Sumnja na moguci virus

Sumnja na moguci virus

offline
  • Na odmoru xD
  • Na odmoru xD
  • Pridružio: 15 Feb 2012
  • Poruke: 430

Napisano: 24 Apr 2012 10:26

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 10:21:41 on 2012-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.647 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\SYSTEM32\DNTUS26.EXE
C:\Windows\SYSTEM32\DWRCS.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Virtual PC\Virtual PC.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uInternet Settings,ProxyServer = proxy1.bgdel.co.yu:3128
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: BFlix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - c:\program files\wbtooltb\wbtoolDx.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - c:\program files\wbtooltb\wbtoolDx.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\registration.exe /title="CorelDRAW Graphics Suite 12" /date=042912 serial=DR12WEX-1504397-KTY lang=EN
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: bancaintesabeograd.com\online
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
TCP: Interfaces\{2916171B-41F6-4F61-9E71-593A0B79C70F} : NameServer = 212.200.190.166,212.200.191.166
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\pke6y9a1.default\
FF - prefs.js: browser.startup.homepage - Www.google.rs
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJPI141.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 5026509a0000000000000030676503c5
FF - user.js: extensions.softonic_i.instlDay - 15412
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.511:45:17
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - orgnl
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - eng7
FF - user.js: extensions.softonic_i.instlRef - MON00001
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2011-7-4 99840]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 172032]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-3-19 93312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-10 654408]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-7-4 5120]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-7 5430272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-7 157184]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-10 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-21 136176]
S3 InterServer;InterBase InterClient Server;c:\program files\borland\interbase\interclient\bin\interserver.exe [2011-12-13 114176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-12 15872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-3-27 23064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-12-14 25088]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-12 52224]
.
=============== Created Last 30 ================
.
2012-04-24 08:18:24 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bba7ae6b-fad2-4399-9262-0c52d1cf7d7d}\offreg.dll
2012-04-24 07:14:35 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bba7ae6b-fad2-4399-9262-0c52d1cf7d7d}\mpengine.dll
2012-04-23 21:14:13 -------- d-----w- c:\users\administrator\appdata\local\lazarus
2012-04-23 21:13:49 1849344 ----a-w- c:\windows\system32\Qt4Pas5.dll
2012-04-23 21:11:52 -------- d-----w- C:\lazarus
2012-04-21 22:51:17 -------- d-----w- c:\users\administrator\appdata\local\ChessBase
2012-04-21 22:49:33 -------- d-----w- c:\users\administrator\appdata\roaming\ChessBase
2012-04-21 22:48:58 -------- d-----w- c:\program files\common files\ChessBase
2012-04-21 22:45:13 -------- d-----w- c:\program files\ChessBase
2012-04-21 18:05:36 -------- d-----w- c:\users\administrator\appdata\roaming\codeblocks
2012-04-21 18:05:10 -------- d-----w- c:\program files\CodeBlocks
2012-04-16 19:28:12 -------- d-----w- c:\users\administrator\appdata\local\wxWidgets-2.8.7
2012-04-16 14:26:50 -------- d-----w- c:\programdata\Dev-Cpp
2012-04-16 14:26:46 -------- d-----w- c:\programdata\TDM-GCC
2012-04-16 14:25:56 -------- d-----w- c:\program files\Dev-Cpp
2012-04-14 05:21:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 15:30:39 -------- d-----w- c:\users\administrator\appdata\local\Ironclad Games
2012-04-11 15:23:47 -------- d-----w- c:\program files\Stardock
2012-04-11 10:41:06 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:41:06 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:41:06 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:41:06 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:40:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 10:40:04 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-07 14:32:41 -------- d-----w- c:\program files\Defcon
2012-04-06 17:38:45 -------- d-----w- c:\users\administrator\appdata\local\FreePascal
2012-04-06 17:38:12 -------- d-----w- C:\FPC
2012-04-01 19:05:56 -------- d-----w- c:\users\administrator\appdata\local\{A2712F7F-A712-4407-9F25-F56326E1A395}
2012-03-30 20:06:39 -------- d-----w- c:\users\administrator\appdata\roaming\Dev-Cpp
.
==================== Find3M ====================
.
2012-04-14 05:21:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 17:17:07 22016 ----a-w- c:\windows\system32\MSWINSCK.oca
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 10:02:45 235520 ----a-w- c:\windows\system32\wmp.oca
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 22:23:45 62464 ----a-w- c:\windows\system32\DBGRID32.oca
2012-02-02 21:50:22 63488 ----a-w- c:\windows\system32\MCI32.oca
.
============= FINISH: 10:23:08,45 ===============

Dopuna: 24 Apr 2012 10:27

https://www.mycity.rs/must-login.png

Dopuna: 24 Apr 2012 10:30

Windows mi je par puta smao se "zakocio" iz cista mira. Radio sam na virtualnoj masini neku prezentaciju. Kad sam pokusao jutros da ga ukljucim ukucam uername i pasword i on samo nastavi da mi vrti onaj kruzic kao da ga ucitava 1000 godina morao sam da ga iskljucim pa ponovo upalim da bi mi radio posto na restart je sve isto. Pa bih zeleo da proverim za svaki slucaj

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Pozdrav, Aleksandar1996.

Nisi ispratio uputstvo za otvaranje teme, fale ti GMER ili RootRepeal izveštaji.

offline
  • Na odmoru xD
  • Na odmoru xD
  • Pridružio: 15 Feb 2012
  • Poruke: 430

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png
Izvinjavam se sto nisam odmah okacio uzasno ih je sporo skenirao

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Pozdrav Aleksandre.

Arrow Prvo izvini na čekanju.


Arrow Tvoj kompjuter je čist što se malware-a tiče. Ako imaš problema sa radom računara, otvori temu u Windows potforumu.


Arrow Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. neće ometati njegov rad a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodes USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obavestenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html



Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


Ivance95 (AMF Tim)

offline
  • Na odmoru xD
  • Na odmoru xD
  • Pridružio: 15 Feb 2012
  • Poruke: 430

Hvala ! ! !

Ko je trenutno na forumu
 

Ukupno su 882 korisnika na forumu :: 40 registrovanih, 4 sakrivenih i 838 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amaterSRB, Bane san, Chainsaw, crnitrn, doklevise, Drug pukovnik, goflja76, goran.vvv, goxin, Helket, kaisarevic1, kovinacc, krlebgd77, Lieutenant, madza, Marko Marković, Markoni29, MB120mm, MegaVLAdaR, moldway, nikoladim, panonski mornar, pein, raketaš, rodoljub, S-lash, soldier01, sosko, Srle993, stegonosa, time, TITAN DUDIN JARAN, vasa.93, VJ, Vlada78, vlvl, zajcev1, Zerajic