toolbar\anniversary.gif
c:\program files\Celebrity Toolbar\AR.gif
c:\program files\Celebrity Toolbar\banner.html
c:\program files\Celebrity Toolbar\banner.html.bak
c:\program files\Celebrity Toolbar\basis.xml
c:\program files\Celebrity Toolbar\BG.gif
c:\program files\Celebrity Toolbar\birthday.gif
c:\program files\Celebrity Toolbar\buyFamilyGifts.gif
c:\program files\Celebrity Toolbar\calendar.gif
c:\program files\Celebrity Toolbar\Celebrity_Toolbar.dll
c:\program files\Celebrity Toolbar\Celebrity_Toolbar.xpi
c:\program files\Celebrity Toolbar\chat.html
c:\program files\Celebrity Toolbar\clearhist.exe
c:\program files\Celebrity Toolbar\clearSearchHistory.gif
c:\program files\Celebrity Toolbar\close.gif
c:\program files\Celebrity Toolbar\closeRoll.gif
c:\program files\Celebrity Toolbar\collage.gif
c:\program files\Celebrity Toolbar\createFamilySite.gif
c:\program files\Celebrity Toolbar\CS.gif
c:\program files\Celebrity Toolbar\DA.gif
c:\program files\Celebrity Toolbar\data.js
c:\program files\Celebrity Toolbar\dbghelp.dll
c:\program files\Celebrity Toolbar\DE.gif
c:\program files\Celebrity Toolbar\dialog_close.gif
c:\program files\Celebrity Toolbar\dns.htm
c:\program files\Celebrity Toolbar\EL.gif
c:\program files\Celebrity Toolbar\EN.gif
c:\program files\Celebrity Toolbar\ES.gif
c:\program files\Celebrity Toolbar\Family_Toolbar.dll
c:\program files\Celebrity Toolbar\familyTree.gif
c:\program files\Celebrity Toolbar\femaleOnline.gif
c:\program files\Celebrity Toolbar\femaleOnlineAway.gif
c:\program files\Celebrity Toolbar\ff.gif
c:\program files\Celebrity Toolbar\ff.ico
c:\program files\Celebrity Toolbar\FI.gif
c:\program files\Celebrity Toolbar\FR.gif
c:\program files\Celebrity Toolbar\HE.gif
c:\program files\Celebrity Toolbar\HR.gif
c:\program files\Celebrity Toolbar\HU.gif
c:\program files\Celebrity Toolbar\icons.bmp
c:\program files\Celebrity Toolbar\ie.gif
c:\program files\Celebrity Toolbar\ie.ico
c:\program files\Celebrity Toolbar\inboxOff.gif
c:\program files\Celebrity Toolbar\inboxOn.gif
c:\program files\Celebrity Toolbar\info.txt
c:\program files\Celebrity Toolbar\inviteFamily.gif
c:\program files\Celebrity Toolbar\IT.gif
c:\program files\Celebrity Toolbar\lang.js
c:\program files\Celebrity Toolbar\Loading.gif
c:\program files\Celebrity Toolbar\Loading.jpg
c:\program files\Celebrity Toolbar\logoff.gif
c:\program files\Celebrity Toolbar\logOnToMH.gif
c:\program files\Celebrity Toolbar\LT.gif
c:\program files\Celebrity Toolbar\maleOnline.gif
c:\program files\Celebrity Toolbar\maleOnlineAway.gif
c:\program files\Celebrity Toolbar\MHlogo.gif
c:\program files\Celebrity Toolbar\mhxpcomi.dll
c:\program files\Celebrity Toolbar\MissingSnapshot.jpg
c:\program files\Celebrity Toolbar\morph.gif
c:\program files\Celebrity Toolbar\MyHeritage.ico
c:\program files\Celebrity Toolbar\MyHeritage.png
c:\program files\Celebrity Toolbar\MyHeritageSearch.png
c:\program files\Celebrity Toolbar\MyHeritageWhiteBg.gif
c:\program files\Celebrity Toolbar\MyNewTab - Grid.htm
c:\program files\Celebrity Toolbar\MyNewTab - History Off.htm
c:\program files\Celebrity Toolbar\MyNewTab.css
c:\program files\Celebrity Toolbar\MyNewTab.js
c:\program files\Celebrity Toolbar\NL.gif
c:\program files\Celebrity Toolbar\NO.gif
c:\program files\Celebrity Toolbar\off.exe
c:\program files\Celebrity Toolbar\online.gif
c:\program files\Celebrity Toolbar\PB.gif
c:\program files\Celebrity Toolbar\photos.gif
c:\program files\Celebrity Toolbar\PL.gif
c:\program files\Celebrity Toolbar\privacy.gif
c:\program files\Celebrity Toolbar\PT.gif
c:\program files\Celebrity Toolbar\reload.gif
c:\program files\Celebrity Toolbar\RO.gif
c:\program files\Celebrity Toolbar\RU.gif
c:\program files\Celebrity Toolbar\search.gif
c:\program files\Celebrity Toolbar\site.gif
c:\program files\Celebrity Toolbar\sites.gif
c:\program files\Celebrity Toolbar\SK.gif
c:\program files\Celebrity Toolbar\spacer.gif
c:\program files\Celebrity Toolbar\SR.gif
c:\program files\Celebrity Toolbar\stub.xml
c:\program files\Celebrity Toolbar\SV.gif
c:\program files\Celebrity Toolbar\tagPeople.gif
c:\program files\Celebrity Toolbar\TB_AR.gif
c:\program files\Celebrity Toolbar\TB_BG.gif
c:\program files\Celebrity Toolbar\TB_CS.gif
c:\program files\Celebrity Toolbar\TB_DA.gif
c:\program files\Celebrity Toolbar\TB_DE.gif
c:\program files\Celebrity Toolbar\TB_EL.gif
c:\program files\Celebrity Toolbar\TB_EN.gif
c:\program files\Celebrity Toolbar\TB_ES.gif
c:\program files\Celebrity Toolbar\TB_FI.gif
c:\program files\Celebrity Toolbar\TB_FR.gif
c:\program files\Celebrity Toolbar\TB_HE.gif
c:\program files\Celebrity Toolbar\TB_HR.gif
c:\program files\Celebrity Toolbar\TB_HU.gif
c:\program files\Celebrity Toolbar\TB_IT.gif
c:\program files\Celebrity Toolbar\TB_LT.gif
c:\program files\Celebrity Toolbar\TB_NL.gif
c:\program files\Celebrity Toolbar\TB_NO.gif
c:\program files\Celebrity Toolbar\TB_PB.gif
c:\program files\Celebrity Toolbar\TB_PL.gif
c:\program files\Celebrity Toolbar\TB_PT.gif
c:\program files\Celebrity Toolbar\TB_RO.gif
c:\program files\Celebrity Toolbar\TB_RU.gif
c:\program files\Celebrity Toolbar\TB_SK.gif
c:\program files\Celebrity Toolbar\TB_SR.gif
c:\program files\Celebrity Toolbar\TB_SV.gif
c:\program files\Celebrity Toolbar\TB_TR.gif
c:\program files\Celebrity Toolbar\TB_UK.gif
c:\program files\Celebrity Toolbar\tbcore3.dll
c:\program files\Celebrity Toolbar\tbhelper.dll
c:\program files\Celebrity Toolbar\tbs_include_script_000391.js
c:\program files\Celebrity Toolbar\tbs_include_script_000733.js
c:\program files\Celebrity Toolbar\tbs_include_script_000784.js
c:\program files\Celebrity Toolbar\tbs_include_script_001134.js
c:\program files\Celebrity Toolbar\tbs_include_script_002287.js
c:\program files\Celebrity Toolbar\tbs_include_script_002346.js
c:\program files\Celebrity Toolbar\tbs_include_script_002789.js
c:\program files\Celebrity Toolbar\tbs_include_script_002833.js
c:\program files\Celebrity Toolbar\tbs_include_script_003080.js
c:\program files\Celebrity Toolbar\tbs_include_script_003083.js
c:\program files\Celebrity Toolbar\tbs_include_script_004456.js
c:\program files\Celebrity Toolbar\tbs_include_script_004711.js
c:\program files\Celebrity Toolbar\tbs_include_script_004823.js
c:\program files\Celebrity Toolbar\tbs_include_script_004824.js
c:\program files\Celebrity Toolbar\tbs_include_script_004824.js.bak
c:\program files\Celebrity Toolbar\tbs_include_script_005792.js
c:\program files\Celebrity Toolbar\tbs_include_script_005792.js.bak
c:\program files\Celebrity Toolbar\tbs_include_script_006838.js
c:\program files\Celebrity Toolbar\tbs_include_script_007158.js
c:\program files\Celebrity Toolbar\tbs_include_script_007564.js
c:\program files\Celebrity Toolbar\tbs_include_script_007690.js
c:\program files\Celebrity Toolbar\tbs_include_script_007803.js
c:\program files\Celebrity Toolbar\tbs_include_script_008357.js
c:\program files\Celebrity Toolbar\tbs_include_script_008502.js
c:\program files\Celebrity Toolbar\tbs_include_script_009578.js
c:\program files\Celebrity Toolbar\tbs_include_script_009807.js
c:\program files\Celebrity Toolbar\tbs_include_script_011492.js
c:\program files\Celebrity Toolbar\tbs_include_script_011550.js
c:\program files\Celebrity Toolbar\tbs_include_script_011614.js
c:\program files\Celebrity Toolbar\tbs_include_script_011637.js
c:\program files\Celebrity Toolbar\tbs_include_script_012671.js
c:\program files\Celebrity Toolbar\tbs_include_script_013916.js
c:\program files\Celebrity Toolbar\tbs_include_script_014484.js
c:\program files\Celebrity Toolbar\tbs_include_script_014583.js
c:\program files\Celebrity Toolbar\tbs_include_script_014799.js
c:\program files\Celebrity Toolbar\tbs_include_script_015508.js
c:\program files\Celebrity Toolbar\tbs_include_script_015800.js
c:\program files\Celebrity Toolbar\tbs_include_script_016179.js
c:\program files\Celebrity Toolbar\tbs_include_script_016289.js
c:\program files\Celebrity Toolbar\tbs_include_script_016678.js
c:\program files\Celebrity Toolbar\tbs_include_script_017022.js
c:\program files\Celebrity Toolbar\tbs_include_script_017427.js
c:\program files\Celebrity Toolbar\tbs_include_script_018243.js
c:\program files\Celebrity Toolbar\tbs_include_script_018279.js
c:\program files\Celebrity Toolbar\tbs_include_script_018505.js
c:\program files\Celebrity Toolbar\tbs_include_script_020098.js
c:\program files\Celebrity Toolbar\tbs_include_script_020109.js
c:\program files\Celebrity Toolbar\tbs_include_script_020129.js
c:\program files\Celebrity Toolbar\tbs_include_script_020859.js
c:\program files\Celebrity Toolbar\tbs_include_script_022495.js
c:\program files\Celebrity Toolbar\tbs_include_script_023942.js
c:\program files\Celebrity Toolbar\tbs_include_script_025757.js
c:\program files\Celebrity Toolbar\tbs_include_script_025787.js
c:\program files\Celebrity Toolbar\tbs_include_script_026799.js
c:\program files\Celebrity Toolbar\tbs_include_script_026954.js
c:\program files\Celebrity Toolbar\tbs_include_script_027482.js
c:\program files\Celebrity Toolbar\tbs_include_script_027696.js
c:\program files\Celebrity Toolbar\tbs_include_script_028246.js
c:\program files\Celebrity Toolbar\tbs_include_script_028279.js
c:\program files\Celebrity Toolbar\tbs_include_script_029390.js
c:\program files\Celebrity Toolbar\tbs_include_script_030206.js
c:\program files\Celebrity Toolbar\tbs_include_script_030277.js
c:\program files\Celebrity Toolbar\tbs_include_script_030359.js
c:\program files\Celebrity Toolbar\tbs_include_script_030760.js
c:\program files\Celebrity Toolbar\tbs_include_script_030814.js
c:\program files\Celebrity Toolbar\tbs_include_script_030814.js.bak
c:\program files\Celebrity Toolbar\tbs_include_script_031331.js
c:\program files\Celebrity Toolbar\tbs_include_script_031332.js
c:\program files\Celebrity Toolbar\tbs_include_script_031711.js
c:\program files\Celebrity Toolbar\tbs_include_script_032188.js
c:\program files\Celebrity Toolbar\tbs_include_script_032423.js
c:\program files\Celebrity Toolbar\tbs_include_script_032495.js
c:\program files\Celebrity Toolbar\tellAFriend.gif
c:\program files\Celebrity Toolbar\toolbarSetting.gif
c:\program files\Celebrity Toolbar\TR.gif
c:\program files\Celebrity Toolbar\translations.js
c:\program files\Celebrity Toolbar\UK.gif
c:\program files\Celebrity Toolbar\uninstall.exe
c:\program files\Celebrity Toolbar\uninstall.gif
c:\program files\Celebrity Toolbar\update.exe
c:\program files\Celebrity Toolbar\updateToolbar.gif
c:\program files\Celebrity Toolbar\userSite.gif
c:\program files\Celebrity Toolbar\version.txt
c:\program files\Celebrity Toolbar\whatsNew.gif
c:\program files\Celebrity Toolbar\xoff.jpg
c:\program files\Celebrity Toolbar\xon.jpg
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 10:27 . 2012-02-22 10:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 08:43 . 2012-02-22 08:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{422FAD46-42B6-4FAB-A079-5178A2C8F5C9}\offreg.dll
2012-02-22 08:16 . 2012-02-22 08:16 -------- d-----w- c:\windows\system32\SPReview
2012-02-22 08:15 . 2012-02-22 08:15 -------- d-----w- c:\windows\system32\EventProviders
2012-02-22 08:06 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{422FAD46-42B6-4FAB-A079-5178A2C8F5C9}\mpengine.dll
2012-02-22 08:02 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 08:02 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-22 08:02 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-22 08:02 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-22 08:02 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-22 08:01 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-22 08:01 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-22 07:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-22 07:55 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 14:56 . 2012-02-22 10:28 -------- d-----w- c:\users\Druid\AppData\Local\temp
2012-02-12 14:35 . 2012-02-12 14:35 -------- d-----w- c:\program files\Java
2012-02-01 10:58 . 2012-02-09 16:26 -------- d-----w- c:\users\Druid\AppData\Roaming\mIRC
2012-01-26 13:30 . 2012-01-26 13:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-25 09:38 . 2012-01-25 09:38 -------- d-----w- c:\users\Druid\AppData\Local\Eraser 6
2012-01-25 00:13 . 2012-01-25 00:13 -------- d-----w- c:\program files\Eraser
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 10:12 . 2011-12-06 10:56 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-22 08:30 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-12 14:35 . 2010-11-12 23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 04:10 . 2010-10-04 12:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-12-01 11:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Druid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-12-23 23128]
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [2010-06-17 40960]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 Mobilni internet. RunOuc;Mobilni internet. OUC;c:\program files\Mobilni internet\UpdateDog\ouc.exe [2011-10-13 246112]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-10-13 102784]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-08-24 140376]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2010-06-17 103552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-18 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-09 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-10-13 73216]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 21:14]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 21:14]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001Core.job
- c:\users\Druid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 10:07]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001UA.job
- c:\users\Druid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 10:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
mStart Page = hxxp://search.myheritage.com
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-22 11:39:11
ComboFix-quarantined-files.txt 2012-02-22 10:39
ComboFix2.txt 2012-02-22 09:21
ComboFix3.txt 2012-02-21 14:56
.
Pre-Run: 111.168.282.624 bytes free
Post-Run: 111.051.595.776 bytes free
.
- - End Of File - - 0B84F393A6589C886FA4D7ECEFFDD914

Poslao: 22 Feb 2012 11:47
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).






Arrow


Preuzmite program OTL sa donjeg linka na Desktop:


OTL download
Kliknite dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.

Dvoklikom pokrenite OTL;

kliknite Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Priložite izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.











goran9888 (AMF Tim)

Poslao: 22 Feb 2012 13:02
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Napisano: 22 Feb 2012 12:16

evo log 1, a brzo će i drugi:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verzija baze podataka: v2012.02.22.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Druid :: DRUID-PC [administrator]

22.2.2012 12:01:12
mbam-log-2012-02-22 (12-01-12).txt

Tip provjere: Brza provjera
Opcije provjere omogućene: Memorija | Startup | Registri | Sistemske datoteke | Heurestika/Extra | Heurestika/Shuriken | PUP | PUM
Opcije provjere onemogućene: P2P
Provjereni objekti: 172542
Vrijeme trajanja: 6 minuta, 19 sekundi

Detektirani procesi u memoriji: 0
(Zloćudne stavke nisu otkrivene)

Detektirani moduli u memoriji: 0
(Zloćudne stavke nisu otkrivene)

Detektirani ključevi u registru: 0
(Zloćudne stavke nisu otkrivene)

Detektirani vrijednosti u registru: 0
(Zloćudne stavke nisu otkrivene)

Detektirani podaci u registru: 0
(Zloćudne stavke nisu otkrivene)

Detektirani direktoriji: 0
(Zloćudne stavke nisu otkrivene)

Detektirane datoteke: 47
C:\Users\Druid\Downloads\SpammerRemover (1).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (2).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (3).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (4).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (5).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (6).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (7).exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover (Cool.exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\SpammerRemover.exe (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (21).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiVirus (1).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\Nepotvrđeno 63315.crdownload (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\Nepotvrđeno 41272.crdownload (Trojan.Insomnia) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiVirus (2).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiVirus.exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (1).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (10).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (11).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (12).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (13).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (14).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (15).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (16).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (17).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (1Cool.exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (19).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (2).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (20).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (22).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (23).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (24).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (25).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (26).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (27).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (2Cool.exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (29).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (3).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (30).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (31).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (32).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (4).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (5).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (6).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (7).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (Cool.exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam (9).exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.
C:\Users\Druid\Downloads\AntiSpam.exe (Heuristics.Shuriken) -> Prebačeno u karantenu i uspješno uklonjeno.

(kraj)

Dopuna: 22 Feb 2012 13:02

https://www.mycity.rs/must-login.png

MyCity » Ambulanta -> Arhiva Ambulante » Infekcija kao u igrici, mislim da je stigla sa FB

Ko je trenutno na forumu
 

Ukupno su 1038 korisnika na forumu :: 29 registrovanih, 7 sakrivenih i 1002 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, ArchaBasha, bojan_t, bokisha253, Brana01, DENIRO, Djokislav, jukeboxer, kunktator, ljuba, Lucije Kvint, mercedesamg, Mercury, minmatar34957, nextyamb, okopanja, royst33, Shinobi, Sirius, solic, stankolich, suton, Toper, trajkoni018, vathra, vladaa012, voja64, wizzardone, wolf431