Infection: url: mal

1

Infection: url: mal

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

Kada poksam da ucitam neku stranu na internetu , avast daje obavjestenje " Infection: url: mal " i CPU zakuca na 100 , i moram prisilno da zatvaram pretrazivac, jer nece da ucita stranu samo vrti. Evo i slika obavjestenja :


Pokusao sam i sa sistem restore ali kada ulazim na F8, pojavljuje se sledeci ekran


Skenirao sam sa antivirusom i sa Maleware i ne pokazuju nikakve viruse i slicne napasti.

Pozzz...

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Isprati ovo uputstvo da bi mogli proverili sistem na prisustvo malware-a.
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Postavi odgovarajuce logove ( DDS&Gmer za x32bit Windows; OTL za x64bit Windows ).

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

DDS log.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Milica at 21:54:48 on 2012-07-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1919.1015 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page =
uSearch Bar =
mStart Page =
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [<NO NAME>]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{32C37E85-FB3B-4ADA-AAAC-26544C1E73DE} : NameServer = 195.66.189.137,195.66.189.138
TCP: Interfaces\{BD635279-6F6E-4369-8E0D-D571511949C5}\D6F6D6F6F577966696 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\qnwoisc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: ccc-core-static - msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milica\appdata\roaming\mozilla\firefox\profiles\frkcxd1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.me/webhp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\users\milica\appdata\roaming\mozilla\firefox\profiles\frkcxd1j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\milica\appdata\roaming\mozilla\firefox\profiles\frkcxd1j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv2011win32.dll
FF - plugin: c:\users\milica\appdata\local\alibaba\alisetup\0.1.0.52\npAliSetupOneClick.dll
FF - plugin: c:\users\milica\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\milica\appdata\local\google\update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: c:\users\milica\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\milica\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15441
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:36:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-28 353688]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-18 913792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-28 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-28 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-4 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-13 654408]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-6-5 5120]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-14 2253688]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2007-5-10 109344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-28 22344]
R3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\drivers\PuAcpi32.sys [2012-1-11 14344]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2011-10-21 24786]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 multikey;Virtual USB MultiKey;c:\windows\system32\drivers\multikey.sys [2010-6-15 39936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-25 36608]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-8-3 9216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-3 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-29 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-3 52224]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-21 480128]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-15 1343400]
S3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\drivers\ZD1211BU.sys [2010-7-28 425472]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2011-12-21 1472768]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-8-25 233472]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 113120]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-11-23 66560]
S4 UI Assistant Service;UI Assistant Service;c:\program files\internet bilo gdje\AssistantServices.exe [2011-8-6 253264]
S4 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\uniblue\maxidisk\service.exe [2012-5-5 30064]
.
=============== Created Last 30 ================
.
2012-07-08 17:42:21 -------- d-----w- C:\_OTL
2012-07-08 13:06:02 42496 ----a-w- c:\windows\system32\qnwoisc.dll
2012-07-05 18:28:32 -------- d-----w- c:\users\milica\appdata\roaming\IDoser
2012-07-05 18:27:39 -------- d-----w- c:\program files\I-Doser Premium
2012-06-26 10:05:36 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e25029fa-150c-4973-8c9c-4496694a1989}\mpengine.dll
2012-06-24 21:20:29 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 08:56:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-21 08:56:46 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-17 15:48:59 -------- d-----w- c:\programdata\Nero
2012-06-15 21:16:42 -------- d-----w- c:\users\milica\Ambiente de rede
2012-06-14 19:51:47 -------- d-----w- c:\program files\XP Repair Pro 5.0
2012-06-13 07:28:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 07:28:21 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:28:19 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 07:28:15 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:28:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:28:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:28:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:28:11 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 07:28:02 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 07:28:01 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 07:28:00 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 23:02:59 -------- d-----w- c:\users\milica\appdata\roaming\YourFileDownloader
2012-06-11 18:31:29 -------- d-----w- C:\Mach3
.
==================== Find3M ====================
.
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:53 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-07 20:09:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-07 20:09:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-06 08:02:43 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-05-05 22:09:02 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-05-05 22:09:01 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-05-05 22:09:01 1352368 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-05-05 22:09:00 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2012-05-05 22:08:58 177448 ----a-w- c:\windows\system32\SynCOM.dll
2012-04-13 18:04:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.
============= FINISH: 21:55:49,80 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, hak1


Arrow Korak 1


Poseti ovaj link

http://www.mycity.rs/ambulanta-upload.php

Klikni na Browse i pronadji sledeci fajl

c:\windows\system32\qnwoisc.dll


Klikni na Upload i izvesti me kad bude gotovo.


Arrow Korak 2


Mozes li mi reci zbog cega si pokretao OTL? Da li mozes folder C:\_OTL da zapakujes u arhivu i da ga posaljes preko ovog linka
http://www.mycity.rs/ambulanta-upload.php


Arrow Korak 3


Da bismo videli sta je to Avast detektovao, potrebno je da nam dostavis izvestaje. Otidji na ovu lokaciju i prikaci najnovije izvestaje

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

Napisano: 09 Jul 2012 17:41

Uploadovao sam c:\windows\system32\qnwoisc.dll .
Sa otl sam probao da rijesim problem.
C:\_OTL Uploadovano.
Avast report
https://www.mycity.rs/must-login.png

Mada sam nesto sam cackao, i od jutros se ne pojavljuje, uradio sam skeniranje i ciscenje sa TDSSKiller , i prepravio HOSTS dadoteku sve sam izbrisao osim 127.0.0.1 hosts , i od jutros ne pokusava da me redirektuje na druge sajtove, i normalno rade pretrazivaci.
To je bila kao prva pomoc, jer sam hitno trebao internet.

Dopuna: 09 Jul 2012 20:37

Sada se ponovo samo jednom pojavilo , po preporuci iz teme http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html sam malo skenirao komp i abdejtovao java,quik time pleyer,flesh plejer, i posle restarta pojavio se zarazeno: URL: Mal ,sada opet sve u redu, mogu na net.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

ComboFix log


ComboFix 12-07-08.02 - Milica 09.07.2012 21:20:50.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1919.976 [GMT 2:00]
Running from: c:\users\Milica\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cf
c:\windows\_detmp.2
c:\windows\7Loader.TAG
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ijl11.dll
c:\windows\system32\qnwoisc.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 19:32 . 2012-07-09 19:40 -------- d-----w- c:\users\Milica\AppData\Local\temp
2012-07-09 18:10 . 2012-07-09 18:28 -------- d-----w- c:\programdata\MCShield
2012-07-09 18:10 . 2012-07-09 18:10 -------- d-----w- c:\program files\MCShield
2012-07-09 18:02 . 2012-07-09 18:02 -------- d-----w- c:\users\Milica\AppData\Local\Macromedia
2012-07-09 17:51 . 2012-07-09 17:51 -------- d-----w- c:\program files\Common Files\Java
2012-07-09 17:50 . 2012-07-09 17:50 -------- d-----w- c:\program files\Oracle
2012-07-09 17:49 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-08 20:55 . 2012-07-08 20:58 -------- d-----w- c:\program files\SpywareBlaster
2012-07-08 20:45 . 2012-07-08 22:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-08 17:42 . 2012-07-08 17:42 -------- d-----w- C:\_OTL
2012-07-05 18:28 . 2012-07-05 18:38 -------- d-----w- c:\users\Milica\AppData\Roaming\IDoser
2012-07-05 18:27 . 2012-07-05 18:27 -------- d-----w- c:\program files\I-Doser Premium
2012-06-26 10:05 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E25029FA-150C-4973-8C9C-4496694A1989}\mpengine.dll
2012-06-24 21:20 . 2012-06-24 21:20 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 08:56 . 2012-06-21 08:56 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 08:56 . 2012-06-21 08:56 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-17 15:48 . 2012-06-17 16:34 -------- d-----w- c:\programdata\Nero
2012-06-15 21:16 . 2012-06-15 21:16 -------- d-----w- c:\users\Milica\Ambiente de rede
2012-06-14 19:51 . 2012-06-14 19:52 -------- d-----w- c:\program files\XP Repair Pro 5.0
2012-06-13 07:28 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 07:28 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:28 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 07:28 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:28 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:28 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:28 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:28 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 07:28 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 07:28 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 07:28 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 23:02 . 2012-06-15 10:25 -------- d-----w- c:\users\Milica\AppData\Roaming\YourFileDownloader
2012-06-11 18:31 . 2012-06-11 18:38 -------- d-----w- C:\Mach3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 17:45 . 2012-04-02 23:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-09 17:45 . 2011-06-15 21:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2010-07-28 19:29 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-24 11:22 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-02-28 22:38 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-07-28 19:30 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-07-28 19:29 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-07-28 19:29 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-07-28 19:37 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-07-28 19:29 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-06 08:02 . 2012-05-06 08:02 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-05-05 22:09 . 2012-05-05 22:09 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-05-05 22:09 . 2012-05-05 22:09 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-05-05 22:09 . 2012-05-05 22:09 1352368 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-05-05 22:09 . 2012-05-05 22:09 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2012-05-05 22:08 . 2012-05-05 22:08 177448 ----a-w- c:\windows\system32\SynCOM.dll
2012-05-04 17:29 . 2010-08-08 17:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-25 12:05 . 2011-08-25 12:05 158720 ----a-w- c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2012-06-21 08:56 . 2011-09-28 08:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=c:\windows\pss\20-20 Shortcut Bar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Milica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
backup=c:\windows\pss\CCC.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Milica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CE8SIIFGSU
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObitBar Browser Plugin Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 14:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 14:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Synchronizer]
2010-10-25 14:13 1216416 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
2006-03-21 13:50 1678336 ----a-w- c:\program files\ASUS\WLAN Card Utilities\Center.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-30 12:59 136176 ----atw- c:\users\Milica\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-04-17 17:24 110592 ----a-w- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 05:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 13:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 13:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 02:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2012-04-23 14:28 67960 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2010-07-06 16:30 9394792 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2010-06-07 10:15 618496 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 12:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2012-04-16 13:25 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-28 21:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2012-05-05 22:09 2282792 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2011-01-24 20:34 139088 ----a-w- c:\program files\Internet Bilo gdje\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 15:15 49152 ----a-w- c:\windows\vmsnap3.exe
.
R0 fdtpdkxs;fdtpdkxs; [x]
R3 ASNDIS4;ASNDIS4 Protocol Driver; [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]
R3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\DRIVERS\zd1211Bu.sys [x]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 UI Assistant Service;UI Assistant Service;c:\program files\Internet Bilo gdje\AssistantServices.exe [x]
R4 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\Uniblue\MaxiDisk\service.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [x]
S3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:45]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 21:26]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 21:26]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115386721-205614276-1734424470-1000Core.job
- c:\users\Milica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 12:59]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115386721-205614276-1734424470-1000UA.job
- c:\users\Milica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 12:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&hl=sr&ie=UTF-8
mStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{32C37E85-FB3B-4ADA-AAAC-26544C1E73DE}: NameServer = 195.66.189.137,195.66.189.138
TCP: Interfaces\{78C0038E-ABA2-4AB0-ABFE-B8536D0A997C}: NameServer = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\users\Milica\AppData\Roaming\Mozilla\Firefox\Profiles\frkcxd1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.me/webhp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15441
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
SafeBoot-18364626.sys
SafeBoot-43655135.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-One - (no file)
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3052)
c:\program files\ArtCAM Pro 9.1\ShellExtension\ArtCAMShellEx.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-07-09 21:49:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 19:49
.
Pre-Run: 11.528.237.056 bytes free
Post-Run: 11.428.892.672 bytes free
.
- - End Of File - - C160A046D6B42D3174946633DD4CF0E7

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Na C particiji imas folder Qoobox, koji je kreiran od strane ComboFix-a

Zapakuj ga u arhivu i uploaduj na link

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

Uploadovo Qoobox

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Tvoj kompjuter je čist što se malware-a tiče.


Arrow Kakvo je sada stanje, imas li nekih problema?


Arrow Koristis prastaru verziju Avast-a, tj. Avast 5. Mozes preuzeti i instalirati najnoviju verziju 7, sa ove adrese http://www.avast.com/free-antivirus-download , a takodje mozes u okviru postojece verzije izvrsiti apdejt, kao na slici




Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Arrow Ponovo pokreni OTL i klikni na opciju CleanUp.


Arrow Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


TwinHeadedEagle (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 849 korisnika na forumu :: 52 registrovanih, 5 sakrivenih i 792 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., aleksmajstor, Andrija357, Apok, babaroga, Bane san, Ben Roj, Bobrock1, BRATORIII, CikaKURE, Dannyboy, Denaya, Dimitrise93, Dvojac005, FileFinder, FOX, Georgius, HogarStrashni, hologram, ILGromovnik, ivica976, Joja, Kubovac, kybonacci, laurusri, Luka Blažević, M1los, Mihajlo, milanovic, milenko crazy north, Miškić, Mlav, moldway, Motocar, rodoljub, ruma, sap, Sirius, slonic_tonic, Srle993, ss10, Steeeefan, trajkoni018, Trpe Grozni, vathra, VJ, Vlada78, VP6919, W123, zbazin, zillbg