MyCity » Ambulanta -> Arhiva Ambulante » Win32:Adware-BAY

Win32:Adware-BAY

Napisano na dan: 15.9.2013
1

Win32:Adware-BAY
Sledeća strana Pagination

Idi na vrh

Poslao: 15 Sep 2013 19:41
Idi na vrh
offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Nakon uključivanja računara i podizanja Windowsa pojavljuje se poruka:
An exception occurred while trying to run "C/:Documents and Settings/Milan/Application Data/BabSolution/Shared/endhancedNT.dll",Run*

Firefox često izbacuje poruku
A script on this page may be busy, or it may have stopped responding.

Računar je usporen pogotovo kada uključim Avast.

Mislim da se problem pojavio kada je neko skinuo HDVidCodec (ili kroz neku igricu ili sa nekog sajta za učenje engleskog jezika online).

Danas sam pustio Avast Boot-time scan (skeniranje je potrajalo nekoliko sati), pronašao je na 12 mesta Win32:Adware-BAY i sve pobrisao.

Koristim kablovski internet.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Milan at 19:39:15 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.137 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
BHO: HDvid Codec V1: {11111111-1111-1111-1111-110311431162} - c:\program files\hdvid codec v1\HDvid Codec V1-bho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\milan\application data\babsolution\shared\enhancedNT.dll",Run
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\milan\startm~1\programs\startup\regist~1.lnk - d:\vuk\vule\prince of persia t2t\support\register\RegistrationReminder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
TCP: NameServer = 91.102.224.62 91.102.225.16
TCP: Interfaces\{598DB00E-D368-4D58-A0D0-E4BC9D876DE4} : DHCPNameServer = 91.102.224.62 91.102.225.16
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Notification Packages = Error!
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\milan\application data\mozilla\firefox\profiles\50koxr5k.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-08-08 14:07; [Link mogu videti samo ulogovani korisnici]; c:\documents and settings\milan\application data\mozilla\firefox\profiles\50koxr5k.default\extensions\gophoto@gophoto.it.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 8cc670dc00000000000000138f0ea95c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15948
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.611:49:57
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=280813_ctrl2&tsp=4991
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-20 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-14 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-20 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-27 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-14 46808]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
.
=============== Created Last 30 ================
.
2013-09-07 21:30:11 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2013-09-07 21:30:03 -------- d-----w- c:\program files\ffdshow
2013-09-07 21:28:59 -------- d-----w- c:\program files\Gophoto.it
2013-09-07 21:28:54 -------- d-----w- c:\program files\HDvid Codec V1
2013-09-07 21:28:09 -------- d-----w- c:\program files\hdvidcodec.com
2013-09-05 14:04:02 209272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-31 09:49:10 -------- d-----w- c:\documents and settings\milan\application data\BabSolution
2013-08-31 09:48:45 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-08-31 09:48:44 -------- d-----w- c:\documents and settings\milan\application data\Babylon
2013-08-31 09:46:53 -------- d-----w- c:\program files\TornTV.com
2013-08-19 19:33:07 -------- d-----w- c:\program files\common files\PCSuite
2013-08-19 19:32:03 -------- d-----w- c:\program files\common files\Nokia
2013-08-19 19:30:05 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-08-19 19:29:47 -------- d-----w- c:\program files\PC Connectivity Solution
2013-08-19 19:29:24 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-08-19 19:29:23 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-08-19 19:29:21 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2013-08-19 19:29:20 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2013-08-19 19:29:17 -------- d-----w- c:\program files\Nokia
2013-08-17 10:58:46 -------- d-----w- c:\program files\Eidos
2013-08-17 10:58:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2013-08-17 10:58:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2013-08-17 10:58:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2013-08-17 10:58:18 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2013-08-17 10:58:17 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2013-08-17 10:58:13 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2013-08-17 10:58:12 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
.
==================== Find3M ====================
.
2013-09-13 15:06:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 15:06:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-07-31 13:11:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-21 13:23:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 13:23:51 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-21 13:23:49 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-21 13:23:49 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-27 19:15:55 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:15:55 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
============= FINISH: 19:40:12.25 ===============


[Link mogu videti samo ulogovani korisnici]



Poslao: 15 Sep 2013 20:11
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.


Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt





------- Sledece ------





Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.



Poslao: 16 Sep 2013 01:20
Idi na vrh
offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Pozdrav Argus.
Ovo je baš potrajalo.
Kod gmer3 nije izašla poruka da je skeniranje završeno, nadam se da je u redu log.

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Poslao: 16 Sep 2013 08:33
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Da, mozda malo duze ali hteo sam detaljno da pogledam sistem, OK idemo dalje, ovo ce brze da ide.


Preuzmi zoek.zip () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Poslao: 16 Sep 2013 18:40
Idi na vrh
offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Zoek.exe Version 4.0.0.4 Updated 14-September-2013
Tool run by Milan on Mon 09/16/2013 at 18:25:37.06.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Milan\Desktop\zoek\zoek.com [Script inserted]

==== System Restore Info ======================

9/16/2013 6:27:27 PM Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2013-09-11 20:39:08 DEA563C49E985B597B188E3604C126E2 1374 ----a-w- C:\WINDOWS\imsins.BAK
====== C:\DOCUME~1\Milan\LOCALS~1\Temp ====
2013-09-03 10:44:43 30FDDC8310BDC66DBEE77118F86E50C9 431600 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus10\BUSolution.dll
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\busF\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\busA9\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus8\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus7\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus5\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus4E\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus3C\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus27\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus1F\CrxUpdater_d.exe
2013-09-03 08:24:36 ED162FF58591A1482749FB412EDFA472 170992 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temp\bus12\CrxUpdater_d.exe
====== Java Cache =====
2013-09-03 09:44:17 725804308EA62BC7E5122E6DF92A6950 611 ----a-w- C:\Documents and Settings\Milan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\6c389293-19aa9736
2013-09-03 09:44:26 F832D3A8CF1721912CD282A0A4F6788C 2226 ----a-w- C:\Documents and Settings\Milan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\727a7042-1c63cedd
2013-09-03 09:44:20 95FFBBE965799719E62017D6A491EE20 16589 ----a-w- C:\Documents and Settings\Milan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31\6ee5f71f-539ff6a1
2013-09-03 09:44:20 CE187DB308F9F9B783C5E00150B45143 5127 ----a-w- C:\Documents and Settings\Milan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45\666e65ed-579a3863
====== C:\WINDOWS\system32 =====
2013-09-07 21:30:11 A88218883D4693F856B016FA842CF549 79360 ----a-w- C:\WINDOWS\System32\ff_vfw.dll
2013-09-07 21:30:11 0903FEFCBD4B28C747DE7EE8201F14D1 714 ----a-w- C:\WINDOWS\System32\ff_vfw.dll.manifest
====== C:\WINDOWS\system32\drivers =====
2013-08-19 19:30:05 F451DCACBAA67F3307305EBD4A39EA07 19072 ----a-w- C:\WINDOWS\System32\drivers\pccsmcfd.sys
2013-08-19 19:29:24 E44F0D17BE0908B58DCC99CCB99C6C32 8192 ----a-w- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
2013-08-19 19:29:23 47F5F9D837D80FFD5882A14DB9DA0A67 8192 ----a-w- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
2013-08-19 19:29:21 2A394E9E1FA3565E4B2FEA470FFE4D6B 23168 ----a-w- C:\WINDOWS\System32\drivers\ccdcmbo.sys
2013-08-19 19:29:20 F6C40E0A565EE3CE5AEEB325E10054F2 18176 ----a-w- C:\WINDOWS\System32\drivers\ccdcmb.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-09-07 21:30:03 -------- d-----w- C:\Program Files\ffdshow
2013-09-07 21:28:54 -------- d-----w- C:\Program Files\HDvid Codec V1
2013-08-19 19:33:07 -------- d-----w- C:\Program Files\Common Files\PCSuite
2013-08-19 19:32:03 -------- d-----w- C:\Program Files\Common Files\Nokia
2013-08-19 19:29:47 -------- d-----w- C:\Program Files\PC Connectivity Solution
2013-08-19 19:29:17 -------- d-----w- C:\Program Files\Nokia
======= C: =====
====== C:\Documents and Settings\Milan\Application Data ======
2013-08-21 07:40:58 -------- d-----w- C:\Documents and Settings\Milan\Start Menu\Programs\Activision\Spider-Man\Game Manuals
2013-08-21 07:40:58 -------- d-----w- C:\Documents and Settings\Milan\Start Menu\Programs\Activision\Spider-Man
2013-08-21 07:40:58 -------- d-----w- C:\Documents and Settings\Milan\Start Menu\Programs\Activision
====== C:\Documents and Settings\Milan ======
2013-09-15 18:20:59 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Documents and Settings\Milan\Desktop\f6cpvli6.exe
2013-09-15 18:19:49 6A6CE9A0410A29061FCF6CAD8DE0387C 1039554 ----a-w- C:\Documents and Settings\Milan\Desktop\AdwCleaner.exe
2013-09-01 12:38:49 -------- d--h--r- C:\Documents and Settings\Milan\Recent

====== C: exe-files ==
2013-09-15 18:20:59 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Documents and Settings\Milan\Desktop\f6cpvli6.exe
2013-09-15 18:19:49 6A6CE9A0410A29061FCF6CAD8DE0387C 1039554 ----a-w- C:\Documents and Settings\Milan\Desktop\AdwCleaner.exe
2013-09-14 20:10:33 BFECED0E1A24366107F38AB7E3A53CE1 1068040 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\TUA4AH5Y\install_flashplayer11x32ax_chra_awa_aih[1].exe
2013-09-11 20:42:53 78141AD888BA82E3ABC854D229A59F07 231288 -c----w- C:\WINDOWS\ie8updates\KB2870699-IE8\spuninst\spuninst.exe
2013-09-11 20:42:47 6571E4D577A52E7C982FA11D2ABD4DA0 174592 -c----w- C:\WINDOWS\ie8updates\KB2870699-IE8\ie4uinit.exe
=== C: other files ==
2013-09-14 20:13:27 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\0XYXR0NA\flXHR[1].vbs

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray"

==== Startup Folders ======================

2012-12-22 11:32:54 949 ----a-w- C:\Documents and Settings\Milan\Start Menu\Programs\Startup\Registration Prince of Persia T2T.LNK

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/13/2013 05:06 PM]
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\Express FilesUpdate.job --a------ C:\Program Files\ExpressFiles\EFUpdater.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default
- HDvid Codec 3 - %ProfilePath%\extensions\hdvc3@hdvidcodec.com.xpi
- Torntv 3 - %ProfilePath%\extensions\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default
E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
626791785FF2A338575E8AF0563D8333 - C:\WINDOWS\npMSDM.dll - Microsoft Download Manager Plugin
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dnllcmllkjofnojidnaknldfehfhehoo - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx[]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.googl.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{300D8835-9CDB-4276-92AC-F8330E1D1880} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enRS510"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{DCB0C936-8CEB-4CFF-A8A3-4AA6D75437AA} Bing Url="http://www.bing.com/search?q={searchTerms}&r=718"

==== EOF on Mon 09/16/2013 at 18:30:09.06 ======================

Poslao: 16 Sep 2013 18:50
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:


HDvid Codec 3;ff
Torntv 3;ff
dnllcmllkjofnojidnaknldfehfhehoo;chr
emptyclsid;
emptyalltemp;
autoclean;





Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.



Kakvo je stanje?

Poslao: 16 Sep 2013 20:38
Idi na vrh
offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

Stanje je sledeće:

- po uključenju računara i podizanja Windowsa više se ne pojavljuje poruka:
An exception occurred while trying to run "C/:Documents and Settings/Milan/Application Data/BabSolution/Shared/endhancedNT.dll",Run*

- Firefox više ne izbacuje poruku:
A script on this page may be busy, or it may have stopped responding.

*kada pokrenem Firefox potrebno je oko 2 min da se otvori početna strana
*kada želim otvoriti sajt u početku se u gornjem levom uglu pojavi ikonica da nije raspoloživ i nakon nekoliko sekundi se učita

- Avast još nisam uključio

Sve u svemu stanje je zadovoljavajuće.


Zoek.exe Version 4.0.0.4 Updated 14-September-2013
Tool run by Milan on Mon 09/16/2013 at 20:02:35.11.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Milan\Desktop\zoek\zoek.com [Script inserted]

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DCB0C936-8CEB-4CFF-A8A3-4AA6D75437AA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default

user.js not found
---- Lines HDvid Codec 3 removed from prefs.js ----


---- Lines HDvid Codec 3 modified from prefs.js ----


---- Lines Torntv 3 removed from prefs.js ----


---- Lines Torntv 3 modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_20130916_0810_.backup

==== Deleting Files \ Folders ======================

"C:\WINDOWS\Tasks\Express FilesUpdate.job" deleted
"C:\Program Files\HDvid Codec V1" deleted
"C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default\jetpack" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default
- HDvid Codec 3 - %ProfilePath%\extensions\hdvc3@hdvidcodec.com.xpi
- Torntv 3 - %ProfilePath%\extensions\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default
E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
626791785FF2A338575E8AF0563D8333 - C:\WINDOWS\npMSDM.dll - Microsoft Download Manager Plugin
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default\extensions\trtv3@trtv.com.xpi" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dnllcmllkjofnojidnaknldfehfhehoo - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.googl.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.googl.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{300D8835-9CDB-4276-92AC-F8330E1D1880} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enRS510"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Milan\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Milan\Local Settings\Application Data\Mozilla\Firefox\Profiles\50koxr5k.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Milan\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on Mon 09/16/2013 at 20:15:25.48 ======================

Poslao: 16 Sep 2013 20:46
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokreni zoek jos jednom sa ovom skriptom:

FFdefaults;

Poslao: 16 Sep 2013 21:00
Idi na vrh
offline
  • Pridružio: 07 Apr 2012
  • Poruke: 114

E sada je kao nov. Very Happy Zagrljaj
HVALA!!!

Da li ti je potreban ovaj zadnji log?

Još samo da se Avast uklopi u sve to Razz

Poslao: 16 Sep 2013 21:10
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Citat:Da li ti je potreban ovaj zadnji log?

Da, zbog arhive ambulante molim te postavi.

MyCity » Ambulanta -> Arhiva Ambulante » Win32:Adware-BAY

Ko je trenutno na forumu
 

Ukupno su 1173 korisnika na forumu :: 17 registrovanih, 3 sakrivenih i 1153 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100ka, BZ, Deki Duga Devetka, draganl, Dzambas, HrcAk47, mir, Polifon, Saša31LPB, sevenino, taomaster, Tastatura ratnik, TRAVUNIJA, VJ, XBMC, Zastava, zlukic