Provjera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 13-10-08.01 - Nevena 10/09/2013 11:46:41.2.2 - x86
Running from: c:\users\Nevena\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nevena\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
---- Previous Run -------
.
c:\users\Nevena\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Nevena\AppData\Local\TempJava.exe
c:\users\Nevena\AppData\Roaming\Microsoft\~DFKae6193.tmp
c:\users\Nevena\AppData\Roaming\Microsoft\bass.dll
c:\users\Nevena\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Nevena\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Nevena\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Nevena\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Nevena\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\system32\logstart.vbs
c:\windows\system32\loguninstall.vbs
.
.
((((((((((((((((((((((((( Files Created from 2013-09-09 to 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 10:14 . 2013-10-09 10:15 -------- d-----w- c:\users\Nevena\AppData\Local\temp
2013-10-09 10:14 . 2013-10-09 10:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-08 17:35 . 2013-10-08 17:35 103680 ----a-w- C:\awdiqpow.sys
2013-10-08 11:49 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C626BC4-E30B-4760-83E2-B8B588B244BB}\mpengine.dll
2013-10-06 20:27 . 2013-10-07 11:16 -------- d-----w- C:\AdwCleaner
2013-10-06 17:12 . 2013-10-06 17:12 -------- d-----w- c:\program files\Rockstar Games
2013-10-06 17:11 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-10-06 17:11 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-10-06 17:11 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-10-06 17:11 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-10-06 17:11 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-10-06 17:11 . 2013-10-06 17:11 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-10-06 17:11 . 2013-10-06 17:11 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-10-05 18:43 . 2013-10-05 18:43 -------- d-----w- C:\Intel
2013-10-05 17:32 . 2013-10-05 17:32 -------- d-----w- c:\program files\SystemRequirementsLab
2013-10-05 17:31 . 2013-10-05 17:31 -------- d-----w- c:\users\Nevena\AppData\Roaming\SystemRequirementsLab
2013-10-05 17:21 . 2013-10-05 17:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-10-05 17:20 . 2013-10-05 17:20 -------- d-----w- c:\windows\system32\xlive
2013-10-05 17:19 . 2013-10-05 17:19 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-09-28 15:00 . 2010-04-01 03:00 290816 ----a-w- c:\windows\system32\CNMXLMAF.DLL
2013-09-28 14:38 . 2013-09-28 14:38 -------- d-----w- C:\games
2013-09-26 20:49 . 2010-04-24 03:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA1.DLL
2013-09-26 20:49 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA1.DLL
2013-09-26 20:48 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2013-09-12 21:40 . 2013-09-12 21:40 -------- d-----w- c:\users\Nevena\AppData\Roaming\.mono
2013-09-11 20:04 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 20:04 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 09:47 . 2013-09-11 09:47 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 09:38 . 2010-08-27 12:41 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-10-09 09:38 . 2010-08-28 12:04 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-10-08 21:25 . 2012-03-29 15:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 21:25 . 2011-06-25 16:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 09:44 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-11 09:44 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-30 08:18 . 2010-08-27 12:41 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2013-08-14 17:54 . 2011-12-31 14:51 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-08-14 17:54 . 2011-12-31 14:51 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-08-07 02:22 . 2011-02-15 10:06 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09 . 2013-08-29 19:26 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 11:00 . 2012-11-11 00:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-01 11:00 . 2012-06-17 22:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-01 11:00 . 2010-10-12 17:40 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-17 19:41 . 2013-08-21 17:16 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Nevena\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"GoogleChromeAutoLaunch_E7EE18CBAC99A9162ACF76F71E2F74C2"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-10-03 844752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-14 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-03-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-04-16 10240000]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-09-11 295512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 14:35 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:25]
.
2013-10-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3870228284-4275019021-124294826-1004Core.job
- c:\users\Nevena\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 20:07]
.
2013-10-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3870228284-4275019021-124294826-1004UA.job
- c:\users\Nevena\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 20:07]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 17:28]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 17:28]
.
2013-09-30 c:\windows\Tasks\HPCeeScheduleForNevena.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-05 22:07]
.
2013-10-09 c:\windows\Tasks\Updater.job
- c:\programdata\WombatUpdater\WombatUpdater.exe [2013-09-25 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 195.66.189.137 192.168.0.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-PunkBusterSvc - c:\program files\EA Games\Battlefield Play4Free\pbsvc_p4f.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-FoxTab FLV Player - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-10-09 12:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\System32\APSHook.dll
.
Completion time: 2013-10-09 12:27:00
ComboFix-quarantined-files.txt 2013-10-09 10:26
.
Pre-Run: 75,097,812,992 bytes free
Post-Run: 74,319,564,800 bytes free
.
- - End Of File - - E77F3A5E49A04BF5E46285A42066C9C0
5C616939100B85E558DA92B899A0FC36

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\Qoobox

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upload-ovao sam

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sudeći po izvještaju, jedino što je bilo od REFOG keyloggera na sistemu jeste njegov unos u registru i ništa više. Kako više nemaš tragove malware-a i junkware-a ostaje ti da uradiš sljedeće.




Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.





Ponovo pokreni AdwCleaner
Klikni na dugme Uninstall i pričekaj da se postupak deinstalacije završi.






Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.





Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield





Ukoliko ti je sistem i dalje spor otvori temu u Windows forumu i tamo iznesi svoj problem.

http://www.mycity.rs/Windows/

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Okej Hvala na pomoci.