[es] - Dosadan trojanac.

cisco89

Član broj: 160062
Poruke: 89
*.tpgi.com.au.

+9 Profil

^{16.01.2010. u 15:47 - pre 174 meseci}

Pozz ljudi, da neotvaram istu temu, nesto mi u zadnje vreme koci komp, zvuk i grafika zezaju, znaci haos

evo combofix log

ComboFix 10-01-15.01 - milan 16/01/2010 23:33:39.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.2048.1250 [GMT 8:00]
Running from: c:\users\milan\Desktop\C-F.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 15:40 . 2010-01-16 15:40 -------- d-----w- c:\users\milan\AppData\Local\temp
2010-01-16 14:57 . 2010-01-16 14:57 -------- d-----w- c:\users\milan\AppData\Roaming\Ubisoft
2010-01-16 14:48 . 2010-01-16 14:48 -------- d-----w- c:\program files\Ubisoft
2010-01-15 16:37 . 2010-01-15 16:37 138240 ----a-w- c:\users\milan\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-15 16:37 . 2010-01-15 16:37 138240 ----a-w- c:\users\milan\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-15 16:37 . 2010-01-15 16:37 138240 ----a-w- c:\users\milan\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-15 16:37 . 2010-01-15 16:37 138240 ----a-w- c:\users\milan\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-15 16:37 . 2010-01-15 16:37 -------- d-----w- c:\users\milan\AppData\Roaming\SystemRequirementsLab
2010-01-15 16:36 . 2010-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 16:36 . 2010-01-15 16:36 -------- d-----w- c:\program files\Java
2010-01-12 06:31 . 2010-01-12 06:31 -------- d-----w- c:\users\milan\AppData\Roaming\dvdcss
2009-12-30 05:37 . 2009-12-30 05:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-30 05:37 . 2009-12-30 09:44 -------- d-----w- c:\programdata\Rosetta Stone
2009-12-30 05:37 . 2009-12-30 05:37 -------- d-----w- c:\program files\Rosetta Stone
2009-12-26 17:13 . 2009-12-26 17:13 -------- d-----w- c:\users\milan\AppData\Roaming\PPLiveVA
2009-12-26 17:13 . 2009-12-26 17:19 -------- d-----w- c:\programdata\PPLiveVA
2009-12-26 17:13 . 2009-12-26 17:19 -------- d-----w- c:\program files\PPLiveVA
2009-12-26 17:11 . 2009-12-26 17:18 -------- d-----w- c:\program files\PPLive
2009-12-26 17:11 . 2009-12-26 17:11 -------- d-----w- c:\program files\SopCast
2009-12-23 16:52 . 2009-12-23 16:52 -------- d-----w- c:\users\milan\AppData\Local\Geckofx
2009-12-23 16:52 . 2009-12-23 16:52 -------- d-----w- c:\users\milan\AppData\Roaming\Red Kawa
2009-12-23 08:49 . 2009-12-23 09:33 -------- d-----w- c:\users\milan\AppData\Roaming\foobar2000
2009-12-23 08:49 . 2009-12-23 08:49 -------- d-----w- c:\program files\foobar2000
2009-12-22 16:44 . 2009-12-22 16:44 -------- d-----w- c:\users\milan\AppData\Local\Microsoft Games
2009-12-22 16:43 . 2009-12-22 16:43 -------- d-----w- c:\program files\Microsoft Games
2009-12-20 09:40 . 2009-12-20 09:41 -------- d-----w- c:\users\milan\AppData\Roaming\Yahoo!
2009-12-20 09:38 . 2009-12-20 12:14 -------- d-----w- c:\program files\Yahoo!
2009-12-18 12:48 . 2009-12-18 12:48 -------- d-----w- c:\program files\WinPcap
2009-12-18 12:48 . 2009-12-18 12:48 -------- d-----w- c:\program files\GNS3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 15:32 . 2009-12-04 17:54 -------- d-----w- c:\programdata\NVIDIA
2010-01-16 14:55 . 2010-01-16 14:55 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-16 14:55 . 2010-01-16 14:55 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-16 14:48 . 2009-12-05 06:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 14:28 . 2009-12-17 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 17:47 . 2009-12-05 07:35 -------- d-----w- c:\users\milan\AppData\Roaming\Skype
2010-01-12 06:32 . 2009-12-15 13:04 -------- d-----w- c:\users\milan\AppData\Roaming\vlc
2010-01-11 13:59 . 2009-12-05 07:35 -------- d-----r- c:\program files\Skype
2009-12-31 07:35 . 2009-12-07 11:45 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-24 10:24 . 2009-12-05 06:54 -------- d-----w- c:\users\milan\AppData\Roaming\Apple Computer
2009-12-21 16:25 . 2009-12-04 17:54 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-21 15:59 . 2009-12-05 06:49 -------- d--h--w- c:\program files\Temp
2009-12-21 15:30 . 2009-12-05 07:01 -------- d-----w- c:\programdata\VMware
2009-12-17 15:32 . 2009-12-05 06:24 -------- d-----w- c:\users\milan\AppData\Roaming\Winamp
2009-12-17 10:46 . 2009-12-05 06:24 -------- d-----w- c:\program files\Winamp
2009-12-17 10:02 . 2009-12-17 10:02 -------- d-----w- c:\programdata\ALLPlayer
2009-12-17 10:02 . 2009-12-17 10:02 -------- d-----w- c:\program files\ALLPlayer
2009-12-16 16:11 . 2009-12-16 16:11 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-08 08:58 . 2009-12-04 19:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 00:11 . 2009-12-07 00:11 -------- d-----w- c:\programdata\KONAMI
2009-12-07 00:11 . 2009-12-07 00:11 -------- d-----w- c:\program files\KONAMI
2009-12-07 00:08 . 2009-12-05 06:47 -------- d-----w- c:\users\milan\AppData\Roaming\DAEMON Tools Lite
2009-12-06 14:18 . 2009-12-06 14:17 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-05 09:13 . 2009-12-05 09:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-05 09:04 . 2009-12-05 09:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-05 09:04 . 2009-12-04 19:23 -------- d-----w- c:\programdata\Microsoft Help
2009-12-05 08:55 . 2009-12-05 08:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-05 08:55 . 2009-12-05 08:55 -------- d-----w- c:\users\milan\AppData\Roaming\skypePM
2009-12-05 07:35 . 2009-12-05 07:35 -------- d-----w- c:\program files\Common Files\Skype
2009-12-05 07:35 . 2009-12-05 07:35 -------- d-----w- c:\programdata\Skype
2009-12-05 07:03 . 2009-12-05 07:03 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2009-12-05 07:03 . 2009-12-05 07:03 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2009-12-05 07:01 . 2009-12-05 07:01 -------- d-----w- c:\program files\Common Files\VMware
2009-12-05 07:00 . 2009-12-05 07:00 -------- d-----w- c:\program files\VMware
2009-12-05 06:59 . 2009-12-05 07:03 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2009-12-05 06:59 . 2009-12-05 07:03 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2009-12-05 06:59 . 2009-12-05 07:03 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2009-12-05 06:59 . 2009-12-05 07:03 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2009-12-05 06:59 . 2009-12-05 07:03 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2009-12-05 06:59 . 2009-12-05 07:03 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2009-12-05 06:59 . 2009-12-05 07:03 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2009-12-05 06:59 . 2009-12-05 07:03 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2009-12-05 06:59 . 2009-12-05 06:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-05 06:58 . 2009-12-05 06:58 -------- d-----w- c:\program files\Red Kawa
2009-12-05 06:58 . 2009-12-05 06:58 -------- d-----w- c:\program files\VideoLAN
2009-12-05 06:57 . 2009-12-05 06:57 -------- d-----w- c:\users\milan\AppData\Roaming\InstallShield
2009-12-05 06:53 . 2009-12-05 06:53 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-05 06:53 . 2009-12-05 06:53 -------- d-----w- c:\program files\iTunes
2009-12-05 06:53 . 2009-12-05 06:53 -------- d-----w- c:\program files\iPod
2009-12-05 06:53 . 2009-12-05 06:52 -------- d-----w- c:\programdata\Apple Computer
2009-12-05 06:53 . 2009-12-05 06:52 -------- d-----w- c:\program files\Common Files\Apple
2009-12-05 06:53 . 2009-12-05 06:53 -------- d-----w- c:\program files\Bonjour
2009-12-05 06:53 . 2009-12-05 06:52 -------- d-----w- c:\program files\QuickTime
2009-12-05 06:52 . 2009-12-05 06:52 -------- d-----w- c:\program files\Apple Software Update
2009-12-05 06:52 . 2009-12-05 06:52 -------- d-----w- c:\programdata\Apple
2009-12-05 06:51 . 2009-12-05 06:51 -------- d-----w- c:\users\milan\AppData\Roaming\Foxit
2009-12-05 06:51 . 2009-12-05 06:51 -------- d-----w- c:\program files\Foxit Software
2009-12-05 06:50 . 2009-12-05 06:49 -------- d-----w- c:\program files\Realtek
2009-12-05 06:49 . 2009-12-05 06:49 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-05 06:49 . 2009-12-05 06:49 -------- d-----w- c:\program files\Intel
2009-12-05 06:48 . 2009-12-05 06:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-05 06:48 . 2009-12-05 06:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-05 06:47 . 2009-12-05 06:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-05 06:47 . 2009-12-05 06:47 -------- d-----w- c:\program files\BitLord
2009-12-05 06:43 . 2009-12-05 06:43 -------- d-----w- c:\program files\Common Files\logishrd
2009-12-05 06:29 . 2009-12-05 06:28 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 06:29 . 2009-12-05 06:29 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-05 06:28 . 2009-12-05 06:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-05 06:28 . 2009-12-05 06:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-05 06:28 . 2009-12-05 06:28 -------- d-----w- c:\program files\Real
2009-12-05 06:24 . 2009-12-05 06:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-05 05:53 . 2009-12-05 05:53 -------- d-----w- c:\program files\Microsoft
2009-12-05 05:53 . 2009-12-05 05:52 -------- d-----w- c:\program files\Windows Live
2009-12-05 05:53 . 2009-12-05 05:53 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-05 05:50 . 2009-12-05 05:50 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-05 05:50 . 2009-12-04 16:29 108824 ----a-w- c:\users\milan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-04 19:26 . 2009-12-04 19:26 -------- d-----w- c:\program files\Microsoft Works
2009-12-04 19:26 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-04 19:25 . 2009-12-04 19:25 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 19:24 . 2009-12-04 19:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-04 19:11 . 2009-12-04 19:11 -------- d-----w- c:\programdata\Avira
2009-12-04 19:11 . 2009-12-04 19:11 -------- d-----w- c:\program files\Avira
2009-12-04 17:54 . 2009-12-04 17:54 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 17:54 . 2009-12-04 17:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-04 16:29 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2009-12-04 16:29 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2009-11-20 12:33 . 2009-11-20 12:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 12:33 . 2009-11-20 12:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 12:33 . 2009-11-20 12:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 12:33 . 2009-11-20 12:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 12:33 . 2009-11-20 12:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-12 09:07 . 2009-11-12 09:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 11:44 . 2009-12-21 15:59 1528864 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-11-03 11:44 . 2009-12-21 15:59 55328 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-11-03 11:44 . 2009-12-21 15:59 338464 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-11-03 11:44 . 2009-12-05 06:49 2795552 ----a-w- c:\windows\system32\RtkAPO.dll
2009-11-03 11:39 . 2009-12-21 15:59 2790048 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-11-02 11:42 . 2009-12-04 16:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 05:48 . 2009-12-21 15:59 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-30 10:56 . 2009-12-21 15:59 290816 ----a-w- c:\windows\system32\FMAPO.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-05 135664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-21 129584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-03 7866912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-15 149280]

c:\users\Radislav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 08:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-05 06:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 3:11 AM 108289]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [21/10/2009 2:19 AM 50704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20/11/2009 7:17 PM 240232]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [22/10/2009 5:00 AM 70704]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [20/08/2009 1:04 AM 189440]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5/12/2009 2:48 PM 691696]
S3 rt70x86;%WUSB54Gv4.Service.DispName%;c:\windows\System32\drivers\netr70.sys [29/12/2006 2:01 AM 243200]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 3:47 AM 563760]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3984655259-3603672541-3299311120-1001Core.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 08:45]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3984655259-3603672541-3299311120-1001UA.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 08:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {C46D154D-EDAD-4574-80BA-A526A2BA7F8B} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\1jmib601.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\milan\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PPAP - c:\programdata\PPLiveVA\Application\PPAP.exe
AddRemove-HijackThis - c:\users\milan\Desktop\HijackThis.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-16 23:42:04
ComboFix-quarantined-files.txt 2010-01-16 15:42

Pre-Run: 118,094,860,288 bytes free
Post-Run: 118,135,590,912 bytes free

- - End Of File - - D5AEBE2502431E4923B704582046E6CF

Odgovor na temu