Virus

1

Virus

offline
  • Dušan Krstić
  • Programming
  • Pridružio: 18 Jun 2012
  • Poruke: 978
  • Gde živiš: U kući

1. Arrow
*Komp mi mnogo koci pa sam posumnjao da ima neki virus.Cesto se pojavi plav ekran i pisu neka slova pa kompjuter mora da se restartuje Smile

2. Arrow

http://www.mycity.rs/must-login.png
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 22:47:34 on 2012-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.24 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=B07AFEFA3E4D237E4BB4F84FDED061F0&tbp=homepage
uSearch Bar =
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtAyC0AtDtN0D0TzutBtDtCtBtDyCtCyD&cr=468824574
mSearchAssistant =
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: TheBflix Class: {35f9aed0-2389-4071-a6ec-f28094d0aec5} - c:\documents and settings\all users\application data\thebflix\bhoclass.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Chatvibes Browser Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FACECONS Class: {b2a44031-7ead-434c-ac9e-7f1da176ba8c} - c:\program files\facecons\facecons.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45A59C63-6C76-49C1-9562-C49F5DA1CF76} : DhcpNameServer = 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\nkc1yje4.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 4caa36a00000000000000015f2181066
FF - user.js: extensions.BabylonToolbar_i.hardId - 4caa36a00000000000000015f2181066
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:21:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101241
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=
FF - user.js: extensions.funmoods_i.id - 4caa36a00000000000000015f2181066
FF - user.js: extensions.funmoods_i.instlDay - 15396
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:58:19
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8piW5Chd&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4caa36a00000000000000015f2181066
FF - user.js: extensions.incredibar_i.instlDay - 15438
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:06:06
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8piW5Chd
FF - user.js: extensions.incredibar_i.upn2n - 92824155145077307
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.ppd - 27%5F3
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtAyC0AtDtN0D0TzutBtDtCtBtDyCtCyD&cr=468824574
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtAyC0AtDtN0D0TzutBtDtCtBtDyCtCyD&cr=468824574
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 4caa36a00000000000000015f2181066
FF - user.js: extensions.funmoods.instlDay - 15506
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2011-4-22 16640]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-22 314456]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-6-18 21624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-22 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-22 44768]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-15 257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-18 113120]
.
=============== Created Last 30 ================
.
2012-06-22 16:18:35 -------- d-----w- c:\program files\blekkotb_031
2012-06-22 15:42:39 -------- d-----w- c:\windows\pss
2012-06-18 06:54:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-18 06:54:24 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-06-18 06:54:24 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-06-18 06:54:23 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-18 06:54:22 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-18 06:53:54 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-06-18 06:53:29 -------- d-----w- c:\program files\HWiNFO32
2012-06-18 06:53:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\blekkotb_031
2012-06-18 06:53:11 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-06-15 15:41:27 -------- d-----w- c:\program files\1ClickDownload
2012-06-15 15:34:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-15 15:34:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 07:12:35 -------- d-----w- c:\documents and settings\all users\application data\23280
2012-06-13 09:02:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-06-13 09:02:13 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-06-13 09:02:11 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
==================== Find3M ====================
.
2012-06-18 06:39:25 60416 ----a-w- c:\windows\ALCFDRTM.VER
2009-02-08 20:28:48 1165312 ----a-w- c:\program files\launcher.exe
2008-08-13 18:54:12 237568 ----a-w- c:\program files\d3d9.dll
2008-03-31 14:25:16 27648 ----a-w- c:\program files\StreamMemFix.asi
2008-01-13 20:40:20 65536 ----a-w- c:\program files\vorbisFile.dll
2007-08-29 19:14:00 121856 ----a-w- c:\program files\cleo.asi
2005-07-15 20:20:56 118784 ----a-w- c:\program files\CarSpawner.exe
2003-11-16 07:48:30 65536 ----a-w- c:\program files\vorbisHooked.dll
2003-11-16 07:48:00 1060864 ----a-w- c:\program files\vorbis.dll
.
============= FINISH: 22:48:50.53 ===============

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13755
  • Gde živiš: Beograd

Pozdrav, Dusan.cz

Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks

klikni OK i sačekaj završetak skeniranja.


Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

offline
  • Dušan Krstić
  • Programming
  • Pridružio: 18 Jun 2012
  • Poruke: 978
  • Gde živiš: U kući

Pokusavao sam puno puta i nece.Cim uradim sve to i pocne Scan komp mi zakuca i mora da se restartuje Smile

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13755
  • Gde živiš: Beograd

Pretpostavljam da ti je Windows modifikovan, zato alati odbijaju da rade...

Arrow Korak 1


Idi u Start -> Control Panel -> Programs and Features/Add/Remove Programs i deinstaliraj sledece programe:

- TheBflix
- BrowserCompanion


Takodje, koristis poprilican broj file sharing programa koji mogu biti potencijalan izvor infekcije, od kojih su neki 1ClickDownloader, BearShare, uTorrent.


Arrow Korak 2


Arrow Preuzmi program OTL sa donjeg linka na Desktop:

OTL download
Klikni na dati link i u prozoru koji se otvori, klikni na dugme Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati datoteku, odaberi Desktop i klikni na dugme Save.

Dvoklikom pokreni OTL;

klikni na dugme Run Scan;

po završetku skeniranja, izveštaj će se otvoriti u programu Notepad (napomena: izveštaj će automatski biti sačuvan na Desktopu kao OTL.Txt) .


Priloži izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

TwinHeadedEagle (AMF Tim)

offline
  • Dušan Krstić
  • Programming
  • Pridružio: 18 Jun 2012
  • Poruke: 978
  • Gde živiš: U kući

Obrisao sam
- TheBflix
- BrowserCompanion
Obrisao sam i 1ClickDownloader


http://www.mycity.rs/must-login.png
Da li je potreban i Extras file?
I ovo mi se pojavilo pa da vam pokazem mozda bude od pomoci Wink


offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13755
  • Gde živiš: Beograd

Arrow Korak 1

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtAyC0AtDtN0D0TzutBtDtCtBtDyCtCyD&cr=468824574
E - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes\{651564E4-A131-5A6F-ADB1-44088F62A263}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtAyC0AtDtN0D0TzutBtDtCtBtDyCtCyD&cr=468824574
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101246&mntrId=4caa36a00000000000000015f2181066
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=B07AFEFA3E4D237E4BB4F84FDED061F0&tbp=homepage
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=4caa36a00000000000000015f2181066
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=DAT&o=15240&src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=B07AFEFA3E4D237E4BB4F84FDED061F0&q={searchTerms}
IE - HKCU\..\SearchScopes\{651564E4-A131-5A6F-ADB1-44088F62A263}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8piW5Chd&i=26
IE - HKCU\..\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}: "URL" = http://www.questbasic.com/?prt=qbdantasdns&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{A890ECA1-E797-4D12-A1C1-C88203294DB1}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtAyC0AtDtN0D0TzutBtDtCtBtDyCtCyD&cr=468824574
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
FF - prefs.js..backup.old.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..backup.old.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
[2012/01/16 15:11:04 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
[2012/04/08 17:04:00 | 000,000,000 | ---D | M] (TheBflix) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\extensions\4f807a2ad4342@4f807a2ad4344.info
[2012/02/16 19:21:15 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\extensions\bbrs_002@blabbers.com
[2012/02/16 19:21:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\extensions\ffxtlbr@babylon.com
[2012/06/15 18:01:10 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\extensions\ffxtlbr@funmoods.com
[2012/04/08 17:05:57 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\extensions\ffxtlbr@incredibar.com
[2011/11/10 05:02:10 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\searchplugins\allgameshome-search.xml
[2012/02/26 19:25:10 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\searchplugins\funmoods.xml
[2012/04/08 17:05:26 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nkc1yje4.default\searchplugins\MyStart Search.xml
[2012/01/15 22:51:17 | 000,000,000 | ---D | M] (QuestBasic) -- C:\Program Files\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}
[2011/10/20 19:38:24 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/16 19:21:23 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
[2012/06/15 17:58:32 | 000,302,425 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\funmoods-speeddial.crx
[2012/06/15 17:58:30 | 000,031,470 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\funmoods.crx


:COMMANDS
[purity]
[emptytemp]
[reboot]



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.



Arrow Korak 2

Ponovo pokreni OTL, klikni na Run Scan i postavi novi OTL izvještaj.

offline
  • Dušan Krstić
  • Programming
  • Pridružio: 18 Jun 2012
  • Poruke: 978
  • Gde živiš: U kući

Napisano: 24 Jun 2012 21:15

Da napomenem da sam morao da deaktiviram anti virus da bi pokrenuo olt
Kada je zavrsilo komp se sam restartovao i trebalo mu je puno vremena da se ukljuci.Kada sam ponovo usao u olt pojavilo mi se ovo nadam se da je to to.
http://www.mycity.rs/must-login.png
Evo ide i novi olt izvestaj Smile

Dopuna: 24 Jun 2012 21:21

http://www.mycity.rs/must-login.png

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13755
  • Gde živiš: Beograd

To bi bilo to Smile

Arrow Tvoj kompjuter je čist što se malware-a tiče.


Arrow Kakvo je sada stanje sistema?


Arrow Koristis modifikovanu verziju Windowsa XP, koja moze izazvati odredjene probleme, kao npr. kada nisi mogao da pokrenes potrebne programe ili moze doci do problema prilikom instaliranja Windows Update-a. Iduci put kad budes instalirao XP gledaj da koristis nemodifikovanu verziju...


Arrow Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


TwinHeadedEagle (AMF Tim)

offline
  • Dušan Krstić
  • Programming
  • Pridružio: 18 Jun 2012
  • Poruke: 978
  • Gde živiš: U kući

To sam odradio i sve je ok Very Happy
Hvala na pomoci
Da li mislis da bi bolje radio kada se reinstalira?
Koji OS bi mi preporucio?
I preko kog programa mogu da ti posaljem koje sve programe imam na kopmu? Posto imam dosta stvari koje mi nicemu ne sluze ali neznam sta ne smem da brisem de ne bi oborio sistem Very Happy

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13755
  • Gde živiš: Beograd

Ostala je jos jedna stvar


Arrow

Ponovo pokreni OTL i klikni na dugme CleanUp. Ostale programe korišćenje u ovom slučaju možeš izbrisati.


Arrow

A sto se tice tvog pitanja, ja bih da sam na tvom mestu oborio sistem i instalirao Windows XP Service Pack 3 nemodifikovanu verziju. Trebalo bi da radi bolje, posto ti imas solidan racunar za XP.
Za sva ostala pitanja, otvori temu u Windows potforumu, pa ce ti tamo biti pruzena pomoc.


TwinHeadedEagle (AMF Tim)


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 739 korisnika na forumu :: 82 registrovanih, 12 sakrivenih i 645 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1311 - dana 15 Nov 2012 21:40

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Acclamator, Acid_Burn, AK 76, ALBION101, alimpije, aljosa7, Amel Adilovic 2, Amfilohije Ćuruvija, aronija, At - Pui, Bojan Aleksic 3, bojan1000, BSD, Chuck Norris, Cili2, Dannyboy, darkstar101, DeAvgustini, Deki Austrija 1, dinja, Djokkinen, Djordje Todorovic, dobri covek, dobropolje, doktor1964, Dorcolac2, Dr.Cooler, dradex2105, Ehinacea, El-Komadante, erdinger, Filip Nježić, gogi71, GrobarRomanticar, higuy, Igor Kuraj, janezek67, jogurtmen, Khaless, kikisp, komkom, Korapg, lidija2011, lijenština, Ljilja Hnovi, Marko Marković, mastodont, Mercury, mikiopacity, mikrimaus, milanpesic222, monomah, nradukic, Pera Ždera, petar.matovic5, Phalcon, proka89, robertino, Rota 9, Saleee2008, samoziv, Sass Drake, sch2, Shufle, Siniša Guša, Slavisa, SlobaBgd, Sr.Stat., Srki94, stringer bell, Sveto, tesa2, Trpe Grozni, Vanja00, vasa.93, Vladimir Petrovic 3, VP3987, Vuk-72, weez, Wisdomseeker, zgoljo, Žan Klod vam dam
Siguran hosting