Pretrazivaci se rushe komp usporen

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uploadovan je file.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisam bila u mogucnosti pre da odgovorim, ali evo tek sada log. Na kraju skeniranja nisam mogla nista otvoriti pa sam vratila vreme system restore.


ComboFix 12-07-16.01 - Laura 17.07.2012 0:09.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1919.1335 [GMT 2:00]
Running from: c:\users\Laura\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\BCHelper.exe
c:\program files\BrowserCompanion\blabbers-ch.crx
c:\program files\BrowserCompanion\logo.ico
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\users\Laura\AppData\Local\Bron.tok.A12.em.bin
c:\users\Laura\AppData\Local\Kosong.Bron.Tok.txt
c:\users\Laura\AppData\Local\tdxyos.exe
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8583.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8595.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM85A7.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM85D7.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM85E9.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM85FB.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8699.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM86AA.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8748.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM875A.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM876B.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM878D.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM87EC.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM880D.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM881F.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8831.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8852.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8863.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM88E2.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM88F4.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8944.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8965.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM89B5.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM89F6.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8A56.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8A96.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8AF6.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8B36.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8B96.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8BC7.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8C26.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8C67.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8CD6.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8D16.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8D66.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8DB6.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8E74.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8EE3.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8F52.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM8FC1.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM90AD.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM90EE.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM915E.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM916F.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM9191.tmp
c:\users\Laura\AppData\Local\Temp\XTMP1MC3VE\DEM91A2.tmp
c:\users\Laura\AppData\Local\Temp\YTMP7MC8AA\TAA999A.tmp
c:\users\Laura\AppData\Local\Update.12.Bron.Tok.bin
c:\users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rqoqc.exe
C:\Win
c:\win\1.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 22:19 . 2012-07-16 22:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28F2BCB8-6074-4040-B9A3-23EB8298E7AA}\offreg.dll
2012-07-16 20:34 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28F2BCB8-6074-4040-B9A3-23EB8298E7AA}\mpengine.dll
2012-07-07 19:13 . 2012-07-07 19:13 -------- d-----w- C:\_OTL
2012-06-25 17:02 . 2012-06-25 17:02 -------- d-----w- c:\users\Laura\AppData\Local\Macromedia
2012-06-25 17:00 . 2012-06-25 17:00 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-25 17:00 . 2012-07-07 18:00 -------- d-----w- c:\program files\McAfee Security Scan
2012-06-25 17:00 . 2012-07-16 20:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 17:00 . 2012-07-16 20:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 22:55 . 2012-06-24 22:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-24 22:55 . 2012-06-24 22:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 11:03 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 11:03 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 11:03 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 11:03 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 11:02 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 11:02 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 11:02 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 11:02 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 11:02 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 01:32 . 2012-06-18 01:32 -------- d-----w- c:\users\Laura\AppData\Local\CRE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 01:28 . 2011-08-01 12:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-11 01:27 . 2011-08-10 17:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-10 17:29 . 2012-06-10 17:29 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-06-10 17:29 . 2012-06-10 17:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-10 17:29 . 2012-06-10 17:29 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-09 13:09 . 2011-08-10 17:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-09 13:08 . 2011-08-01 12:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-03 01:33 . 2011-08-10 17:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-02 12:17 . 2011-08-14 00:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-31 18:37 . 2011-08-01 12:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-31 18:34 . 2011-08-01 12:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-17 22:45 . 2012-06-13 15:28 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-13 15:28 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-13 15:28 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 15:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 15:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 01:05 . 2012-06-13 08:53 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44 . 2012-06-13 08:53 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41 . 2012-06-13 08:54 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-13 08:54 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 08:53 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 08:53 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 08:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 08:53 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:53 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 08:53 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-24 22:55 . 2011-09-11 06:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-04-05 2105208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIExec"="c:\program files\Telenor Internet\UIExec.exe" [2011-12-15 153424]
.
c:\users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Wizard.lnk - d:\sve\Wireless Wizard\AzulstarLinkTest.exe [2011-7-24 1232896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-04-05 09:41 17356424 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
2010-08-17 13:09 686680 ----a-w- c:\program files\FarStone\VirtualDrive\vdtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 wxpSvc;webcamXP Service;c:\program files\webcamXP 5\wService.exe [x]
R4 57545186;57545186;c:\windows\system32\57545186.exe [x]
R4 EA818329;EA818329;c:\windows\system32\EA818329.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Telenor Internet\AssistantServices.exe [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 20:55]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 22:14]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page =
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\vo18ywdb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - user.js: extensions.BabylonToolbar_i.id - 0aed70ac00000000000000ff8e42a5a5
FF - user.js: extensions.BabylonToolbar_i.hardId - 0aed70ac00000000000000ff8e42a5a5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15435
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:02
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKCU-Run-uomhgjw - c:\users\Laura\AppData\Local\tdxyos.exe
MSConfigStartUp-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Wireless Wizard ver 5.0_is1 - d:\wireless wizard\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\webcamXP 5\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1103964933-3570818935-699614244-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)*X%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1103964933-3570818935-699614244-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1103964933-3570818935-699614244-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*J*&* #\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1103964933-3570818935-699614244-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1103964933-3570818935-699614244-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ò*j%e"]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1103964933-3570818935-699614244-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ò*j%e"\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-17 00:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 22:27
.
Pre-Run: 52.521.938.944 bytes free
Post-Run: 52.418.740.224 bytes free
.
- - End Of File - - 1E0D1E8004FA4416231A45B351647BBC

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
EA818329
57545186

File::
c:\windows\system32\57545186.exe
c:\windows\system32\EA818329.exe

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.