Usporen rad racunara

Usporen rad racunara

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

Napisano: 26 Dec 2011 20:03

Pozdrav
Prije nekolika dana racunar je oceo veoma da koci...Takodje mnogo vremena mu treba da ocita neku stranicu na internetu.
Pokusao sam skeniranje Avastom i MBAM-om i oni nisu nista nasli.
Ja ipak sumnjam na malware pa sam odlucio da se obratim vama.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Kiboa at 19:36:43 on 2011-12-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.135 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Kiboa\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\secpro.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
mStart Page = hxxp://home.sweetim.com
mSearchAssistant = hxxp://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\isafe\wpk.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: MrFroggy Class: {856e12b5-22d7-4e22-9aca-ea9a008dd65b} - c:\program files\minibar\Froggy.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - c:\program files\minibar\Kango.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized
uRun: [F.lux] "c:\documents and settings\kiboa\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Google Update] "c:\documents and settings\kiboa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\kiboa\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\kiboa\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\kiboa\local settings\application data\facebook\messenger\2.0.4373.0\FacebookMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvremo~1.lnk - c:\program files\terminator\tv7131 utilities\P3XRCtl.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\MinibarButton.dll
TCP: DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
TCP: Interfaces\{24DAF792-1CA6-44A6-98F9-3F3BF5AAE365} : DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-12-17 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-12-17 195416]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2037-8-20 64512]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2082-7-8 16640]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-12-17 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-17 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-17 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-17 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-17 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-12-17 127192]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2037-10-28 366152]
R2 SecStore;Secure Storage;c:\windows\system32\secpro.exe [2037-11-1 61440]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2082-7-25 685824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2037-10-28 22216]
S0 edyvv;edyvv;c:\windows\system32\drivers\vbqsam.sys --> c:\windows\system32\drivers\vbqsam.sys [?]
S0 lhur;lhur;c:\windows\system32\drivers\knsk.sys --> c:\windows\system32\drivers\knsk.sys [?]
S0 loonk;loonk;c:\windows\system32\drivers\dkysk.sys --> c:\windows\system32\drivers\dkysk.sys [?]
S0 rccjsut;rccjsut;c:\windows\system32\drivers\hxgsoj.sys --> c:\windows\system32\drivers\hxgsoj.sys [?]
S0 xctqetgw;xctqetgw;c:\windows\system32\drivers\ghcqhx.sys --> c:\windows\system32\drivers\ghcqhx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-12-21 74752]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 PSGenUn;Panda Security Generic Uninstaller;c:\smclpav\smclpav.exe /logc:\docume~1\admini~1\locals~1\temp\pslogs\smclpav_77.log /runservice --> c:\smclpav\SMCLpav.exe [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2082-07-25 16:45:26 306688 ----a-w- c:\windows\IsUninst.exe
2082-07-25 16:43:40 32768 ----a-w- c:\windows\p3xunist.exe
2082-07-25 16:43:28 685824 ----a-r- c:\windows\system32\drivers\Cap713x.sys
2082-07-25 16:43:20 57344 ----a-r- c:\windows\system32\Prop713x.dll
2082-07-25 16:43:12 -------- d-----w- c:\program files\Terminator
2082-07-25 16:43:06 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2082-07-25 16:43:05 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2082-07-25 16:43:05 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2082-07-25 16:43:05 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2082-07-25 16:43:05 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2082-07-25 16:43:05 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2082-07-25 16:43:05 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2082-07-25 16:43:04 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2082-07-17 19:26:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2082-07-17 19:26:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2082-07-17 19:26:43 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2082-07-17 19:26:43 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
==================== Find3M ====================
.
2037-11-24 14:20:43 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2037-10-29 21:58:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2037-10-27 12:45:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2037-08-20 12:36:14 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2037-08-20 12:35:19 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-24 22:52:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:26:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 20:35:20 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 19:37:57,90 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 26 Dec 2011 22:20

Pogledaj pravilnik Mr. Green

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16459

Korak 1.


Preuzmi AVZ Antiviral Toolkit sa sledećeg linka :

http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip


Raspakuj arhivu u neki folder (uputstvo), a zatim:
pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Custom Scripts;

u prozor koji se otvori iskopiraj sve što se nalazi unutar Kod polja:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
RegKeyStrParamWrite('HKCU', 'software\microsoft\windows nt\currentversion\winlogon', 'Userinit', 'c:\windows\system32\userinit.exe,');
QuarantineFile('C:\Program Files\iSafe\wpk.exe','');
DeleteFile('C:\Program Files\iSafe\wpk.exe');
DelCLSID('856e12b5-22d7-4e22-9aca-ea9a008dd65b');
DelCLSID('aa74d58f-acd0-450d-a85e-6c04b171c044');
DelCLSID('338B4DFE-2E2C-4338-9E41-E176D497299E');
DelCLSID('99079a25-328f-4bd4-be04-00955acaa0a7');
DelCLSID('99079a25-328f-4bd4-be04-00955acaa0a7');
DelCLSID('AAA38851-3CFF-475F-B5E0-720D3645E4A5');
DeleteDirectory('c:\program files\minibar');
BC_DeleteSvc ('edyvv');
BC_DeleteSvc ('lhur');
BC_DeleteSvc ('rccjsut');
BC_DeleteSvc ('xctqetgw');
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.


klikni taster Run i sačekaj da se skripta izvrši.



--------------------------------


Korak 2.


Ponovo pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Standard Scripts;

U prozoru koji se otvori štikliraj opciju 2 i klikni Execute Selected Scripts;

klikni Yes;

po završetku skeniranja dobićeš obaveštenje: Script Executed;

izađi iz programa.


Uploaduj fajl virusinfo_syscheck.zip koji se nalazi u avz\log folderu na forum.


--------------------------------


Korak 3.

Postavi i svež DDS log

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

Hvala vam Ziveli
Na racunaru se vidi veliko poboljsanje.
Mislim da sam rijesio problem.
Hvala AMF timu Ziveli

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16459

Slučaj još nije gotov.

Bolje po tebe (i tvoj računar) bi bilo da pošalješ neophodne izveštaje, kako sam ti napisao u prethodnoj poruci, da utvrdimo trenutno stanje operativnog sistema.

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

Napisano: 29 Dec 2011 13:30

Evo logova.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Kiboa at 13:23:38 on 2011-12-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.40 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Kiboa\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\secpro.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
mStart Page = hxxp://home.sweetim.com
mSearchAssistant = hxxp://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No File
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized
uRun: [F.lux] "c:\documents and settings\kiboa\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Google Update] "c:\documents and settings\kiboa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\kiboa\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\kiboa\startm~1\programs\startup\facebo~1.lnk - c:\documents and settings\kiboa\local settings\application data\facebook\messenger\2.0.4373.0\FacebookMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvremo~1.lnk - c:\program files\terminator\tv7131 utilities\P3XRCtl.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
TCP: Interfaces\{24DAF792-1CA6-44A6-98F9-3F3BF5AAE365} : DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-12-17 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-12-17 195416]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2037-8-20 64512]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-12-17 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-17 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-17 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-17 20568]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2082-7-25 685824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2037-10-28 22216]
S0 loonk;loonk;c:\windows\system32\drivers\dkysk.sys --> c:\windows\system32\drivers\dkysk.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2082-07-25 16:45:26 306688 ----a-w- c:\windows\IsUninst.exe
2082-07-25 16:43:40 32768 ----a-w- c:\windows\p3xunist.exe
2082-07-25 16:43:28 685824 ----a-r- c:\windows\system32\drivers\Cap713x.sys
2082-07-25 16:43:20 57344 ----a-r- c:\windows\system32\Prop713x.dll
2082-07-25 16:43:12 -------- d-----w- c:\program files\Terminator
2082-07-25 16:43:06 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2082-07-25 16:43:05 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2082-07-25 16:43:05 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2082-07-25 16:43:05 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2082-07-25 16:43:05 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2082-07-25 16:43:05 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2082-07-25 16:43:05 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2082-07-25 16:43:04 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2082-07-17 19:26:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2082-07-17 19:26:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2082-07-17 19:26:43 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2082-07-17 19:26:43 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
==================== Find3M ====================
.
2037-11-24 14:20:43 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2037-10-29 21:58:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2037-10-27 12:45:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2037-08-20 12:36:14 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2037-08-20 12:35:19 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-24 22:52:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:26:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 20:35:20 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 13:28:42,17 ===============

https://www.mycity.rs/must-login.png

Dopuna: 29 Dec 2011 13:31

A virusinfo_syscheck.zip nisam mogao da nadjem.

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16459

Korak 1.

pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Custom Scripts;

u prozor koji se otvori iskopiraj sve što se nalazi unutar Kod polja:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
BC_DeleteSvc ('loonk');
BC_ImportDeletedList;
BC_Activate;
RebootWindows(true);
end.


klikni taster Run i sačekaj da se skripta izvrši.



--------------------------------


Korak 2.


Ponovo pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Standard Scripts;

U prozoru koji se otvori štikliraj opciju 2 i klikni Execute Selected Scripts;

klikni Yes;

po završetku skeniranja dobićeš obaveštenje: Script Executed;

izađi iz programa.


Uploaduj fajl virusinfo_syscheck.zip koji se nalazi u avz\log folderu na forum.


Idea Ukoliko, iz nekog razloga, ne možeš da nađeš ovu datoteku, koristi pretragu na računaru.




Korak 3.

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

MBAM nije nista pronasao.
A avz/log nisam mogao da nadjem zbog toga sto i ne postoji na racunaru.Koristio sam pretragu ali nije nista pronadjeno.
Sta treba sada da uradim?

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16459

MISTER UNSU ::
Sta treba sada da uradim?


Da uživaš u novogodišnjim praznicima Ziveli


Tvoj računar je čist što se tiče malicioznih programa.
Već si primetio da je bolje stanje računara.

Arrow Potrebno je deinstalirati AVZ Antiviral Toolkit.
Pokreni AVZ (dvoklikom na ikonicu);

U meniju izaberi File>Standard Scripts;

U prozoru koji se otvori štikliraj opciju 6 i klikni na Execute Selected Scripts;

Klikni Yes;

Po završetku postupka dobićeš obaveštenje: Script Executed;

Izađi iz programa i obriši folder gde je program raspakovan.



Arrow Uključi i isključi System Restore:
http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....sta-7.html


Arrow Nije loše da koristiš i MCShield za zaštitu od infekcija sa USB diskova

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

Veliko hvala tebi i citavom AMF timu.
MC Shield vec koristim Very Happy
Ziveli Ziveli

Ko je trenutno na forumu
 

Ukupno su 555 korisnika na forumu :: 14 registrovanih, 2 sakrivenih i 539 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, awathorn, Ctrl x, darios, Despot1, dragoljub11987, GreenMan, Krusarac, mane123, Mixelotti, NoOneEver Dreams, Radiša, Steeeefan, Vzor50