|
Poslao: 16 Dec 2012 17:27
|
offline
- Pridružio: 10 Jan 2012
- Poruke: 975
|
zdravo!
Sinoc sam uzeo skenirao komp sa avirom i sa anty malwarebytes.
To je sve ukupno trajalo oko 6 sati !
Sto je avira pronasla u karantin je smesteno, a anty malwarebytes sto je pronasao sam obrisao. I trazio je restart, ja sam gau restartovoa i odmah ga ugasio otisoa spavait, jutros kad sam ustao vidim da mi mis na svaki minut zamrzne, dakle sotji strelica 2 sekunde pa prokine, pa onda opt kroz minut opet zamrzne4 2 sekunde pa prokine !
Internet brzina 2.5 MBps
Dakle ne desava se samo u browserima nego i ovako kada cackam nesot po dkumentima, ali igrao sam kanter i tamo nije nikako !
DDS :
DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.9.2
Run by Milan at 16:05:21 on 2012-12-16
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1535.87 [GMT 1:00]
.
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={A331233A-3EA3-49F8-94EC-80933BF6547C}&mid=46bcde84ca2747d0bdb7d15e776623ca-21e573f1d3bb7183e76dae9866480688476e3d50&lang=en&ds=gl011&pr=sa&d=2012-07-22 18:50:44&v=12.1.0.20&sap=hp
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\Milan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_265_Plugin.exe -update plugin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\Milan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{02BDE24E-83A4-4333-8268-0C5DC49B592F} : DHCPNameServer = 192.168.1.1 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Milan\appdata\roaming\mozilla\firefox\profiles\pq67kqb3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=113480&tt=2912_7&babsrc=HP_ss&mntrId=106406e300000000000000173182ca39
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=2912_7&babsrc=KW_ss&mntrId=106406e300000000000000173182ca39&q=
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Milan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-07-20 22:29; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=2912_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 106406e300000000000000173182ca39
FF - user.js: extensions.BabylonToolbar_i.hardId - 106406e300000000000000173182ca39
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15543
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:42:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-20 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-22 242240]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-20 83392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-15 18:39:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-24 13:03:07 -------- d-----w- c:\program files\Counter-Strike 1.6
2012-11-22 17:55:49 -------- d-----w- c:\users\Milan\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2012-11-05 21:21:23 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-10-23 22:19:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-23 22:19:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-23 22:19:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 16:12:27,54 ===============
https://www.mycity.rs/must-login.png
________________________________________________________
Attach:
https://www.mycity.rs/must-login.png
________________________________________________________
Gmer1:
https://www.mycity.rs/must-login.png
________________________________________________________
Gmer2:
https://www.mycity.rs/must-login.png
________________________________________________________
Gmer3:
https://www.mycity.rs/must-login.png
________________________________________________________
To je to !
hvala!
|
|
|
|
|
|
|
|
|
Poslao: 16 Dec 2012 19:37
|
offline
- Pridružio: 10 Jan 2012
- Poruke: 975
|
Napisano: 16 Dec 2012 19:32
Evo vec 1h mi nije nikako zamrzlo cudno o.O .
inace kada sam krenuo sada da otvorim aviru izbacilo mi ovo:
Sto se tice ovog malware anti bytes-a obrisani su logovi :/ !
Dopuna: 16 Dec 2012 19:37
Evo karantin od Malware Bytesa sto je juce smestio tamo nakon skeniranja:
Ovo plavim to je od juce :
|
|
|
|
|
|
|
|
|
|
|
Poslao: 16 Dec 2012 20:18
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
 To bi bilo to. Ukoliko i dalje bude problema, javi se ponovo u temu u Windows potforumu.
Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije završi.
Sto se tice problema sa Avirom, potencijalno resenje problema je u ovoj poruci. To je bag koji nikako da isprave godinama...
Nemas instaliran Service Pack 1 za tvoj sistem, a pretpostavljam ni ostale apdejtove. Obavezno azuriraj sistem.
Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.
Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/
Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html
Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html
Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html
TwinHeadedEagle (AMF Tim)
|
|
|
|
|
|
|
Poslao: 17 Dec 2012 07:20
|
offline
- Pridružio: 10 Jan 2012
- Poruke: 975
|
Opet isto i posle Ambulante!
Onaj Mc shield nisam skida, a ni za browser ranjivost onu.
Update ne smijem raditi, jer ako uradim updateuje mi se i graficka, a to ne smije posto nije ispravna i onda cu imati BSOD .
|
|
|
|
|
|
