Racunar sam krije foldere

1

Racunar sam krije foldere

offline
  • Pridružio: 17 Mar 2012
  • Poruke: 32

Desava mi se nesto cudno na racunaru, jednostavno racunar mi krije sam foldere i umesto njih ostavlja short cut do CMD uradio sam scan sa McShieldom i Combofixom i evo loga

ComboFix 13-06-22.01 - Administrator 22.06.2013 23:00:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.978 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\CMDOW.EXE
c:\documents and settings\Administrator\PSKILL.EXE
c:\windows\0
c:\windows\0\MGADIAG.EXE
c:\windows\0\PC SECURITY 6.4\CD KEY.TXT
c:\windows\0\PC SECURITY 6.4\PCSECURITY 6.4.EXE
c:\windows\0\TWEAKUI.EXE
c:\windows\0\USBVACCINE.EXE
c:\windows\0\WINDOWS FILE PROTECTION SWITCHER.EXE
c:\windows\Fonts\Vn.Fon
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-03 23:24 . 2013-06-22 20:15 -------- d-----r- C:\Program Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-28 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-08-14 . 35E4D7F89B5531C697EA74124FCF32DE . 2432512 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2009-01-24 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2009-07-20 . 0840BDCA88A9E0C40516036BE7578FB8 . 2185216 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2009-07-20 . 34E0DBE3BA4796DA48180D7A5014EFEF . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Change Audio"="c:\windows\Change Audio.exe" [2009-08-10 132096]
"TaskBar Icon"="c:\windows\TaskBar Icon.exe" [2009-05-30 41472]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2013-04-04 607744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-02 18665472]
"DrvIcon"="c:\program files\Drive Icon\DrvIcon.exe" [2008-04-13 147456]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-09 1165680]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-09 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-09 149024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-01-24 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 05:46 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-06-06 09:25 1045072 ----a-w- c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [6/14/2013 9:05 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [6/14/2013 12:57 PM 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [6/14/2013 8:44 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [6/14/2013 8:44 AM 174664]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [6/14/2013 12:57 PM 104752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/14/2013 12:57 PM 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/14/2013 8:44 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2013 8:45 AM 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2013 8:45 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/14/2013 8:44 AM 66336]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [6/14/2013 9:05 AM 137960]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\MyPC Backup\BackupStack.exe [5/31/2013 1:19 PM 32808]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [6/22/2013 6:06 PM 4150112]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/14/2013 1:26 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/1/2013 12:11 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/4/2013 1:22 AM 1684736]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HELPSVC
*NewlyCreated* - SRSERVICE
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 18:54 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 21:00]
.
2013-06-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-14 08:58]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-21 18:53]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-21 18:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{FB389A2E-B25C-48FB-A705-4FC36B1998F9}: NameServer = 212.200.190.166,212.200.191.166
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - c:\program files\OApps\SelectionLinks.dll
HKCU-Run-UberIcon - c:\program files\UberIcon\UberIcon Manager.exe
HKCU-Run-ViSplore - c:\program files\ViSplore\ViSplore.exe
MSConfigStartUp-Circle Dock - c:\program files\Circle Dock\CircleDock.exe
AddRemove-MixiDJ chrome Toolbar - c:\documents and settings\Administrator\Application Data\BabSolution\Shared\GUninstaller.exe
AddRemove-sl-dlc - c:\program files\OApps\sl-dlc_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-06-22 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1592454029-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1300)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-06-22 23:06:53
ComboFix-quarantined-files.txt 2013-06-22 21:06
.
Pre-Run: 142.981.128.192 bytes free
Post-Run: 143.455.485.952 bytes free
.
- - End Of File - - FE6F59684C677B96ADBC982AEA4C52EF
8F558EB6672622401DA993E1E865C861

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Exclamation ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, može uništiti operativni sistem ili pak obrisati sve podatke sa hard diska. Pokrece se iskljucivo uz predlog, nadležnost i detaljno uputstvo helpera koji je expert u toj oblasti i zna šta radi.

Za ubuduce, ne pokreci ComboFix na svoju ruku!!!


Korak 1.


Poseti ovu temu i dostavi izvestaje (DDS.txt i Attach.txt) --> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html



Korak 2.

Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 17 Mar 2012
  • Poruke: 32

Evo zavrsio sam skeniranje kao sto si mi rekao evo fajlova
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

To je samo jedan deo potrebnih izvestaja, isprati jos Korak broj 1

offline
  • Pridružio: 17 Mar 2012
  • Poruke: 32

Evo i prvog koraka
mycity.rs/must-login.png

mycity.rs/must-login.png





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.25.2
Run by Administrator at 20:13:17 on 2013-06-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.860 [GMT 2:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Drive Icon\DrvIcon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre7\bin\javaws.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - c:\program files\styler\tb\StylerTB.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Change Audio] c:\windows\Change Audio.exe
uRun: [TaskBar Icon] c:\windows\TaskBar Icon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [DrvIcon] c:\program files\drive icon\DrvIcon.exe
mRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoStartMenuPinnedList = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: NoStartMenuPinnedList = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370364954234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: Interfaces\{FB389A2E-B25C-48FB-A705-4FC36B1998F9} : NameServer = 212.200.190.166,212.200.191.166
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-6-14 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-6-14 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-14 174664]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-6-14 104752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-6-14 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-14 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-14 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-14 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-14 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-6-14 137960]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-31 32808]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-6-22 4150112]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-6-4 1684736]
.
=============== File Associations ===============
.
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2013-06-22 20:14:21 -------- d-----w- c:\program files\MCShield
2013-06-22 20:14:21 -------- d-----w- c:\documents and settings\all users.windows\application data\MCShield
2013-06-22 17:01:56 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-06-22 17:01:56 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2013-06-22 17:01:53 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-06-22 16:56:40 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
2013-06-22 16:06:29 -------- d-----w- c:\program files\TeamViewer
2013-06-21 20:03:46 15584 ----a-w- c:\documents and settings\administrator\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2013-06-21 19:32:09 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-06-21 19:30:35 74520 ----a-w- c:\program files\common files\windows live\.cache\cd621efe1ce6eb5\DSETUP.dll
2013-06-21 19:30:35 484632 ----a-w- c:\program files\common files\windows live\.cache\cd621efe1ce6eb5\DXSETUP.exe
2013-06-21 19:30:35 1670936 ----a-w- c:\program files\common files\windows live\.cache\cd621efe1ce6eb5\dsetup32.dll
2013-06-21 19:30:18 1013800 ----a-w- c:\program files\common files\windows live\.cache\c366461e1ce6eb5\WindowsXP-KB954708-x86-ENU.exe
2013-06-21 18:52:51 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2013-06-21 18:32:43 -------- d-----w- c:\documents and settings\administrator\Tracing
2013-06-21 12:30:45 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-21 12:30:45 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-21 12:30:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-18 11:23:13 -------- d-----w- c:\windows\pss
2013-06-15 20:51:59 -------- d-----w- c:\program files\MyPC Backup
2013-06-15 20:49:23 -------- d-----w- c:\windows\system32\Extensions
2013-06-15 20:49:22 -------- d-----w- c:\windows\system32\searchplugins
2013-06-15 20:48:20 -------- d-----w- c:\program files\Password Spectator
2013-06-15 07:52:10 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2013-06-14 10:57:23 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-06-14 10:57:23 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-06-14 10:57:23 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-06-14 07:05:25 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-06-14 06:44:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-14 06:44:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-14 06:44:58 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-14 06:44:57 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-14 06:44:35 41664 ----a-w- c:\windows\avastSS.scr
2013-06-14 06:37:56 -------- d-sh--w- c:\documents and settings\all users.windows\application data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-14 06:37:56 -------- d--h--w- c:\documents and settings\all users.windows\application data\Common Files
2013-06-12 21:00:20 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-11 04:29:16 -------- d-----w- c:\program files\AVAST Software
2013-06-11 04:29:06 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software
2013-06-10 14:29:31 -------- d-----w- c:\windows\system32\Adobe
2013-06-10 04:25:49 -------- d-----w- c:\windows\system32\LogFiles
2013-06-07 19:14:59 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2013-06-07 12:00:50 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Torch
2013-06-06 19:40:36 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2013-06-06 19:40:36 28672 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2013-06-06 09:24:28 -------- d-----w- c:\documents and settings\administrator\application data\uTorrent
2013-06-04 17:15:55 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2013-06-04 17:13:54 -------- d-----w- c:\windows\system32\PreInstall
2013-06-04 16:56:11 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2013-06-04 16:56:11 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2013-06-04 16:56:11 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2013-06-04 16:56:11 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-06-04 16:56:11 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-06-04 16:55:47 -------- d-----w- c:\windows\system32\appmgmt
2013-06-04 16:43:13 -------- d-----w- c:\documents and settings\administrator\application data\SmartPCFix
2013-06-04 15:24:22 -------- d-----w- c:\program files\Microsoft
2013-06-04 15:24:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-06-04 15:23:28 4927864 ----a-w- c:\program files\common files\windows live\.cache\76c7b77e1ce6137\Silverlight.2.0.exe
2013-06-04 15:19:28 -------- d-----w- c:\program files\common files\Windows Live
2013-06-04 13:07:54 -------- d-----w- c:\documents and settings\administrator\local settings\application data\GHISLER
2013-06-04 09:27:29 -------- d-----w- c:\documents and settings\administrator\application data\GHISLER
2013-06-04 09:26:25 -------- d-----r- c:\program files\Skype
2013-06-04 09:25:48 -------- d-----w- c:\program files\Nero 9
2013-06-04 09:25:01 -------- d-----w- c:\program files\LopeSoft
2013-06-04 09:24:43 -------- d-----w- c:\program files\Total Commander
2013-06-04 09:24:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2013-06-04 09:24:19 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-04 09:23:44 -------- d-----w- c:\program files\Foxit Software
2013-06-03 23:27:46 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-06-03 23:26:49 453152 ----a-w- c:\windows\system32\nvuninst.exe
2013-06-03 23:26:42 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2013-06-03 23:26:41 356352 ----a-w- c:\windows\system32\nvunrm.exe
2013-06-03 23:26:37 74240 ----a-w- c:\windows\system32\usbui.dll
2013-06-03 23:23:59 9008 ----a-w- c:\windows\system\VER.DLL
2013-06-03 23:22:23 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-06-03 23:21:47 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2013-06-03 22:12:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-03 22:12:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-03 22:11:40 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2013-06-03 22:06:56 65536 ----a-w- c:\program files\windows sidebar\shared gadgets\rdsafely.gadget\rd.exe
2013-06-03 22:06:56 5632 ----a-w- c:\program files\windows sidebar\shared gadgets\batterygauge.gadget\bin\Gadget.Interop.dll
2013-06-03 22:06:56 5120 ----a-w- c:\program files\windows sidebar\shared gadgets\batterygauge.gadget\bin\BatteryGauge.dll
2013-06-03 22:06:56 21504 ----a-w- c:\program files\windows sidebar\shared gadgets\ultimateshutdown.gadget\scripts\command.exe
2013-06-03 22:06:56 20480 ----a-w- c:\program files\windows sidebar\shared gadgets\wireless_network_meter_v3.1.gadget\NetLib.dll
2013-06-03 22:06:56 20480 ----a-w- c:\program files\windows sidebar\shared gadgets\e_quadcoreusage17.gadget\SharedMemoryReader.dll
2013-06-03 22:06:56 1523712 ----a-w- c:\program files\windows sidebar\shared gadgets\gpumonitor.gadget\GPUMonitor.exe
2013-06-03 22:05:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\WMTools Downloaded Files
2013-06-03 22:04:58 -------- d-----w- c:\windows\system32\Lang
2013-06-03 22:03:42 -------- d-----w- c:\documents and settings\administrator\local settings\application data\DFX
2013-06-03 22:03:20 -------- d-----w- c:\windows\system32\wbem\snmp
2013-06-03 22:03:19 -------- d-sh--w- c:\windows\system32\dllcache
2013-06-03 22:03:19 -------- d-----w- c:\windows\system32\xircom
2013-06-03 21:43:45 -------- d-----w- c:\program files\DLC Ultilities
2013-06-03 21:43:40 -------- d-----w- c:\program files\UberIcon
2013-06-03 21:43:36 -------- d-----w- c:\program files\TaskSwitchXP
2013-06-03 21:43:30 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2013-06-03 21:43:22 -------- d-----w- c:\program files\Alky for Applications
2013-06-03 21:43:16 -------- d-----w- c:\program files\ViSplore
2013-06-03 21:43:12 -------- d-----w- c:\program files\XWindowsDock
2013-06-03 21:43:11 -------- d-----w- c:\program files\Drive Icon
2013-06-03 21:43:06 -------- d-----w- c:\program files\SoundSpectrum
2013-06-03 21:42:47 -------- d-----w- c:\program files\Games
2013-06-03 21:39:19 -------- d-----w- c:\documents and settings\administrator\application data\Styler
2013-06-03 21:39:18 -------- d-----w- c:\program files\Styler
2013-06-03 21:39:09 -------- d-sh--w- c:\windows\system32\semeht
.
==================== Find3M ====================
.
.
============= FINISH: 20:13:49,25 ===============

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

C:\WINDOWS\Change Audio.exe;virustotal;
C:\WINDOWS\TaskBar Icon.exe;virustotal;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 17 Mar 2012
  • Poruke: 32

Evo i ovog loga
mycity.rs/must-login.png

mycity.rs/must-login.png




Zoek.exe Version 4.0.0.2 Updated 22-June-2013
Tool run by Administrator on pon 24.06.2013 at 22:05:44,73.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results24.06.2013-2205.log 291 bytes

==== VirusTotal Scan ======================

C:\WINDOWS\CHANGE AUDIO.EXE virustotal.com/file/E83294E272B79A6607...../analysis/
C:\WINDOWS\TASKBAR ICON.EXE virustotal.com/file/222596814A4AA986FD...../analysis/

==== EOF on pon 24.06.2013 at 22:06:09,68 ======================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Uploaduj mi fajl preko sledećeg linka:

http://www.mycity.rs/ambulanta-upload.php

Klikneš na Choose File, pronađeš fajl i klikneš sa Upload.

C:\WINDOWS\Change Audio.exe
C:\WINDOWS\TaskBar Icon.exe

offline
  • Pridružio: 17 Mar 2012
  • Poruke: 32

uplodovano Smile

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Malware nije prisutan na racunaru, kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 588 korisnika na forumu :: 4 registrovanih, 1 sakriven i 583 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Atomski čoban, havoc995, oddsock, Vl veliki