Tema: HijackThis - How To + logovi
View Single Post
Staro 29.12.2011., 20:07   #479
Splitsko dite
Registered User
Moj komp
 
Datum registracije: Mar 2009
Lokacija: u kući kamenoooj...
Postovi: 31
evo log iz combofixa...
nije mi tia uploadat...

@nino
napravia sam sta si reka...perfect uninstaller...i odradia je to ALI... C:/Program Files/Avira se ne da izbrisat...samo se mnozi,ne ide ni iz safe moda,sve u redu samo je TU ostao

evo log..

ComboFix 11-12-29.04 - Owner 29.12.2011 20:00:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.385.1033.18.1535.1124 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\facemoods.com
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\windows\logboot_16.12.2011.tureg.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 20:10 . 2011-12-28 20:10 -------- d-----w- C:\## aswSnx private storage
2011-12-28 19:46 . 2011-12-28 19:47 -------- d-----w- c:\documents and settings\Administrator
2011-12-28 13:33 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-27 21:47 . 2011-12-27 21:47 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-27 21:47 . 2011-12-27 21:47 -------- d-----w- C:\New Folder
2011-12-27 14:18 . 2011-12-27 14:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-12-27 14:18 . 2011-12-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-27 14:01 . 2011-12-27 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-12-27 14:01 . 2011-12-27 14:01 -------- d-----w- c:\program files\Security Task Manager
2011-12-26 19:37 . 2011-12-26 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-26 19:20 . 2011-12-26 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2011-12-26 19:19 . 2011-12-26 19:19 -------- d-----w- c:\program files\Uniblue
2011-12-26 15:53 . 2011-12-29 18:34 -------- d-----w- c:\program files\AVAST Software
2011-12-26 15:53 . 2011-12-29 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-15 15:40 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-12-15 15:40 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-12-15 15:40 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-12-15 15:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-15 15:40 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-12-15 15:40 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-12-15 15:40 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-12-15 15:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-15 15:37 . 2011-12-15 15:37 -------- d-----w- c:\windows\Logs
2011-12-15 15:30 . 2011-12-15 15:30 -------- d-----w- C:\Games
2011-12-13 13:38 . 2011-11-15 08:34 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-13 13:38 . 2011-11-15 08:31 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-12-13 13:38 . 2011-12-13 13:38 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2011-12-13 13:38 . 2011-12-13 13:44 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-12-13 13:36 . 2011-12-13 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-12-13 13:36 . 2011-12-13 13:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-12-12 21:45 . 2011-12-12 22:50 -------- d-----w- c:\windows\system32\NtmsData
2011-12-12 21:44 . 2011-12-12 21:44 -------- d-----w- C:\CONFIG
2011-12-12 20:50 . 2011-12-12 20:50 -------- d-----w- c:\program files\Common Files\Java
2011-12-12 15:57 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-09 15:59 . 2011-12-12 22:53 -------- d-----w- C:\REPORTS
2011-12-09 15:59 . 2011-12-09 15:59 -------- d-----w- C:\INFECTED
2011-12-09 15:53 . 2011-12-12 21:45 -------- d-----w- C:\LOGFILES
2011-12-09 15:53 . 2011-12-28 19:46 -------- d-----w- C:\EVENTDB
2011-12-09 15:24 . 2011-12-09 15:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-12-09 15:23 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-09 15:23 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-09 15:23 . 2011-12-09 15:23 -------- d-----w- c:\program files\Avira
2011-12-09 15:23 . 2011-12-09 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-12-09 14:55 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-02 16:29 . 2011-12-02 16:29 -------- d-----w- c:\program files\GNU
2011-11-30 15:37 . 2011-11-30 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\2332C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 20:26 . 2011-07-13 13:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 04:54 . 2011-07-18 14:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-07-18 14:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-06-17 20:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 09:25 . 2011-07-03 16:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AutorunRemover.exe"=c:\program files\AutorunRemover\AutorunRemover.exe -Hide
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [9.12.2011 16:23 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.7.2011 17:54 218688]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 19:03 660768]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 3:09 50704]
R3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [17.6.2009 22:59 86144]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [15.11.2011 9:33 1052480]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\io2ut9tb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-12-29 20:07:07
ComboFix-quarantined-files.txt 2011-12-29 19:07
.
Pre-Run: 45.418.364.928 bytes free
Post-Run: 45.597.564.928 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A5510E45706F2528C10120CF6898F3C8
__________________
Puno judi,a nigdi čovika
Splitsko dite je offline   Reply With Quote