|
Poslao: 28 Nov 2011 11:19
|
offline
- Pridružio: 01 Nov 2011
- Poruke: 89
|
Imam problema sa ovime i neznam šta je u pitanju.
Kada upalim komp on je usporen i taj stdrt.exe mi koci procesor, a kada ga u task menageru iskljucim komp radi sasvim normalno. Svaki put prilikom reseta kompa proces se iznova pojavljuje
Da napomenem da opterecuje procesoroko 50% i vuce oko 500mb RAMa. Možda vuče i net ali nisam to kontrolisao :S
Ove izveštaje sada sam radio bez da sam isključio taj stdrt
.........
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Prdekana at 10:23:31 on 2011-11-28
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.2047.1189 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\TEMP\mrt5C52.tmp\stdrt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\VM302Snap.exe
C:\Windows\Domino.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TNod UP] "d:\za instalaciju\kljucev i zanod\kljucevi\TNODUP.exe" /i
mRun: [BigDogPath] c:\windows\VM302Snap.exe Vimicro USB PC Camera (ZC0302)
mRun: [Domino] c:\windows\Domino.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D224E5D3-8DE3-4F72-BAC7-443C87521A4A} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\prdekana\appdata\roaming\mozilla\firefox\profiles\84zjhl5s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - component: c:\users\prdekana\appdata\roaming\mozilla\firefox\profiles\84zjhl5s.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\prdekana\appdata\roaming\mozilla\firefox\profiles\84zjhl5s.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\prdekana\appdata\roaming\mozilla\firefox\profiles\84zjhl5s.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\prdekana\appdata\roaming\mozilla\firefox\profiles\84zjhl5s.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\prdekana\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-4 232512]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-21 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-6 239648]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-10-15 1500160]
R3 vvftav302;vvftav302;c:\windows\system32\drivers\vvftav302.sys [2007-3-18 475136]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe [2011-10-16 665466]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-21 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-21 52224]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-11-26 18:16:14 -------- d-----w- c:\program files\Veetle
2011-11-19 19:05:35 -------- d-----w- c:\program files\VSO
2011-11-13 15:14:44 -------- d-----w- c:\users\prdekana\appdata\roaming\BlackBean
2011-11-09 04:55:21 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:55:05 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 04:49:56 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 08:32:20 -------- d-----w- c:\program files\MSXML 4.0
2011-11-06 08:32:17 -------- d-----w- c:\program files\OLYMPUS
2011-11-04 18:25:29 -------- d-----w- c:\users\prdekana\appdata\local\Activision
2011-11-04 18:22:02 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-04 18:22:02 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-04 18:22:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-04 18:22:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-04 18:22:02 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-04 18:22:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-04 18:22:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-04 18:22:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-04 18:22:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-04 18:22:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-04 18:22:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-04 18:22:01 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-04 17:58:36 -------- d-----w- c:\users\prdekana\appdata\roaming\OpenCandy
2011-11-04 17:54:51 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-04 17:54:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-04 17:54:19 -------- d-----w- c:\users\prdekana\appdata\roaming\DAEMON Tools Lite
2011-11-04 17:54:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-11-04 14:24:03 -------- d-----w- c:\program files\Lavalys
2011-11-02 11:47:05 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-02 11:46:46 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2011-11-02 11:46:22 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2011-11-02 11:46:16 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-11-02 11:32:37 -------- d-----w- c:\windows\ehome
2011-11-02 11:32:35 -------- d-----w- c:\program files\Windows Portable Devices
2011-11-02 11:32:35 -------- d-----w- c:\program files\DVD Maker
2011-11-02 11:27:58 902656 ----a-w- c:\windows\system32\WMADMOD.DLL
2011-11-02 10:50:49 -------- d-----w- c:\users\prdekana\appdata\local\{0F3628D9-F9D8-452A-94D8-DE29DA9DB111}
2011-11-02 10:50:36 -------- d-----w- c:\users\prdekana\appdata\local\{CF30DD07-492E-45D6-9547-A8EF4FFAFA2A}
2011-11-02 10:50:22 -------- d-----w- c:\users\prdekana\Tracing
2011-11-02 09:44:20 -------- d-----w- c:\windows\en
2011-11-02 09:42:19 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-11-02 09:38:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-11-02 09:34:07 -------- d-----w- c:\program files\Microsoft
2011-11-02 09:34:04 7450888 ----a-w- c:\program files\common files\windows live\.cache\8eae84f81cc994205\bingbarsetup.exe
2011-11-02 09:33:42 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-11-02 09:33:42 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-11-02 09:33:42 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-02 09:33:27 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-11-02 09:33:17 15712 ----a-w- c:\program files\common files\windows live\.cache\7388e7681cc994204\MeshBetaRemover.exe
2011-11-02 09:33:12 94040 ----a-w- c:\program files\common files\windows live\.cache\701b86081cc994203\DSETUP.dll
2011-11-02 09:33:12 525656 ----a-w- c:\program files\common files\windows live\.cache\701b86081cc994203\DXSETUP.exe
2011-11-02 09:33:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\701b86081cc994203\dsetup32.dll
2011-11-02 09:33:05 525656 ----a-w- c:\program files\common files\windows live\.cache\6badcba81cc994202\DXSETUP.exe
2011-11-02 09:33:05 1691480 ----a-w- c:\program files\common files\windows live\.cache\6badcba81cc994202\dsetup32.dll
2011-11-02 09:33:04 94040 ----a-w- c:\program files\common files\windows live\.cache\6badcba81cc994202\DSETUP.dll
2011-11-02 09:32:51 6260088 ----a-w- c:\program files\common files\windows live\.cache\63a055481cc994201\Silverlight.4.0.exe
2011-11-02 09:32:11 -------- d-----w- c:\users\prdekana\appdata\local\Windows Live
2011-11-02 09:32:10 -------- d-----w- c:\program files\common files\Windows Live
.
==================== Find3M ====================
.
2011-11-27 07:39:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 12:26:04 566784 ----a-w- c:\windows\~de74bc.tmp
2011-11-10 22:21:52 18 ----a-w- c:\windows\system\msg.bat
2011-11-10 22:21:52 1646 ----a-w- c:\windows\system\msg.reg
2011-10-27 10:39:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-21 16:31:59 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-16 16:34:52 665466 ----a-w- c:\windows\system\regsrv.exe
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 10:23:52.58 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
...........
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 28 Nov 2011 13:39
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Pozdrav...
U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za više informacija o pravilima Ambulante MyCity foruma: LINK
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
 Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
AMF tim
|
|
|
|
|
|
|
Poslao: 28 Nov 2011 14:18
|
offline
- Pridružio: 01 Nov 2011
- Poruke: 89
|
ComboFix 11-11-28.02 - Prdekana 28-Nov-11 14:02:50.1.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.2047.1137 [GMT 1:00]
Running from: c:\users\Prdekana\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\program files\Opera\program\plugins\npqtplugin2.dll
c:\program files\Opera\program\plugins\npqtplugin3.dll
c:\program files\Opera\program\plugins\npqtplugin4.dll
c:\program files\Opera\program\plugins\npqtplugin5.dll
c:\program files\Opera\program\plugins\npqtplugin6.dll
c:\program files\Opera\program\plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\windows\n.tmp
c:\windows\system\regsrv.exe
c:\windows\ZC0302Cap.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FLEXnet Licensing Manager
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 13:10 . 2011-11-28 13:12 -------- d-----w- c:\users\Prdekana\AppData\Local\temp
2011-11-28 13:10 . 2011-11-28 13:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-28 13:10 . 2011-11-28 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 18:16 . 2011-11-26 18:16 -------- d-----w- c:\program files\Veetle
2011-11-19 19:05 . 2011-11-19 19:17 -------- d-----w- c:\users\Prdekana\AppData\Roaming\VSO
2011-11-19 19:05 . 2011-11-19 19:05 -------- d-----w- c:\program files\VSO
2011-11-13 15:14 . 2011-11-13 15:14 -------- d-----w- c:\users\Prdekana\AppData\Roaming\BlackBean
2011-11-09 04:55 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:55 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:49 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 08:33 . 2011-11-06 08:33 -------- d-----w- c:\users\Prdekana\AppData\Local\OLYMPUS
2011-11-06 08:33 . 2011-11-06 08:33 131072 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-06 08:33 . 2011-11-06 08:33 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-11-06 08:33 . 2011-11-06 08:33 -------- d-----w- c:\program files\QuickTime
2011-11-06 08:33 . 2011-11-06 08:33 -------- d-----w- c:\programdata\Apple Computer
2011-11-06 08:32 . 2011-11-06 08:32 -------- d-----w- c:\program files\MSXML 4.0
2011-11-06 08:32 . 2011-11-06 08:32 -------- d-----w- c:\program files\OLYMPUS
2011-11-04 18:25 . 2011-11-04 18:25 -------- d-----w- c:\users\Prdekana\AppData\Local\Activision
2011-11-04 18:22 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-04 18:22 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-04 18:22 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-04 18:22 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-04 18:22 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-04 18:22 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-04 18:22 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-04 18:22 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-04 18:22 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-04 18:22 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-04 18:22 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-04 18:22 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-04 17:58 . 2011-11-26 18:16 -------- d-----w- c:\users\Prdekana\AppData\Roaming\OpenCandy
2011-11-04 17:54 . 2011-11-04 17:54 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-04 17:54 . 2011-11-04 17:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-04 17:54 . 2011-11-04 18:02 -------- d-----w- c:\users\Prdekana\AppData\Roaming\DAEMON Tools Lite
2011-11-04 17:54 . 2011-11-04 17:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-11-04 14:24 . 2011-11-04 14:24 -------- d-----w- c:\program files\Lavalys
2011-11-02 23:39 . 2011-11-02 23:39 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-02 11:47 . 2011-11-02 11:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-02 11:46 . 2011-11-02 11:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-02 11:46 . 2011-11-02 11:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-02 11:46 . 2011-11-02 11:46 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-02 11:32 . 2011-11-02 23:42 -------- d-----w- c:\windows\ehome
2011-11-02 11:32 . 2011-11-02 11:44 -------- d-----r- c:\users\Public\Recorded TV
2011-11-02 11:32 . 2011-11-02 11:32 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2011-11-02 11:32 . 2011-11-02 11:32 -------- d-----w- c:\program files\Windows Portable Devices
2011-11-02 11:32 . 2011-11-02 11:32 -------- d-----w- c:\program files\DVD Maker
2011-11-02 11:27 . 2010-11-20 12:21 902656 ----a-w- c:\windows\system32\WMADMOD.DLL
2011-11-02 10:50 . 2011-11-02 11:36 -------- d-----w- c:\users\Prdekana\Tracing
2011-11-02 09:44 . 2011-11-02 09:44 -------- d-----w- c:\windows\en
2011-11-02 09:42 . 2011-11-02 09:42 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-02 09:42 . 2011-05-13 14:27 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-11-02 09:38 . 2011-11-02 09:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-11-02 09:35 . 2011-11-02 09:44 -------- d-----w- c:\program files\Windows Live
2011-11-02 09:34 . 2011-11-05 13:59 -------- d-----w- c:\program files\Microsoft
2011-11-02 09:33 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-11-02 09:33 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-11-02 09:33 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-02 09:33 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-11-02 09:33 . 2011-11-02 11:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-02 09:32 . 2011-11-04 16:32 -------- d-----w- c:\users\Prdekana\AppData\Local\Windows Live
2011-11-02 09:32 . 2011-11-02 09:32 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 07:39 . 2011-10-15 18:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 12:26 . 2011-10-21 16:17 566784 ----a-w- c:\windows\~de74bc.tmp
2011-11-10 22:21 . 2011-10-21 16:22 18 ----a-w- c:\windows\system\msg.bat
2011-11-10 22:21 . 2011-10-21 16:22 1646 ----a-w- c:\windows\system\msg.reg
2011-11-02 09:35 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-27 10:39 . 2011-10-27 10:39 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-21 16:31 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-07 03:48 . 2011-10-21 16:47 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FF7621F-9D66-44D5-B576-E3029E144C7E}\mpengine.dll
2011-10-01 02:42 . 2011-10-15 17:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-10 17:32 . 2011-10-27 17:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-03-27 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-15 15:58 136176 ----atw- c:\users\Prdekana\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R3 ALSysIO;ALSysIO;c:\users\Prdekana\AppData\Local\Temp\ALSysIO.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-04 232512]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-06 239648]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-02-23 1500160]
S3 vvftav302;vvftav302;c:\windows\system32\drivers\vvftav302.sys [2007-03-18 475136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3503723901-3558880678-1629763344-1000Core.job
- c:\users\Prdekana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-15 15:58]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3503723901-3558880678-1629763344-1000UA.job
- c:\users\Prdekana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-15 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Prdekana\AppData\Roaming\Mozilla\Firefox\Profiles\84zjhl5s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-TNod UP - d:\za instalaciju\Kljucev i zaNOD\KLJUCEVI\TNODUP.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3503723901-3558880678-1629763344-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3503723901-3558880678-1629763344-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-11-28 14:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 13:17
.
Pre-Run: 128,118,001,664 bytes free
Post-Run: 131,220,803,584 bytes free
.
- - End Of File - - ED3068B740DBA4FD8839F3741597B0BD
|
|
|
|
|
|
|
|
|
|
|
|
|
Poslao: 28 Nov 2011 18:32
|
offline
- Pridružio: 01 Nov 2011
- Poruke: 89
|
Napisano: 28 Nov 2011 18:24
mycity.rs/must-login.png
Dopuna: 28 Nov 2011 18:32
Nema procesa sada u task menageru 
Jel combofix ostavljam ili ga brišem, šta već dalje sa njim.
PS.
Ovo za nod neznam, to koristim i onaj tnod sam traži šifre i obnavlja, otkud znam.
Koji antivirus da skinem?
|
|
|
|
|
|
|
Poslao: 28 Nov 2011 19:21
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Izvinjavam se zbog greške koju sam napravio u prethodnoj skripti, pa ćeš morati pokrenuti još jednu skriptu.
Otvoriti Notepad i iskopirati sledeći tekst:
DeQuarantine::
C:\Qoobox\Quarantine\c\windows\ZC0302Cap.exe.vir
Quit::
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.
CF ću ti reći kada i kako ćeš ga obrisati. Što se tiče antivirusa, rekao sam ti već u jednoj od prethodnih poruka. Ne koristi piratske verzije, a ako nemaš legalnu licencu, postoje besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
|
|
|
|
|
|
|
|
|
|
), a zatim 
