problem sa fleskom

1

problem sa fleskom

offline
  • Pridružio: 18 Mar 2009
  • Poruke: 41
  • Gde živiš: NIŠ

kada iskopiram sa kompjutera neso na flesku na njoj se stvori shortkat koja je oko 1kb i u njoj se pojavljuje iskopirano sa kompa,a kada formatiram flesku vrate se neki fajlovi,jedan se cak zove viruz...moze pomoc da resim to...ide na zivce

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Isprati temu i dostavi izvestaje

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 18 Mar 2009
  • Poruke: 41
  • Gde živiš: NIŠ

kako se ispoljava problem napisao sam gore,kada se poceo ispoljavati...ne znam tacno...ne koristim nijedan zastitni softver,a problem sam pokusao resiti formatiranjem fleske ali nije pomoglo,nov sistem sam instalirao pre neki dan..stari se mnogo usporio.evo sada iskopiranog dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Run by mima at 10:11:55 on 2014-04-11
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.1771.945 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\mima\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\SeaMonkey\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uURLSearchHooks: uTorrentControl_v6b Toolbar: {8f6846ea-ddff-459b-8c78-469b34d90a49} - c:\users\mima\appdata\locallow\utorrentcontrol_v6b\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v6b Toolbar: {8f6846ea-ddff-459b-8c78-469b34d90a49} - c:\users\mima\appdata\locallow\utorrentcontrol_v6b\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: uTorrentControl_v6b Toolbar: {8f6846ea-ddff-459b-8c78-469b34d90a49} - c:\users\mima\appdata\locallow\utorrentcontrol_v6b\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentControl_v6b Toolbar: {8f6846ea-ddff-459b-8c78-469b34d90a49} - c:\users\mima\appdata\locallow\utorrentcontrol_v6b\prxtbuTor.dll
uRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSMBalloonTip = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSMBalloonTip = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C75B3D94-84AA-469D-AF01-0A4B3CD089E3} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mima\appdata\roaming\mozilla\firefox\profiles\enbs1ue4.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
FF - ExtSQL: 2014-04-09 20:07; testpilot@labs.mozilla.com; c:\users\mima\appdata\roaming\mozilla\firefox\profiles\enbs1ue4.default\extensions\testpilot@labs.mozilla.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-5-24 176128]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-16 190592]
R2 TBSrv;Toolbar Service;c:\program files\tbccint\toolbarservice\ToolbarService.exe [2014-4-9 350528]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2014-4-8 35968]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2014-4-8 193640]
.
=============== Created Last 30 ================
.
2014-04-09 18:41:05 -------- d-----w- c:\windows\system32\appmgmt
2014-04-09 18:40:43 -------- d-----w- c:\program files\common files\PDF Architect
2014-04-09 17:44:00 -------- d-----w- c:\users\mima\appdata\roaming\PDF Architect
2014-04-09 17:33:44 -------- d-----w- c:\users\mima\appdata\local\Programs
2014-04-09 16:57:38 -------- d-----w- c:\windows\system32\sda
2014-04-09 08:24:26 -------- d-----w- c:\users\mima\appdata\local\Ahead
2014-04-09 08:22:25 -------- d-----w- c:\programdata\Nero
2014-04-09 08:22:25 -------- d-----w- c:\program files\Nero
2014-04-09 08:13:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2014-04-09 08:13:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2014-04-09 08:13:19 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2014-04-09 08:13:19 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2014-04-09 07:19:20 -------- d-----w- c:\users\mima\appdata\local\Skype
2014-04-09 07:19:01 -------- d-----r- c:\program files\Skype
2014-04-09 07:11:48 -------- d-----w- c:\users\mima\appdata\roaming\TuneUp Software
2014-04-09 07:10:08 -------- d-----w- c:\programdata\TuneUp Software
2014-04-09 07:10:03 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-09 07:10:02 -------- d--h--w- c:\programdata\Common Files
2014-04-09 07:09:05 -------- d-----w- c:\users\mima\appdata\roaming\SumatraPDF
2014-04-09 07:08:59 -------- d-----w- c:\program files\SumatraPDF
2014-04-09 07:08:30 -------- d-----w- c:\users\mima\appdata\roaming\OpenCandy
2014-04-09 07:08:03 -------- d-----w- c:\programdata\Tbccint
2014-04-09 07:08:03 -------- d-----w- c:\program files\Tbccint
2014-04-09 07:08:02 -------- d-----w- c:\users\mima\appdata\local\Tbccint
2014-04-09 07:07:50 -------- d-----w- c:\program files\ChicaLogic
2014-04-09 07:06:50 -------- d-----w- c:\users\mima\appdata\roaming\uTorrent
2014-04-09 06:53:29 -------- d-----w- c:\program files\Mv2Player
2014-04-09 06:50:29 129784 ------w- c:\windows\system32\pxafs.dll
2014-04-09 06:48:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2014-04-09 06:48:30 410984 ----a-w- c:\program files\mozilla firefox\plugins\npdeploytk.dll
2014-04-09 06:47:03 -------- d-----w- c:\program files\AIMP2
2014-04-09 06:41:15 -------- d-----w- c:\users\mima\appdata\local\Macromedia
2014-04-09 06:39:51 -------- d-----w- c:\program files\CONEXANT
2014-04-09 06:39:45 76928 ----a-w- c:\windows\system32\FMPropPageExt.dll
2014-04-09 06:39:45 359040 ----a-w- c:\windows\system32\UCI32A72.dll
2014-04-09 06:39:45 1514624 ----a-w- c:\windows\system32\CX32AP45.dll
2014-04-09 06:39:41 1283200 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2014-04-09 06:31:35 -------- d-----w- c:\windows\Panther
2014-04-09 06:31:09 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-04-09 06:31:08 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-04-09 06:27:46 -------- d-----w- c:\windows\PCHEALTH
2014-04-09 06:25:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-04-09 06:24:45 -------- d-----w- c:\users\mima\appdata\local\Microsoft Help
2014-04-09 06:21:44 -------- d-----w- c:\users\mima\appdata\local\Adobe
2014-04-09 06:17:30 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 06:17:30 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-09 06:14:01 -------- d-----w- c:\program files\VITSOFT
2014-04-09 06:11:37 -------- d-----w- c:\program files\SeaMonkey
2014-04-09 06:09:40 -------- d-----w- c:\users\mima\appdata\local\Mozilla
2014-04-09 06:07:14 0 ----a-w- c:\windows\ativpsrm.bin
2014-04-09 06:02:44 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-09 06:02:34 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-09 06:02:21 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-09 06:02:21 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-09 05:59:59 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2014-04-09 05:59:38 193640 ----a-r- c:\windows\system32\drivers\RtsUStor.sys
2014-04-09 05:59:37 9112168 ----a-w- c:\windows\system32\RtsUStoricon.dll
2014-04-09 05:59:36 -------- d-----w- c:\program files\Realtek
2014-04-09 05:57:51 2158592 ----a-w- c:\windows\system32\drivers\athr.sys
2014-04-09 05:57:50 64672 ----a-w- c:\windows\system32\athihvui.dll
2014-04-09 05:57:50 -------- d-----w- c:\windows\system32\nn-NO
2014-04-09 05:57:47 400544 ----a-w- c:\windows\system32\athihvs.dll
2014-04-09 05:57:47 -------- d-----w- c:\program files\Atheros
2014-04-09 05:56:53 -------- d-----w- c:\programdata\Atheros
2014-04-09 05:52:57 -------- d-----w- c:\program files\AMD APP
2014-04-09 05:52:53 -------- d-----w- c:\program files\common files\ATI Technologies
2014-04-09 05:52:49 35968 ----a-r- c:\windows\system32\drivers\usbfilter.sys
2014-04-09 05:51:05 52736 ----a-w- c:\windows\system32\coinst.dll
2014-04-09 05:51:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-04-09 05:50:42 -------- d-sh--w- c:\windows\Installer
2014-04-09 05:50:11 -------- d-----w- c:\program files\ATI Technologies
2014-04-09 05:50:04 -------- d-----w- c:\program files\ATI
2014-04-09 05:46:42 -------- d-----w- c:\windows\system32\wbem\Performance
2014-04-09 05:42:26 -------- d-----w- c:\users\mima\appdata\roaming\GrabPro
.
==================== Find3M ====================
.
.
============= FINISH: 10:12:45.95 ===============

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 18 Mar 2009
  • Poruke: 41
  • Gde živiš: NIŠ

evo combo fix log fajla
ComboFix 14-04-09.02 - mima 04/11/2014 20:31:57.1.2 - x86
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.1771.1240 [GMT -7:00]
Running from: c:\users\mima\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-03-12 to 2014-04-12 )))))))))))))))))))))))))))))))
.
.
2014-04-12 03:42 . 2014-04-12 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-10 03:07 . 2014-04-12 02:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-04-09 18:40 . 2014-04-09 18:40 -------- d-----w- c:\program files\Common Files\PDF Architect
2014-04-09 17:40 . 2014-04-09 18:42 -------- d-----w- c:\program files\Real
2014-04-09 16:57 . 2014-04-09 16:57 -------- d-----w- c:\windows\system32\sda
2014-04-09 08:23 . 2014-04-09 08:23 -------- d-----w- c:\programdata\Ahead
2014-04-09 08:22 . 2014-04-09 08:22 -------- d-----w- c:\programdata\Nero
2014-04-09 08:22 . 2014-04-09 08:22 -------- d-----w- c:\program files\Nero
2014-04-09 08:13 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2014-04-09 08:13 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2014-04-09 08:13 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2014-04-09 08:13 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2014-04-09 08:13 . 2014-04-09 08:22 -------- d-----w- c:\program files\Common Files\Ahead
2014-04-09 08:13 . 2014-04-09 08:16 -------- d-----w- c:\program files\Ahead
2014-04-09 07:19 . 2014-04-09 07:19 -------- d-----w- c:\program files\Common Files\Skype
2014-04-09 07:19 . 2014-04-09 07:19 -------- d-----r- c:\program files\Skype
2014-04-09 07:11 . 2014-04-09 07:18 -------- d-----w- c:\programdata\Skype
2014-04-09 07:10 . 2014-04-09 07:12 -------- d-----w- c:\programdata\TuneUp Software
2014-04-09 07:10 . 2014-04-09 07:10 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-09 07:10 . 2014-04-09 07:10 -------- d--h--w- c:\programdata\Common Files
2014-04-09 07:08 . 2014-04-09 07:09 -------- d-----w- c:\program files\SumatraPDF
2014-04-09 07:08 . 2014-04-09 07:08 -------- d-----w- c:\programdata\Tbccint
2014-04-09 07:08 . 2014-04-09 07:08 -------- d-----w- c:\program files\Tbccint
2014-04-09 07:07 . 2014-04-09 07:07 -------- d-----w- c:\program files\ChicaLogic
2014-04-09 06:53 . 2014-04-09 06:54 -------- d-----w- c:\program files\Mv2Player
2014-04-09 06:50 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll
2014-04-09 06:50 . 2014-04-09 06:50 -------- d-----w- c:\program files\Winamp
2014-04-09 06:48 . 2014-04-09 06:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2014-04-09 06:48 . 2014-04-09 06:48 -------- d-----w- c:\program files\Java
2014-04-09 06:47 . 2014-04-09 19:41 -------- d-----w- c:\program files\AIMP2
2014-04-09 06:39 . 2014-04-09 06:40 -------- d-----w- c:\program files\CONEXANT
2014-04-09 06:39 . 2011-03-07 08:50 1514624 ----a-w- c:\windows\system32\CX32AP45.dll
2014-04-09 06:39 . 2011-02-22 05:06 359040 ----a-w- c:\windows\system32\UCI32A72.dll
2014-04-09 06:39 . 2011-01-13 06:59 76928 ----a-w- c:\windows\system32\FMPropPageExt.dll
2014-04-09 06:39 . 2011-02-14 04:42 1283200 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2014-04-09 06:31 . 2014-04-09 05:41 -------- d-----w- c:\windows\Panther
2014-04-09 06:31 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-04-09 06:31 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-04-09 06:28 . 2014-04-09 06:28 -------- d-----w- c:\program files\Microsoft Works
2014-04-09 06:27 . 2014-04-09 06:27 -------- d-----w- c:\windows\PCHEALTH
2014-04-09 06:27 . 2014-04-09 06:27 -------- d-----w- c:\program files\Microsoft.NET
2014-04-09 06:25 . 2014-04-09 06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-04-09 06:24 . 2014-04-09 06:31 -------- d-----w- c:\programdata\Microsoft Help
2014-04-09 06:23 . 2014-04-09 06:23 -------- d-----r- C:\MSOCache
2014-04-09 06:19 . 2014-04-09 06:19 -------- d-----w- c:\program files\Common Files\Adobe
2014-04-09 06:17 . 2014-04-09 21:22 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 06:17 . 2014-04-09 21:22 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-09 06:14 . 2014-04-09 06:14 -------- d-----w- c:\program files\VITSOFT
2014-04-09 06:11 . 2014-04-12 03:16 -------- d-----w- c:\program files\SeaMonkey
2014-04-09 06:07 . 2014-04-09 06:07 0 ----a-w- c:\windows\ativpsrm.bin
2014-04-09 06:02 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-09 06:02 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-04-09 06:02 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-09 06:02 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-09 06:02 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-04-09 06:02 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-09 06:02 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-09 06:02 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-09 06:02 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-09 05:59 . 2010-06-17 09:17 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2014-04-09 05:59 . 2010-06-17 09:18 193640 ----a-r- c:\windows\system32\drivers\RtsUStor.sys
2014-04-09 05:59 . 2010-06-17 09:18 9112168 ----a-w- c:\windows\system32\RtsUStoricon.dll
2014-04-09 05:57 . 2011-03-12 01:54 2158592 ----a-w- c:\windows\system32\drivers\athr.sys
2014-04-09 05:57 . 2014-04-09 05:57 -------- d-----w- c:\windows\system32\nn-NO
2014-04-09 05:57 . 2011-03-16 23:47 64672 ----a-w- c:\windows\system32\athihvui.dll
2014-04-09 05:57 . 2014-04-09 05:57 -------- d-----w- c:\program files\Atheros
2014-04-09 05:57 . 2011-03-16 23:47 400544 ----a-w- c:\windows\system32\athihvs.dll
2014-04-09 05:57 . 2014-04-09 05:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-04-09 05:56 . 2014-04-09 05:58 -------- d-----w- c:\programdata\Atheros
2014-04-09 05:52 . 2014-04-09 05:52 -------- d-----w- c:\program files\AMD APP
2014-04-09 05:52 . 2014-04-09 05:52 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-04-09 05:52 . 2014-04-09 05:52 -------- dc----w- c:\windows\system32\DRVSTORE
2014-04-09 05:52 . 2010-11-28 20:50 35968 ----a-r- c:\windows\system32\drivers\usbfilter.sys
2014-04-09 05:51 . 2011-05-24 14:18 52736 ----a-w- c:\windows\system32\coinst.dll
2014-04-09 05:51 . 2011-05-24 15:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-04-09 05:50 . 2014-04-09 18:42 -------- d-sh--w- c:\windows\Installer
2014-04-09 05:50 . 2014-04-09 05:52 -------- d-----w- c:\program files\ATI Technologies
2014-04-09 05:50 . 2014-04-09 05:50 -------- d-----w- c:\program files\ATI
2014-04-09 05:46 . 2014-04-12 03:29 -------- d-----w- c:\windows\system32\wbem\Performance
2014-04-09 05:44 . 2014-04-09 05:44 -------- d-----w- c:\windows\system32\Macromed
2014-04-09 05:42 . 2014-04-09 05:42 -------- d-----w- C:\downloads
2014-04-09 05:42 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2014-04-09 05:42 . 2008-07-04 06:34 860160 ----a-w- c:\windows\system32\lameACM.acm
2014-04-09 05:42 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm
2014-04-09 05:42 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2014-04-09 05:42 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2014-04-09 05:42 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll
2014-04-09 05:42 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll
2014-04-09 05:42 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2014-04-09 05:42 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2014-04-09 05:42 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2014-04-09 05:42 . 2014-04-09 05:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-04-09 05:41 . 2014-04-09 05:44 -------- d-----w- c:\users\mima
2014-04-09 05:41 . 2014-04-09 05:41 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8f6846ea-ddff-459b-8c78-469b34d90a49}"= "c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\prxtbuTor.dll" [2014-03-31 424256]
.
[HKEY_CLASSES_ROOT\clsid\{8f6846ea-ddff-459b-8c78-469b34d90a49}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8f6846ea-ddff-459b-8c78-469b34d90a49}]
2014-03-31 18:05 424256 ----a-w- c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8f6846ea-ddff-459b-8c78-469b34d90a49}"= "c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\prxtbuTor.dll" [2014-03-31 424256]
.
[HKEY_CLASSES_ROOT\clsid\{8f6846ea-ddff-459b-8c78-469b34d90a49}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2014-04-09 148888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-16 495616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 176128]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-16 190592]
S2 TBSrv;Toolbar Service;c:\program files\Tbccint\ToolbarService\ToolbarService.exe [2014-03-31 350528]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 35968]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 21:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mima\AppData\Roaming\Mozilla\Firefox\Profiles\enbs1ue4.default\
FF - ExtSQL: 2014-04-09 20:07; testpilot@labs.mozilla.com; c:\users\mima\AppData\Roaming\Mozilla\Firefox\Profiles\enbs1ue4.default\extensions\testpilot@labs.mozilla.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2764)
c:\windows\System32\ieframe.dll
.
Completion time: 2014-04-11 20:46:17
ComboFix-quarantined-files.txt 2014-04-12 03:46
.
Pre-Run: 69,926,543,360 bytes free
Post-Run: 70,877,954,048 bytes free
.
- - End Of File - - 834CE1C12A1BCCA79355F3309426F2C8
A36C5E4F47E84449FF07ED3517B43A31

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8f6846ea-ddff-459b-8c78-469b34d90a49}"=-
[-HKEY_CLASSES_ROOT\clsid\{8f6846ea-ddff-459b-8c78-469b34d90a49}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8f6846ea-ddff-459b-8c78-469b34d90a49}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8f6846ea-ddff-459b-8c78-469b34d90a49}"=-

ClearJavaCache::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.






*************************





Preuzmi MCShield sa sljedeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

offline
  • Pridružio: 18 Mar 2009
  • Poruke: 41
  • Gde živiš: NIŠ

evo novog loga posle prevlacenja cfscript-a na combo fix
ComboFix 14-04-09.02 - mima 04/11/2014 21:19:49.2.2 - x86
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.1771.937 [GMT -7:00]
Running from: c:\users\mima\Desktop\ComboFix.exe
Command switches used :: c:\users\mima\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\cctoolbar.cfg
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\hk64tbuTor.dll
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\hktbuTor.dll
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\ldrtbuTor.dll
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\prxtbuTor.dll
c:\users\mima\AppData\LocalLow\uTorrentControl_v6b\tbuTor.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-03-12 to 2014-04-12 )))))))))))))))))))))))))))))))
.
.
2014-04-12 04:30 . 2014-04-12 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-10 03:07 . 2014-04-12 02:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-04-09 18:40 . 2014-04-09 18:40 -------- d-----w- c:\program files\Common Files\PDF Architect
2014-04-09 17:40 . 2014-04-09 18:42 -------- d-----w- c:\program files\Real
2014-04-09 16:57 . 2014-04-09 16:57 -------- d-----w- c:\windows\system32\sda
2014-04-09 08:23 . 2014-04-09 08:23 -------- d-----w- c:\programdata\Ahead
2014-04-09 08:22 . 2014-04-09 08:22 -------- d-----w- c:\programdata\Nero
2014-04-09 08:22 . 2014-04-09 08:22 -------- d-----w- c:\program files\Nero
2014-04-09 08:13 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2014-04-09 08:13 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2014-04-09 08:13 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2014-04-09 08:13 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2014-04-09 08:13 . 2014-04-09 08:22 -------- d-----w- c:\program files\Common Files\Ahead
2014-04-09 08:13 . 2014-04-09 08:16 -------- d-----w- c:\program files\Ahead
2014-04-09 07:19 . 2014-04-09 07:19 -------- d-----w- c:\program files\Common Files\Skype
2014-04-09 07:19 . 2014-04-09 07:19 -------- d-----r- c:\program files\Skype
2014-04-09 07:11 . 2014-04-09 07:18 -------- d-----w- c:\programdata\Skype
2014-04-09 07:10 . 2014-04-09 07:12 -------- d-----w- c:\programdata\TuneUp Software
2014-04-09 07:10 . 2014-04-09 07:10 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-09 07:10 . 2014-04-09 07:10 -------- d--h--w- c:\programdata\Common Files
2014-04-09 07:08 . 2014-04-09 07:09 -------- d-----w- c:\program files\SumatraPDF
2014-04-09 07:08 . 2014-04-09 07:08 -------- d-----w- c:\programdata\Tbccint
2014-04-09 07:08 . 2014-04-09 07:08 -------- d-----w- c:\program files\Tbccint
2014-04-09 07:07 . 2014-04-09 07:07 -------- d-----w- c:\program files\ChicaLogic
2014-04-09 06:53 . 2014-04-09 06:54 -------- d-----w- c:\program files\Mv2Player
2014-04-09 06:50 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll
2014-04-09 06:50 . 2014-04-09 06:50 -------- d-----w- c:\program files\Winamp
2014-04-09 06:48 . 2014-04-09 06:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2014-04-09 06:48 . 2014-04-09 06:48 -------- d-----w- c:\program files\Java
2014-04-09 06:47 . 2014-04-09 19:41 -------- d-----w- c:\program files\AIMP2
2014-04-09 06:39 . 2014-04-09 06:40 -------- d-----w- c:\program files\CONEXANT
2014-04-09 06:39 . 2011-03-07 08:50 1514624 ----a-w- c:\windows\system32\CX32AP45.dll
2014-04-09 06:39 . 2011-02-22 05:06 359040 ----a-w- c:\windows\system32\UCI32A72.dll
2014-04-09 06:39 . 2011-01-13 06:59 76928 ----a-w- c:\windows\system32\FMPropPageExt.dll
2014-04-09 06:39 . 2011-02-14 04:42 1283200 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2014-04-09 06:31 . 2014-04-09 05:41 -------- d-----w- c:\windows\Panther
2014-04-09 06:31 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-04-09 06:31 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-04-09 06:28 . 2014-04-09 06:28 -------- d-----w- c:\program files\Microsoft Works
2014-04-09 06:27 . 2014-04-09 06:27 -------- d-----w- c:\windows\PCHEALTH
2014-04-09 06:27 . 2014-04-09 06:27 -------- d-----w- c:\program files\Microsoft.NET
2014-04-09 06:25 . 2014-04-09 06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-04-09 06:24 . 2014-04-09 06:31 -------- d-----w- c:\programdata\Microsoft Help
2014-04-09 06:23 . 2014-04-09 06:23 -------- d-----r- C:\MSOCache
2014-04-09 06:19 . 2014-04-09 06:19 -------- d-----w- c:\program files\Common Files\Adobe
2014-04-09 06:17 . 2014-04-09 21:22 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 06:17 . 2014-04-09 21:22 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-09 06:14 . 2014-04-09 06:14 -------- d-----w- c:\program files\VITSOFT
2014-04-09 06:11 . 2014-04-12 04:10 -------- d-----w- c:\program files\SeaMonkey
2014-04-09 06:07 . 2014-04-09 06:07 0 ----a-w- c:\windows\ativpsrm.bin
2014-04-09 06:02 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-09 06:02 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-04-09 06:02 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-09 06:02 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-09 06:02 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-04-09 06:02 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-09 06:02 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-09 06:02 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-09 06:02 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-09 05:59 . 2010-06-17 09:17 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2014-04-09 05:59 . 2010-06-17 09:18 193640 ----a-r- c:\windows\system32\drivers\RtsUStor.sys
2014-04-09 05:59 . 2010-06-17 09:18 9112168 ----a-w- c:\windows\system32\RtsUStoricon.dll
2014-04-09 05:57 . 2011-03-12 01:54 2158592 ----a-w- c:\windows\system32\drivers\athr.sys
2014-04-09 05:57 . 2014-04-09 05:57 -------- d-----w- c:\windows\system32\nn-NO
2014-04-09 05:57 . 2011-03-16 23:47 64672 ----a-w- c:\windows\system32\athihvui.dll
2014-04-09 05:57 . 2014-04-09 05:57 -------- d-----w- c:\program files\Atheros
2014-04-09 05:57 . 2011-03-16 23:47 400544 ----a-w- c:\windows\system32\athihvs.dll
2014-04-09 05:57 . 2014-04-09 05:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-04-09 05:56 . 2014-04-09 05:58 -------- d-----w- c:\programdata\Atheros
2014-04-09 05:52 . 2014-04-09 05:52 -------- d-----w- c:\program files\AMD APP
2014-04-09 05:52 . 2014-04-09 05:52 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-04-09 05:52 . 2014-04-09 05:52 -------- dc----w- c:\windows\system32\DRVSTORE
2014-04-09 05:52 . 2010-11-28 20:50 35968 ----a-r- c:\windows\system32\drivers\usbfilter.sys
2014-04-09 05:51 . 2011-05-24 14:18 52736 ----a-w- c:\windows\system32\coinst.dll
2014-04-09 05:51 . 2011-05-24 15:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-04-09 05:50 . 2014-04-09 18:42 -------- d-sh--w- c:\windows\Installer
2014-04-09 05:50 . 2014-04-09 05:52 -------- d-----w- c:\program files\ATI Technologies
2014-04-09 05:50 . 2014-04-09 05:50 -------- d-----w- c:\program files\ATI
2014-04-09 05:46 . 2014-04-12 03:29 -------- d-----w- c:\windows\system32\wbem\Performance
2014-04-09 05:44 . 2014-04-09 05:44 -------- d-----w- c:\windows\system32\Macromed
2014-04-09 05:42 . 2014-04-09 05:42 -------- d-----w- C:\downloads
2014-04-09 05:42 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2014-04-09 05:42 . 2008-07-04 06:34 860160 ----a-w- c:\windows\system32\lameACM.acm
2014-04-09 05:42 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm
2014-04-09 05:42 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2014-04-09 05:42 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2014-04-09 05:42 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll
2014-04-09 05:42 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll
2014-04-09 05:42 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2014-04-09 05:42 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2014-04-09 05:42 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2014-04-09 05:42 . 2014-04-09 05:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-04-09 05:41 . 2014-04-09 05:44 -------- d-----w- c:\users\mima
2014-04-09 05:41 . 2014-04-09 05:41 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2014-04-09 148888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-16 495616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 176128]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-16 190592]
S2 TBSrv;Toolbar Service;c:\program files\Tbccint\ToolbarService\ToolbarService.exe [2014-03-31 350528]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 35968]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 21:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mima\AppData\Roaming\Mozilla\Firefox\Profiles\enbs1ue4.default\
FF - ExtSQL: 2014-04-09 20:07; testpilot@labs.mozilla.com; c:\users\mima\AppData\Roaming\Mozilla\Firefox\Profiles\enbs1ue4.default\extensions\testpilot@labs.mozilla.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-11 21:33:16
ComboFix-quarantined-files.txt 2014-04-12 04:33
ComboFix2.txt 2014-04-12 03:46
.
Pre-Run: 70,885,466,112 bytes free
Post-Run: 70,843,256,832 bytes free
.
- - End Of File - - AA26528FE1C7DAF4C03B7D349AAAB1FD
A36C5E4F47E84449FF07ED3517B43A31

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Nisi dostavio sve, procitaj jos jednom moje prethodno uputstvo.

offline
  • Pridružio: 18 Mar 2009
  • Poruke: 41
  • Gde živiš: NIŠ

a sto se tice ovog drugog MCSheild-a nije mi jasno nista..instalirao sam ga i u all scans sam nasao ovo
>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 3.0.4.27 / DB: 2014.4.6.1 / Windows 7 <<<


4/11/2014 9:46:42 PM > Drive C: - scan started (no label ~83 GB, NTFS HDD )...



=> The drive is clean.


4/11/2014 9:46:42 PM > Drive D: - scan started (no label ~215 GB, NTFS HDD )...



=> The drive is clean.


sta da radim posle?,kad ubacim flesku kako je receno nista ne reaguje...je treba ja da uradim nesto kad ubacim flesku???

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ne treba nista, ali izgleda da ti racunar ne ocitava flesku.

U koji port ubadas flesku, napred ili pozadi?

Ko je trenutno na forumu
 

Ukupno su 1008 korisnika na forumu :: 24 registrovanih, 2 sakrivenih i 982 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, amstel, Bobrock1, Botovac, darkangel, Futog 74, ILGromovnik, Karla, Kriglord, krkalon, Krvava Devetka, LUDI, m0nstrum_, Mixelotti, mkukoleca, Nemanja.M, opt1, paja69, Parker, powSrb, sabros, Shilok, slonic_tonic, sovanova95