Sumnja na virus, Excel se čudno ponaša

Sumnja na virus, Excel se čudno ponaša

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Као што написах у наслову, Excel се чудно понаша, тј поља се неконтолисано селектују, када на TAB желим прећи у следеће поље, он ме "баца" у неко сасвим друго и и селектује више поља. Обзиром да до сада овај рачунар никада није провераван на вирус, помислио сам да би било паметно да га ваши стручњаци овде прегледају. Захваљујем





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2014 01
Ran by User (administrator) on USER-3445586 on 09-05-2014 14:32:32
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15517984 2013-03-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [108832 2013-03-22] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-23] ()
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\Run: [Kwzazk] => C:\Documents and Settings\User\Application Data\Kwzazk.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\Run: [EPSON P50 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFFE.EXE [199680 2008-10-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\User\Local Settings\Application Data\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {0ffa10bf-bb9c-11e2-b9c2-002618e66907} - F:\LaunchU3.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {152d7ca0-b7ae-11e2-b9be-002618e66907} - F:\play.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {2951b96e-dd69-11e2-b9f1-002618e66907} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {52473592-c2af-11e2-b9d0-002618e66907} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {583e7ed4-b1a3-11e2-b9ad-002618e66907} - F:\npeuinst.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {651e822c-d4c0-11e2-b9e8-002618e66907} - F:\npeuinst.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {910bf2c0-bc76-11e2-b9c4-002618e66907} - 6f3c4ed_a.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {b22cca78-e2db-11e2-b9f6-002618e66907} - IZUCIO///bure.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {be05f7a5-c3b6-11e2-b9d2-002618e66907} - RunClubSanDisk.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {be05f7a8-c3b6-11e2-b9d2-002618e66907} - urDrive.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {eaf83300-d7e3-11e2-b9eb-002618e66907} - autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alibaba.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1ED117D48245CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4awlb49f.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll ( )
FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll ( )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-30]

Chrome:
=======
CHR HomePage: hxxp://www.google.com//
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-30]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-30]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-30]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-20] (Oracle Corporation)
S4 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-07-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-07-27] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2013-07-27] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2012-12-15] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-12-15] (Marvell Semiconductor Inc.)
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2012-12-15] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2012-12-15] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 14:32 - 2014-05-09 14:32 - 00014046 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-05-09 14:32 - 2014-05-09 14:32 - 00000000 ____D () C:\FRST
2014-05-09 14:31 - 2014-05-09 14:31 - 01053184 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-05-09 13:45 - 2014-05-09 13:45 - 00366966 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-05-09 13:45 - 2014-05-09 13:45 - 00366966 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-854245398-682003330-1001-0.dat
2014-05-07 08:43 - 2014-05-07 08:43 - 00012393 _____ () C:\Documents and Settings\User\Desktop\Appendix+1+price+and+quantity.xlsx
2014-05-05 13:04 - 2014-05-05 13:04 - 00008192 ___SH () C:\Documents and Settings\User\Desktop\Thumbs.db
2014-05-05 09:35 - 2014-05-05 09:35 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Alibaba
2014-05-05 09:34 - 2014-05-09 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
2014-05-05 09:34 - 2014-05-05 09:34 - 00000691 _____ () C:\Documents and Settings\All Users\Desktop\TradeManager.lnk
2014-05-05 09:34 - 2014-05-05 09:34 - 00000000 ____D () C:\WINDOWS\system32\aliedit
2014-05-05 09:34 - 2014-05-05 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TradeManager
2014-05-05 09:33 - 2014-05-09 13:50 - 00000000 ____D () C:\Program Files\TradeManager
2014-05-05 09:30 - 2014-05-05 09:32 - 32144720 _____ () C:\Documents and Settings\User\Desktop\AliIM2013_ATM(7.02.01E).exe
2014-05-01 11:30 - 2014-05-05 10:54 - 00000000 ____D () C:\Documents and Settings\User\Desktop\t com
2014-05-01 10:59 - 2014-05-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-04-30 15:04 - 2014-04-30 15:04 - 00000375 _____ () C:\WINDOWS\setupapi.log
2014-04-29 10:37 - 2014-05-05 10:48 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Nedeljni izvestaj
2014-04-29 09:48 - 2014-04-29 09:53 - 00000601 _____ () C:\Documents and Settings\User\Desktop\NALOZI.lnk
2014-04-28 19:06 - 2014-04-28 19:06 - 00529408 _____ () C:\Documents and Settings\User\Desktop\34 pr0 filee.xls
2014-04-28 12:33 - 2014-04-28 12:33 - 00000716 _____ () C:\Documents and Settings\User\Start Menu\Programs\Temp File Cleaner.lnk
2014-04-28 12:33 - 2014-04-28 12:33 - 00000710 _____ () C:\Documents and Settings\User\Desktop\Temp File Cleaner.lnk
2014-04-28 12:33 - 2014-04-28 12:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\addpcs
2014-04-28 12:28 - 2014-04-28 12:33 - 00000000 ____D () C:\Program Files\Temp File Cleaner
2014-04-28 12:17 - 2014-04-28 12:26 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 12:17 - 2014-04-28 12:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-28 12:17 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-28 12:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-28 11:44 - 2014-04-28 11:47 - 00000000 ____D () C:\AdwCleaner
2014-04-28 11:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-04-14 10:53 - 2014-04-14 10:53 - 00000000 ____D () C:\Documents and Settings\User\Desktop\ent

==================== One Month Modified Files and Folders =======

2014-05-09 14:32 - 2014-05-09 14:32 - 00014046 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-05-09 14:32 - 2014-05-09 14:32 - 00000000 ____D () C:\FRST
2014-05-09 14:31 - 2014-05-09 14:31 - 01053184 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-05-09 14:12 - 2014-02-21 16:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-09 13:59 - 2013-04-30 09:31 - 00311808 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-09 13:53 - 2014-02-21 16:56 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 13:53 - 2013-04-30 11:30 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-09 13:53 - 2013-04-30 11:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-09 13:53 - 2013-04-30 11:26 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-05-09 13:53 - 2013-04-30 09:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-09 13:52 - 2013-04-30 12:47 - 00000000 ____D () C:\WINDOWS\pss
2014-05-09 13:52 - 2013-04-30 11:23 - 00000211 ___SH () C:\boot.ini
2014-05-09 13:52 - 2013-04-30 09:35 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-09 13:52 - 2013-04-30 09:35 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-05-09 13:52 - 2008-04-14 13:00 - 00000552 _____ () C:\WINDOWS\win.ini
2014-05-09 13:52 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-09 13:50 - 2014-05-05 09:33 - 00000000 ____D () C:\Program Files\TradeManager
2014-05-09 13:48 - 2014-05-05 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
2014-05-09 13:46 - 2013-04-30 11:58 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-05-09 13:46 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-09 13:45 - 2014-05-09 13:45 - 00366966 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-05-09 13:45 - 2014-05-09 13:45 - 00366966 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-854245398-682003330-1001-0.dat
2014-05-09 13:38 - 2014-02-19 19:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-09 02:00 - 2013-04-30 12:44 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-USER-3445586-User.job
2014-05-09 02:00 - 2013-04-30 12:17 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2014-05-07 08:43 - 2014-05-07 08:43 - 00012393 _____ () C:\Documents and Settings\User\Desktop\Appendix+1+price+and+quantity.xlsx
2014-05-05 13:04 - 2014-05-05 13:04 - 00008192 ___SH () C:\Documents and Settings\User\Desktop\Thumbs.db
2014-05-05 13:04 - 2014-03-24 17:38 - 00000000 ____D () C:\Documents and Settings\User\Desktop\unicef
2014-05-05 10:54 - 2014-05-01 11:30 - 00000000 ____D () C:\Documents and Settings\User\Desktop\t com
2014-05-05 10:48 - 2014-04-29 10:37 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Nedeljni izvestaj
2014-05-05 09:35 - 2014-05-05 09:35 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Alibaba
2014-05-05 09:34 - 2014-05-05 09:34 - 00000691 _____ () C:\Documents and Settings\All Users\Desktop\TradeManager.lnk
2014-05-05 09:34 - 2014-05-05 09:34 - 00000000 ____D () C:\WINDOWS\system32\aliedit
2014-05-05 09:34 - 2014-05-05 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TradeManager
2014-05-05 09:34 - 2014-02-20 11:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-05 09:32 - 2014-05-05 09:30 - 32144720 _____ () C:\Documents and Settings\User\Desktop\AliIM2013_ATM(7.02.01E).exe
2014-05-01 10:59 - 2014-05-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-05-01 10:59 - 2014-04-02 12:05 - 00000815 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-04-30 15:04 - 2014-04-30 15:04 - 00000375 _____ () C:\WINDOWS\setupapi.log
2014-04-30 15:04 - 2013-04-30 12:29 - 00002371 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-04-30 15:04 - 2013-04-30 12:29 - 00002359 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-04-30 15:04 - 2013-04-30 12:29 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
2014-04-30 15:04 - 2013-04-30 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle ES2
2014-04-29 09:53 - 2014-04-29 09:48 - 00000601 _____ () C:\Documents and Settings\User\Desktop\NALOZI.lnk
2014-04-28 19:06 - 2014-04-28 19:06 - 00529408 _____ () C:\Documents and Settings\User\Desktop\34 pr0 filee.xls
2014-04-28 13:06 - 2013-04-30 09:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-28 12:33 - 2014-04-28 12:33 - 00000716 _____ () C:\Documents and Settings\User\Start Menu\Programs\Temp File Cleaner.lnk
2014-04-28 12:33 - 2014-04-28 12:33 - 00000710 _____ () C:\Documents and Settings\User\Desktop\Temp File Cleaner.lnk
2014-04-28 12:33 - 2014-04-28 12:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\addpcs
2014-04-28 12:33 - 2014-04-28 12:28 - 00000000 ____D () C:\Program Files\Temp File Cleaner
2014-04-28 12:32 - 2013-04-30 11:25 - 00512540 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-28 12:30 - 2013-04-30 11:59 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-04-28 12:26 - 2014-04-28 12:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 12:17 - 2014-04-28 12:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-28 11:47 - 2014-04-28 11:44 - 00000000 ____D () C:\AdwCleaner
2014-04-28 11:10 - 2014-02-21 16:58 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-26 08:41 - 2013-09-14 19:18 - 00000000 ____D () C:\Documents and Settings\User\Application Data\BitTorrent
2014-04-14 10:53 - 2014-04-14 10:53 - 00000000 ____D () C:\Documents and Settings\User\Desktop\ent
2014-04-11 05:12 - 2014-02-19 16:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================




https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav lusstrissimuss,

Nemoj koristiti USB memorijske uredjaje (fleske) dok ti to ne kazem. Njih cemo kasnije pregledati.


Arrow Korak 1

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
C:\Documents and Settings\User\Application Data\Kwzazk.exe
C:\Documents and Settings\User\Local Settings\Application Data\TBHostSupport
C:\Documents and Settings\All Users\Application Data\boost_interprocess
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\Run: [Kwzazk] => C:\Documents and Settings\User\Application Data\Kwzazk.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\User\Local Settings\Application Data\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin
CMD: ipconfig /flushdns
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {0ffa10bf-bb9c-11e2-b9c2-002618e66907} - F:\LaunchU3.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {152d7ca0-b7ae-11e2-b9be-002618e66907} - F:\play.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {2951b96e-dd69-11e2-b9f1-002618e66907} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {52473592-c2af-11e2-b9d0-002618e66907} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {583e7ed4-b1a3-11e2-b9ad-002618e66907} - F:\npeuinst.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {651e822c-d4c0-11e2-b9e8-002618e66907} - F:\npeuinst.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {910bf2c0-bc76-11e2-b9c4-002618e66907} - 6f3c4ed_a.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {b22cca78-e2db-11e2-b9f6-002618e66907} - IZUCIO///bure.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {be05f7a5-c3b6-11e2-b9d2-002618e66907} - RunClubSanDisk.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {be05f7a8-c3b6-11e2-b9d2-002618e66907} - urDrive.exe
HKU\S-1-5-21-861567501-854245398-682003330-1001\...\MountPoints2: {eaf83300-d7e3-11e2-b9eb-002618e66907} - autorun.exe
SearchScopes: HKLM - DefaultScope value is missing.
U1 WS2IFSL;
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.







.








Arrow Korak 2

1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

https://www.mycity.rs/must-login.png




ComboFix 14-05-10.01 - User 10.05.2014 10:37:50.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1126 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
C:\Win
.
.
((((((((((((((((((((((((( Files Created from 2014-04-10 to 2014-05-10 )))))))))))))))))))))))))))))))
.
.
2014-05-09 12:32 . 2014-05-10 08:33 -------- d-----w- C:\FRST
2014-05-05 07:35 . 2014-05-05 07:35 -------- d-----w- c:\documents and settings\User\Application Data\Alibaba
2014-05-05 07:34 . 2014-05-05 07:34 -------- d-----w- c:\windows\system32\aliedit
2014-05-05 07:33 . 2014-05-09 11:50 -------- d-----w- c:\program files\TradeManager
2014-04-28 10:33 . 2014-04-28 10:33 -------- d-----w- c:\documents and settings\User\Application Data\addpcs
2014-04-28 10:28 . 2014-04-28 10:33 -------- d-----w- c:\program files\Temp File Cleaner
2014-04-28 10:17 . 2014-04-28 10:26 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-28 10:17 . 2014-04-28 10:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-28 10:17 . 2014-04-28 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-04-28 10:17 . 2014-04-03 07:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-28 10:17 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-28 09:44 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-04-28 09:44 . 2014-04-28 09:47 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 14:38 . 2014-02-19 17:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 14:38 . 2014-02-19 17:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-03-12 20143688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-21 15517984]
"NvMediaCenter"="NvMCTray.dll" [2013-03-21 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-22 1982312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-12-18 18:42 840568 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-12-18 18:42 41336 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliim]
2013-08-22 06:37 293272 ----a-w- c:\program files\TradeManager\AliIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2013-09-14 17:18 1127000 ----a-w- c:\documents and settings\User\Application Data\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWPersistentQueuedReporting]
2006-10-26 17:48 434528 ----a-w- c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 13:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 17:00 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TeamViewer9"=2 (0x2)
"SwitchBoard"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"NBService"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"InCDsrv"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Adobe Flash Builder 4.6\\FlashBuilder.exe"=
"c:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\Acrobat.exe"=
"c:\\Documents and Settings\\User\\Application Data\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\TradeManager\\AliIM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7935:TCP"= 7935:TCP:Adobe Flash Builder 4.6
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [30.04.2013 11:30 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [30.04.2013 11:30 AM 175176]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [15.12.2012 12:30 AM 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [15.12.2012 12:30 AM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [15.12.2012 12:30 AM 14184]
R0 nvlegacy;nvlegacy;c:\windows\system32\drivers\nvlegacy.sys [15.12.2012 12:30 AM 100736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.04.2013 11:30 AM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.04.2013 11:30 AM 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.04.2013 11:30 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [30.04.2013 11:30 AM 66336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.04.2013 10:02 AM 1691480]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 1:37 PM 517096]
S4 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [02.04.2014 12:04 PM 5024576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 09:07 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-19 14:38]
.
2014-05-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-USER-3445586-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-04-30 04:09]
.
2014-05-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-30 08:58]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-21 14:55]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-21 14:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alibaba.com/
mStart Page = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4awlb49f.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{25843ec4-5bec-42be-827e-5cda3ec15143} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-10 10:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2014-05-10 10:42:52
ComboFix-quarantined-files.txt 2014-05-10 08:42
.
Pre-Run: 54,197,927,936 bytes free
Post-Run: 54,148,677,632 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F806C45E6ED4473D8531068D3BD38A93
8F558EB6672622401DA993E1E865C861







https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

lusstrissimuss kako ti se sada ponasa racunar?



Arrow Preuzmi MCShield sa sljedeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Сада се понаша коректно. Треба ли да уклоним ове инсталиране програме које сам скинуо по вашем упутству? (Combo...)

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Mogu li pre toga da vidim AllScans.txt izvestaj?
MCShield' Control Center > Logs > Save dugme.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

А да, извињавам се

https://www.mycity.rs/must-login.png

Ko je trenutno na forumu
 

Ukupno su 949 korisnika na forumu :: 38 registrovanih, 3 sakrivenih i 908 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: antonije64, Arahne, Asparagus, Bokiboks, Cassius Clay, comi_pfc, Dimitrije Paunovic, doktor1964, Dvojac005, hologram, hyla, ikan, kolle.the.kid, krkalon, Kubovac, Leonov, Lucije Kvint, Luka Blažević, Lutvo_Redzepagic, Magistar78, Mcdado, mercedesamg, Metanoja, milimoj, Nemanja.M, Neretva, NoOneEver Dreams, Panter, procesor, Ripanjac, sap, stegonosa, Sumadija34, vathra, VJ, Vlada78, yrraf, Zoca