virus radi pometnju.

virus radi pometnju.

offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

Napisano: 06 Avg 2012 17:14

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Vladan at 15:32:29 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.439 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MCShield\MCShieldRTM.exe
svchost.exe
F:\Bluetooth Exchange Folder\bin\btwdins.exe
F:\Bluetooth Exchange Folder\BTTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Vladan\Start Menu\Programs\Startup\mgyjn.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://domredi.com/1/
uInternet Settings,ProxyServer = use:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe
uRun: [Google Update] "c:\documents and settings\vladan\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - f:\bluetooth exchange folder\BTTray.exe
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - f:\bluetooth exchange folder\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - f:\bluetooth exchange folder\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A9DA7AA-5954-410F-BA11-7CC00D0A2505} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.2 company.zynga.com
Hosts: 127.0.0.3 poker.zynga.com
Hosts: 127.0.0.4
Hosts: 127.0.0.5 zynga.com
Hosts: 127.0.0.6
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://tv.sb.eurosport.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109989&tt=050412_30b&babsrc=KW_ss&mntrId=205cf23d0000000000000001295006e2&q=
FF - plugin: c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\extensions\{7d2fb79e-e58c-4db5-a36f-ac1c73967f4d}\plugins\npqbc.dll
FF - plugin: c:\documents and settings\vladan\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 205cf23d0000000000000001295006e2
FF - user.js: extensions.BabylonToolbar_i.hardId - 205cf23d0000000000000001295006e2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15435
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:03:45
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-1-21 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-1-21 43784]
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2011-6-1 73088]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-3 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-1 353688]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-1-21 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-1-21 185864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-1 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-21 44808]
S1 SuperMounter;SuperMounter; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-1-27 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-1-27 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-6 113120]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\msi\live update 5\msibios32_100507.sys --> c:\program files\msi\live update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\msi\live update 5\ntiolib.sys --> c:\program files\msi\live update 5\NTIOLib.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-06 12:29:08 143872 -c--a-w- c:\windows\system32\javacpl.cpl
2012-08-02 22:02:41 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 22:02:41 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 20:06:20 687544 -c--a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 11:46:44 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 -c--a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 -c--a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 -c--a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:44 22040 -c--a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 -c--a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 -c--a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 -c----w- c:\windows\system32\html.iec
.
============= FINISH: 15:33:45,60 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 06 Avg 2012 20:43

...........................................

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5284
  • Gde živiš: Beograd

Pozdrav, šemahenry23


Korak 1

Arrow Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
:files
 c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe

Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.


Korak 2


Arrow Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt


Korak 3
Arrow Opiši kakve konkretno probleme imaš, da li se stanje popravilo nakon ovoga?

offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

Napisano: 06 Avg 2012 21:49

========== FILES ==========
File move failed. c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe scheduled to be moved on reboot.

OTM by OldTimer - Version 3.1.21.0 log created on 08062012_214212

Files moved on Reboot...
c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe moved successfully.

Registry entries deleted on Reboot...

1 korak završen.

Dopuna: 06 Avg 2012 22:03

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

2 korak gotov.

Dopuna: 06 Avg 2012 22:11

Nema ovoga virusa sto je bio.
Mozete mi reći sta da uklonim sa računara ako ima neki visak.

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5284
  • Gde živiš: Beograd

Hoćeš li molim te da opišeš problem?

offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

evo pogledaj ovu temu. http://www.mycity.rs/Windows/Pretrazivaci-se-ukoce.html kada odem na youtube koč mi pretrazivaci. ovoga virusa nema više. memam sad nikakvih problema. osim ovoga sa pretrazivacima

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5284
  • Gde živiš: Beograd

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

ComboFix 12-08-05.02 - Vladan 06.08.2012 22:59:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.647 [GMT 2:00]
Running from: c:\documents and settings\Vladan\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0406.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 19:34 . 2012-08-06 19:34 -------- d-----w- C:\_OTM
2012-08-06 13:03 . 2012-08-06 13:03 -------- dc----w- c:\program files\Mozilla Maintenance Service
2012-08-06 12:34 . 2012-08-06 12:34 -------- dc----w- c:\program files\Common Files\Java
2012-08-06 12:31 . 2012-08-06 12:31 -------- dc----w- c:\program files\Oracle
2012-08-06 12:30 . 2012-08-06 12:30 -------- dc----w- c:\documents and settings\Vladan\Application Data\Oracle
2012-08-06 12:30 . 2012-07-05 20:06 772544 -c--a-w- c:\windows\system32\npDeployJava1.dll
2012-07-28 18:07 . 2012-07-28 18:07 -------- dc----w- c:\program files\directx
2012-07-28 18:05 . 2012-07-28 18:06 -------- dc----w- c:\program files\Common Files\Logitech
2012-07-28 18:04 . 2012-07-28 18:04 -------- d-----w- C:\My Music
2012-07-28 18:04 . 2012-07-28 18:15 -------- dc----w- c:\program files\Common Files\Real
2012-07-28 18:04 . 2012-07-28 18:04 -------- dc----w- c:\program files\Windows Media Components
2012-07-28 18:03 . 2012-07-28 18:12 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-28 18:02 . 2012-07-28 18:28 -------- dc----w- c:\program files\Logitech
2012-07-28 18:01 . 2012-07-28 18:01 53248 -c----w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2012-07-28 18:01 . 2012-07-28 18:01 126976 -c----w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-07-28 18:01 . 2012-07-28 18:01 114688 -c----w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-07-22 23:26 . 2012-07-23 00:13 -------- dc----w- c:\program files\FileMenuTools
2012-07-22 18:36 . 2012-07-22 23:24 -------- d-----w- C:\FileMenuTools
2012-07-18 11:44 . 2012-07-18 19:51 -------- dc----w- c:\program files\Common Files\RBSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 12:29 . 2012-04-16 20:08 143872 -c--a-w- c:\windows\system32\javacpl.cpl
2012-08-02 22:02 . 2012-04-05 20:15 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 22:02 . 2012-02-21 15:13 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2011-06-15 20:28 687544 -c--a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21 . 2011-06-01 14:52 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-06-01 15:13 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-06-01 14:53 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-06-01 14:53 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-06-01 14:52 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2011-06-01 14:52 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2011-06-01 14:52 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2011-06-01 14:52 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2011-06-01 15:13 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-06-01 14:52 227648 -c--a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2012-01-07 16:11 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2008-04-13 23:00 1866112 -c--a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 03:42 1372672 -c--a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 03:42 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 03:42 152576 -c--a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 22040 -c--a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-06-01 14:16 329240 -c--a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-06-01 14:16 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-06-01 14:16 210968 -c--a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-06-01 14:16 53784 -c--a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-06-01 14:16 35864 -c--a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 -c--a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 -c--a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 03:41 97304 -c--a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24 17944 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-06-01 14:16 577048 -c--a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-06-01 14:16 1933848 -c--a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 03:41 599040 -c--a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 03:42 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 03:42 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2008-04-14 03:41 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2008-04-13 22:07 385024 -c----w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-02 . 0387E9B5976A4941E50BF934D0F84686 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MCShield Monitor"="c:\program files\MCShield\MCShieldRTM.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - f:\bluetooth exchange folder\BTTray.exe [2006-4-12 643133]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"NMSAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Guard Agent"=2 (0x2)
"EaseUS Agent"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"f:\\KONAMI\\pes2012.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [21.1.2012 13:09 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [21.1.2012 13:09 43784]
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [1.6.2011 16:34 73088]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3.5.2012 2:20 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.6.2011 17:13 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.6.2011 16:53 353688]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [21.1.2012 13:09 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [21.1.2012 13:09 185864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.6.2011 16:53 21256]
S1 SuperMounter;SuperMounter; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 22:15 250056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.1.2012 18:51 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.1.2012 18:51 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.8.2012 15:03 113120]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:02]
.
2012-08-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 16:21]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-152049171-725345543-1003Core.job
- c:\documents and settings\Vladan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-25 16:49]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-152049171-725345543-1003UA.job
- c:\documents and settings\Vladan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-25 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://domredi.com/1/
uInternet Settings,ProxyServer = use:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - f:\bluetooth exchange folder\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Vladan\Application Data\Mozilla\Firefox\Profiles\oc38iv22.default\
FF - prefs.js: browser.startup.homepage - hxxp://tv.sb.eurosport.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-152049171-725345543-1003\ "*_*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:3d,f2,5d,09,50,06,e2,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
f:\bluetooth exchange folder\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-06 23:13:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 21:13
.
Pre-Run: 4.021.465.088 bytes free
Post-Run: 3.781.029.888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /noexecute=alwaysoff /fastdetect
.
- - End Of File - - D780A0BE792C78B024DD8507D726FD03



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5284
  • Gde živiš: Beograd

Arrow Na računaru više nemaš aktivnog malware-a. Ukoliko i dalje imaš problema u radu obrati se u svojoj temi u Windows potforumu.



Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Ivance95 (AMF Tim)

offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

Testiro sam pretrazivač sve je dobro.
jutjub stopa jos ne mogu da odem na settings(na videosnimak pa desni taster misa pa settings)

Ko je trenutno na forumu
 

Ukupno su 806 korisnika na forumu :: 9 registrovanih, 0 sakrivenih i 797 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1798 - dana 19 Sep 2019 18:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, banebeograd, ibssa, Kruger2, lojola, Milan Miscevic, Milos1977, perica5, yrraf