Infection: url: mal

1

Infection: url: mal

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

Kada poksam da ucitam neku stranu na internetu , avast daje obavjestenje " Infection: url: mal " i CPU zakuca na 100 , i moram prisilno da zatvaram pretrazivac, jer nece da ucita stranu samo vrti. Evo i slika obavjestenja :


Pokusao sam i sa sistem restore ali kada ulazim na F8, pojavljuje se sledeci ekran


Skenirao sam sa antivirusom i sa Maleware i ne pokazuju nikakve viruse i slicne napasti.

Pozzz...

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Isprati ovo uputstvo da bi mogli proverili sistem na prisustvo malware-a.
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Postavi odgovarajuce logove ( DDS&Gmer za x32bit Windows; OTL za x64bit Windows ).

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

DDS log.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Milica at 21:54:48 on 2012-07-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1919.1015 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page =
uSearch Bar =
mStart Page =
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [<NO NAME>]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{32C37E85-FB3B-4ADA-AAAC-26544C1E73DE} : NameServer = 195.66.189.137,195.66.189.138
TCP: Interfaces\{BD635279-6F6E-4369-8E0D-D571511949C5}\D6F6D6F6F577966696 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\qnwoisc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: ccc-core-static - msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milica\appdata\roaming\mozilla\firefox\profiles\frkcxd1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.me/webhp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\users\milica\appdata\roaming\mozilla\firefox\profiles\frkcxd1j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\milica\appdata\roaming\mozilla\firefox\profiles\frkcxd1j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv2011win32.dll
FF - plugin: c:\users\milica\appdata\local\alibaba\alisetup\0.1.0.52\npAliSetupOneClick.dll
FF - plugin: c:\users\milica\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\milica\appdata\local\google\update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: c:\users\milica\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\milica\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15441
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:36:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-28 353688]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-18 913792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-28 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-28 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-4 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-13 654408]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-6-5 5120]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-14 2253688]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2007-5-10 109344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-28 22344]
R3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\drivers\PuAcpi32.sys [2012-1-11 14344]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2011-10-21 24786]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 multikey;Virtual USB MultiKey;c:\windows\system32\drivers\multikey.sys [2010-6-15 39936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-25 36608]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-8-3 9216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-3 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-29 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-3 52224]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-21 480128]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-15 1343400]
S3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\drivers\ZD1211BU.sys [2010-7-28 425472]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2011-12-21 1472768]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-8-25 233472]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 113120]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-11-23 66560]
S4 UI Assistant Service;UI Assistant Service;c:\program files\internet bilo gdje\AssistantServices.exe [2011-8-6 253264]
S4 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\uniblue\maxidisk\service.exe [2012-5-5 30064]
.
=============== Created Last 30 ================
.
2012-07-08 17:42:21 -------- d-----w- C:\_OTL
2012-07-08 13:06:02 42496 ----a-w- c:\windows\system32\qnwoisc.dll
2012-07-05 18:28:32 -------- d-----w- c:\users\milica\appdata\roaming\IDoser
2012-07-05 18:27:39 -------- d-----w- c:\program files\I-Doser Premium
2012-06-26 10:05:36 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e25029fa-150c-4973-8c9c-4496694a1989}\mpengine.dll
2012-06-24 21:20:29 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 08:56:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-21 08:56:46 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-17 15:48:59 -------- d-----w- c:\programdata\Nero
2012-06-15 21:16:42 -------- d-----w- c:\users\milica\Ambiente de rede
2012-06-14 19:51:47 -------- d-----w- c:\program files\XP Repair Pro 5.0
2012-06-13 07:28:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 07:28:21 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:28:19 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 07:28:15 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:28:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:28:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:28:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:28:11 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 07:28:02 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 07:28:01 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 07:28:00 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 23:02:59 -------- d-----w- c:\users\milica\appdata\roaming\YourFileDownloader
2012-06-11 18:31:29 -------- d-----w- C:\Mach3
.
==================== Find3M ====================
.
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:53 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-07 20:09:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-07 20:09:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-06 08:02:43 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-05-05 22:09:02 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-05-05 22:09:01 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-05-05 22:09:01 1352368 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-05-05 22:09:00 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2012-05-05 22:08:58 177448 ----a-w- c:\windows\system32\SynCOM.dll
2012-04-13 18:04:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.
============= FINISH: 21:55:49,80 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, hak1


Arrow Korak 1


Poseti ovaj link

http://www.mycity.rs/ambulanta-upload.php

Klikni na Browse i pronadji sledeci fajl

c:\windows\system32\qnwoisc.dll


Klikni na Upload i izvesti me kad bude gotovo.


Arrow Korak 2


Mozes li mi reci zbog cega si pokretao OTL? Da li mozes folder C:\_OTL da zapakujes u arhivu i da ga posaljes preko ovog linka
http://www.mycity.rs/ambulanta-upload.php


Arrow Korak 3


Da bismo videli sta je to Avast detektovao, potrebno je da nam dostavis izvestaje. Otidji na ovu lokaciju i prikaci najnovije izvestaje

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

Napisano: 09 Jul 2012 17:41

Uploadovao sam c:\windows\system32\qnwoisc.dll .
Sa otl sam probao da rijesim problem.
C:\_OTL Uploadovano.
Avast report
https://www.mycity.rs/must-login.png

Mada sam nesto sam cackao, i od jutros se ne pojavljuje, uradio sam skeniranje i ciscenje sa TDSSKiller , i prepravio HOSTS dadoteku sve sam izbrisao osim 127.0.0.1 hosts , i od jutros ne pokusava da me redirektuje na druge sajtove, i normalno rade pretrazivaci.
To je bila kao prva pomoc, jer sam hitno trebao internet.

Dopuna: 09 Jul 2012 20:37

Sada se ponovo samo jednom pojavilo , po preporuci iz teme http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html sam malo skenirao komp i abdejtovao java,quik time pleyer,flesh plejer, i posle restarta pojavio se zarazeno: URL: Mal ,sada opet sve u redu, mogu na net.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

ComboFix log


ComboFix 12-07-08.02 - Milica 09.07.2012 21:20:50.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1919.976 [GMT 2:00]
Running from: c:\users\Milica\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cf
c:\windows\_detmp.2
c:\windows\7Loader.TAG
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ijl11.dll
c:\windows\system32\qnwoisc.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 19:32 . 2012-07-09 19:40 -------- d-----w- c:\users\Milica\AppData\Local\temp
2012-07-09 18:10 . 2012-07-09 18:28 -------- d-----w- c:\programdata\MCShield
2012-07-09 18:10 . 2012-07-09 18:10 -------- d-----w- c:\program files\MCShield
2012-07-09 18:02 . 2012-07-09 18:02 -------- d-----w- c:\users\Milica\AppData\Local\Macromedia
2012-07-09 17:51 . 2012-07-09 17:51 -------- d-----w- c:\program files\Common Files\Java
2012-07-09 17:50 . 2012-07-09 17:50 -------- d-----w- c:\program files\Oracle
2012-07-09 17:49 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-08 20:55 . 2012-07-08 20:58 -------- d-----w- c:\program files\SpywareBlaster
2012-07-08 20:45 . 2012-07-08 22:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-08 17:42 . 2012-07-08 17:42 -------- d-----w- C:\_OTL
2012-07-05 18:28 . 2012-07-05 18:38 -------- d-----w- c:\users\Milica\AppData\Roaming\IDoser
2012-07-05 18:27 . 2012-07-05 18:27 -------- d-----w- c:\program files\I-Doser Premium
2012-06-26 10:05 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E25029FA-150C-4973-8C9C-4496694A1989}\mpengine.dll
2012-06-24 21:20 . 2012-06-24 21:20 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 08:56 . 2012-06-21 08:56 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 08:56 . 2012-06-21 08:56 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-17 15:48 . 2012-06-17 16:34 -------- d-----w- c:\programdata\Nero
2012-06-15 21:16 . 2012-06-15 21:16 -------- d-----w- c:\users\Milica\Ambiente de rede
2012-06-14 19:51 . 2012-06-14 19:52 -------- d-----w- c:\program files\XP Repair Pro 5.0
2012-06-13 07:28 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 07:28 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 07:28 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 07:28 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:28 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:28 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 07:28 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 07:28 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 07:28 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 07:28 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 07:28 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 23:02 . 2012-06-15 10:25 -------- d-----w- c:\users\Milica\AppData\Roaming\YourFileDownloader
2012-06-11 18:31 . 2012-06-11 18:38 -------- d-----w- C:\Mach3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 17:45 . 2012-04-02 23:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-09 17:45 . 2011-06-15 21:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2010-07-28 19:29 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-24 11:22 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-02-28 22:38 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-07-28 19:30 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-07-28 19:29 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-07-28 19:29 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-07-28 19:37 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-07-28 19:29 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-06 08:02 . 2012-05-06 08:02 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-05-05 22:09 . 2012-05-05 22:09 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-05-05 22:09 . 2012-05-05 22:09 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-05-05 22:09 . 2012-05-05 22:09 1352368 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-05-05 22:09 . 2012-05-05 22:09 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2012-05-05 22:08 . 2012-05-05 22:08 177448 ----a-w- c:\windows\system32\SynCOM.dll
2012-05-04 17:29 . 2010-08-08 17:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-25 12:05 . 2011-08-25 12:05 158720 ----a-w- c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2012-06-21 08:56 . 2011-09-28 08:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=c:\windows\pss\20-20 Shortcut Bar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Milica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
backup=c:\windows\pss\CCC.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Milica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CE8SIIFGSU
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObitBar Browser Plugin Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 14:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 14:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Synchronizer]
2010-10-25 14:13 1216416 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
2006-03-21 13:50 1678336 ----a-w- c:\program files\ASUS\WLAN Card Utilities\Center.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-30 12:59 136176 ----atw- c:\users\Milica\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-04-17 17:24 110592 ----a-w- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 05:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 13:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 13:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 02:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2012-04-23 14:28 67960 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2010-07-06 16:30 9394792 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2010-06-07 10:15 618496 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 12:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2012-04-16 13:25 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-28 21:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2012-05-05 22:09 2282792 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2011-01-24 20:34 139088 ----a-w- c:\program files\Internet Bilo gdje\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 15:15 49152 ----a-w- c:\windows\vmsnap3.exe
.
R0 fdtpdkxs;fdtpdkxs; [x]
R3 ASNDIS4;ASNDIS4 Protocol Driver; [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]
R3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\DRIVERS\zd1211Bu.sys [x]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 UI Assistant Service;UI Assistant Service;c:\program files\Internet Bilo gdje\AssistantServices.exe [x]
R4 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\Uniblue\MaxiDisk\service.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [x]
S3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:45]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 21:26]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 21:26]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115386721-205614276-1734424470-1000Core.job
- c:\users\Milica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 12:59]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115386721-205614276-1734424470-1000UA.job
- c:\users\Milica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 12:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&hl=sr&ie=UTF-8
mStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{32C37E85-FB3B-4ADA-AAAC-26544C1E73DE}: NameServer = 195.66.189.137,195.66.189.138
TCP: Interfaces\{78C0038E-ABA2-4AB0-ABFE-B8536D0A997C}: NameServer = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\users\Milica\AppData\Roaming\Mozilla\Firefox\Profiles\frkcxd1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.me/webhp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 848da960000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15441
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
SafeBoot-18364626.sys
SafeBoot-43655135.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-One - (no file)
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3052)
c:\program files\ArtCAM Pro 9.1\ShellExtension\ArtCAMShellEx.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-07-09 21:49:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 19:49
.
Pre-Run: 11.528.237.056 bytes free
Post-Run: 11.428.892.672 bytes free
.
- - End Of File - - C160A046D6B42D3174946633DD4CF0E7

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Na C particiji imas folder Qoobox, koji je kreiran od strane ComboFix-a

Zapakuj ga u arhivu i uploaduj na link

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 17 Avg 2008
  • Poruke: 293
  • Gde živiš: Titograd

Uploadovo Qoobox

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Tvoj kompjuter je čist što se malware-a tiče.


Arrow Kakvo je sada stanje, imas li nekih problema?


Arrow Koristis prastaru verziju Avast-a, tj. Avast 5. Mozes preuzeti i instalirati najnoviju verziju 7, sa ove adrese http://www.avast.com/free-antivirus-download , a takodje mozes u okviru postojece verzije izvrsiti apdejt, kao na slici




Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Arrow Ponovo pokreni OTL i klikni na opciju CleanUp.


Arrow Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


TwinHeadedEagle (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 636 korisnika na forumu :: 31 registrovanih, 5 sakrivenih i 600 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amar54k, amaterSRB, arsa, Boris90, Cufo, dragoljub11987, dragon986, GreenMan, ILGromovnik, Jovan Nenad, kovac9mm, krkalon, m0nstrum_, Markoni29, Mercury, milos.cbr, mushroom, novator, pacika, Pakito93, repac, S2M, Smd, Snorks, ssekir75, su27, time, vasa.93, wolf431, Zi0mek, Zvrk