Miš je "poludio" !

Miš je "poludio" !

offline
  • Pridružio: 06 Feb 2009
  • Poruke: 24
  • Gde živiš: Vlasenica

Problem se javlja kad npr. pređem mišom preko ikone(a ne kliknem) otvara se taj program,takođe bez ikakvog reda mi selektuje sve na netu ili desktopu.Jednostavno imam utisak kao da neko drugi upravlja mišom, nezavisno od mene.
Nod je pronašao 31 objekat i obrisao,koristio sam i spybot i on je pronašao 11 problema koje je riješio.
Na svoju ruku sam koristio combofix,pa ću postaviti šta je on pronašao.
Unaprijed hvala.



ComboFix 13-04-24.02 - NATASA 24.04.2013 14:27:30.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.494 [GMT 2:00]
Running from: c:\documents and settings\NATASA\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NATASA\Application Data\PriceGong
c:\documents and settings\NATASA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\NATASA\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2013-03-24 to 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 10:48 . 2013-04-24 10:48 -------- d-----w- c:\documents and settings\NATASA\Application Data\NVIDIA
2013-04-24 08:28 . 2013-04-24 08:28 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-04-24 08:28 . 2013-04-24 08:28 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-04-24 08:28 . 2013-04-24 08:28 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-04-24 08:27 . 2013-04-24 08:27 -------- d-----w- c:\program files\NVIDIA Corporation
2013-04-23 21:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-23 21:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-23 21:09 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 10:06 . 2012-05-24 10:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 10:06 . 2012-05-24 10:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 11:25 . 2013-03-13 11:25 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-10 10:52 . 2013-03-10 10:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 10:52 . 2008-09-26 18:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-10 10:52 . 2012-06-17 11:33 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 10:52 . 2011-03-28 21:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-03 23:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-03 22:20 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25 . 2004-08-03 22:17 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2007-07-29 11:07 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:06 . 2004-08-03 23:56 667136 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:06 . 2004-08-03 21:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:06 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-12 00:32 . 2011-04-11 17:54 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 22:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 03:03 . 2013-02-08 03:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-08 03:03 . 2006-06-01 15:22 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-08 03:03 . 2006-06-01 15:22 4494336 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-08 03:02 . 2013-02-08 03:02 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-08 03:02 . 2013-02-08 03:02 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-08 03:02 . 2013-02-08 03:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-08 03:02 . 2013-02-08 03:02 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-08 03:02 . 2006-06-01 15:22 2389504 ----a-w- c:\windows\system32\nvapi.dll
2013-02-08 03:02 . 2006-06-01 15:22 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-02-08 03:02 . 2013-02-08 03:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-08 03:02 . 2013-02-08 03:02 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-26 03:55 . 2004-08-03 23:56 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 11:48 . 2013-04-04 10:56 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2013-03-05 13:37 231168 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2013-03-05 13:37 231168 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2013-03-05 13:37 231168 ----a-w- c:\program files\Peer2Peer-EN\prxtbPee0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\prxtbPee0.dll" [2013-03-05 231168]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2013-03-05 231168]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2013-03-05 231168]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\prxtbPee0.dll" [2013-03-05 231168]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2013-03-05 231168]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2013-03-05 231168]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
nod32.lnk - c:\program files\Eset\nod32.exe [N/A]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TVR Schedule.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TVR Schedule.lnk
backup=c:\windows\pss\TVR Schedule.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^NATASA^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\NATASA\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 15:35 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\NATASA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"e:\\AIVAN\\games\\Risk 2\\RISKII.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"e:\\AIVAN\\Programi\\BlueSoleil 6.2.227.11 + (zabranjeno)\\(zabranjeno)\\BlueSoleilCS.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [27.07.2011 11:30 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.07.2011 13:17 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.02.2008 11:11 33800]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [20.02.2008 11:08 472320]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [17.04.2009 10:57 2368]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [27.03.2008 20:01 598856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [03.04.2010 21:06 27632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [23.08.2001 15:00 3584]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [03.04.2010 21:05 90112]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [06.04.2010 19:33 25864]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [06.04.2010 19:32 26248]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [03.03.2010 21:28 180480]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AGTCRPOD
*Deregistered* - agtcrpod
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 09:29 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 10:06]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 16:31]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 16:31]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-746137067-839522115-1003Core.job
- c:\documents and settings\NATASA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 14:12]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-746137067-839522115-1003UA.job
- c:\documents and settings\NATASA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 14:12]
.
2013-04-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-746137067-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2013-04-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-746137067-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=OffroadRacers&utm_medium=start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\NATASA\Application Data\Mozilla\Firefox\Profiles\s4y6e6fu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://smart-homepage.blogspot.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=282&systemid=406&sr=0&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-04-24 14:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\sccfg.sys 20 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-746137067-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-24 14:45:46
ComboFix-quarantined-files.txt 2013-04-24 12:45
.
Pre-Run: 22.988.296.192 bytes free
Post-Run: 23.250.415.616 bytes free
.
- - End Of File - - 6F3BD68ACE33721502B16D9CA5FD622B

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3896
  • Gde živiš: Novi Sad,Klisa

Pozdrav,perun32

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 06 Feb 2009
  • Poruke: 24
  • Gde živiš: Vlasenica

Napisano: 25 Apr 2013 7:00

Gmer rezultati
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 25 Apr 2013 17:08

Zahvaljujem se NIx Car-u.Izvini, ako sam te namučio zbog "gluposti".Miš je promijenjen i sve odlično funkcioniše.
My City-NAJBOLJI STE-SVE POHVALE!!!

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3896
  • Gde živiš: Novi Sad,Klisa

Nismo jos zavrsili! Zamolio bih te da ispratis i sledeca uputstva i savete:

Arrow Nemoj da pokrećeš ComboFix na svoju ruku Exclamation
Combofix nije dijagnostički alat kao, na primer, ovi iz uputstva. To je jako moćan alat, koji nepravilnim rukovanjem, pa čak i samim pokretanjem može da ošteti operativni sistem ili obriše podatke sa tvrdog diska. Pokreće se isključivo uz predlog, nadležnost i detaljno uputstvo lica koja su obučena za rukovanje sa ovim programom.





Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Pridružio: 06 Feb 2009
  • Poruke: 24
  • Gde živiš: Vlasenica

Evo fajl...
mycity.rs/must-login.png

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3896
  • Gde živiš: Novi Sad,Klisa

Ok. Računar ti je sad čist što se malwarea tiče. Isprati i sledeće korake:



Exclamation
Iz logova se vidi da koristiš piratski NOD32. Savetujem ti da ne koristiš piratske Antivirus programe. Imaš odlicnih bezplatnih resenja, nema potrebe za piraterijom. Uostalom s vremena na vreme neka antivirusna kompanija napravi promociju, pa na taj način možeš legalno koristiti antivirus koji se plaća.
Link do teme: http://www.mycity.rs/Zastitni-programi/Promocije-k.....grama.html




Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi






Arrow

- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Idea Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html


offline
  • Pridružio: 06 Feb 2009
  • Poruke: 24
  • Gde živiš: Vlasenica

Hvala ti puno!Veliki pozdrav!

Ko je trenutno na forumu
 

Ukupno su 728 korisnika na forumu :: 35 registrovanih, 7 sakrivenih i 686 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aleksmajstor, amaterSRB, Cirkon, cole77, Duh sa sekirom, havoc995, HrcAk47, Insan, kaptain, Konda, konstruktor, mercedesamg, messerschmitt, Milan A. Nikolic, miodrag, Miskohd, mushroom, mustangkg, Oluj2.1, pein, pristinski korpus, sakota79, Sale.S, slonic_tonic, Smd, stug, theNedjeljko, trajkoni018, VJ, vlvl, W123, zajcev1, |_MeD_|