Prilikom skeniranja malwarebyte-om, naslo mi je trinaest virusa. . Kad sam skenirao sa registry reviver, naslo je preko 500 gresaka u registru. . .  Da li neko moze da mi pomogne da ocistim komp od virusa?

Kopiraj mi zadnji log od malwarebytes-a da vidim sta ti je nasao.
Pokreni malwarebytes ,predji na karticu logs,otvori dvoklikom prvi file (notepad) i kopiraj sadrzaj
To izgleda kao na slici.



I znaj: Malwarebytes ti je AntiMalware program...on trazi Viruse.
Registry Reviver je nesto drugo. To je skener registry-ja u potrazi za neaktvnim kljucevima.

znam da je Registry reviver nesto drugo, ali me je zabrinulo sto toliko gresaka prijavljuje s obzirom da sam pre nekoliko dana reinstalrao sistem. . .

evo log


Malwarebytes' Anti-Malware 1. 50. 1. 1100
www. malwarebytes. org

Database version: 5507

Windows 5. 1. 2600 Service Pack 2
Internet Explorer 6. 0. 2900. 2180

19. 1. 2003 4:31:06
mbam-log-2003-01-19 (04-31-06). txt

Scan type: Quick scan
Objects scanned: 139554
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware. MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware. MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware. MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller. Start. 1 (Adware. MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller. Start (Adware. MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware. MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware. MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware. MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware. MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\2. bin (Adware. MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\funwebproducts\Installr\2. bin\F3EZSETP. DLL (Adware. MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\2. bin\F3PLUGIN. DLL (Adware. MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\2. bin\NPFUNWEB. DLL (Adware. MyWebSearch) -> Quarantined and deleted successfully.

Nista bitno i nista za brigu...malwarebytes je pronasao ostatke adware-a...nista zabrinjavajuce.

Ponovo pokreni mbam i odradi Full Scan...cisto da bi pronasao ostatke (ako vec nije) od konfiguracionih fajlova i/ili uniosa od MyWebSearch-a.

Inace...nisam testirao docini program ( Registry Reviver ) ali programe u koje mozes verovati jesu.

Solidni CCleaner , mocniji Wise Registry Cleaner ...itd...

Ne znam za program pa ne mogu da tvrdim validnost toga sto je nasao...kazem jer postoji podosta programa koji laziraju da bi korisnici kupili Pro verziju..

Ako nemas nekih vecih problema...nista zabrinjavajuce.

sto se virusa tice, tu imam bas velikih problema...ikonice se same kopiraju, net je usporen vec neko vreme. Tek sam danas odlucio da potrazim pomoc   Milsim da je ozbiljno, jer mi se nikad ovako nije desavalo... I to samo zato sto mi je neki drug doneo neki cd, tj igricu,punu virusa

Ma i tu sumnjam da je bilo virusa. Mozda neki keygenerator pa ga je AV prijavio kao malware jer proizvodjaci igirica placaju AV kompanijama da jure keygenove i crack-ove radi velike piraterije.

Ako zelis da proverimo..nije problem.

Preuzmi DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds,kad zavrsi, DDS ce otvoriti dva loga:
         1. DDS.txt
         2. Attach.txt
Oba izvestaja sacuvaj na Desktop.
Kopiraj mi sadrzaj DDS.txt loga

evo loga



DDS (Ver_10-12-12.02) - NTFSx86 
Run by User at  5:55:08,18 on ned 19.01.2003
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.189 [GMT 1:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\xh1sqh52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\funwebproducts\installr\2.bin\NPFUNWEB.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-3 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-3 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-3 40384]

=============== Created Last 30 ================

2010-12-04 20:07:17   221184   ----a-w-   c:\windows\system32\wmpns.dll
2010-12-04 09:46:27   --------   d-----w-   c:\windows\ServicePackFiles
2010-12-04 07:47:07   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2010-12-04 07:47:07   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2010-12-04 07:37:05   454016   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2010-12-04 07:23:41   2137088   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2010-12-04 07:23:40   2181376   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-04 07:23:39   2058368   -c----w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2010-12-04 07:23:39   2016768   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2010-12-03 21:21:20   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2010-12-03 09:56:15   --------   d-----w-   c:\docume~1\user\locals~1\applic~1\ATI
2010-12-03 09:55:14   --------   d-----w-   c:\docume~1\user\locals~1\applic~1\ApplicationHistory
2010-12-03 09:45:22   --------   d-----w-   c:\windows\system32\URTTemp
2010-12-03 09:34:05   0   ----a-w-   c:\windows\ativpsrm.bin
2010-12-03 09:32:15   --------   d-----w-   C:\ATI
2010-12-03 09:26:42   --------   d-----r-   c:\program files\Skype
2010-12-03 09:23:17   38848   ----a-w-   c:\windows\avastSS.scr
2010-12-03 09:23:07   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-03 09:21:00   33104   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-12-03 09:21:00   32592   ----a-w-   c:\windows\system32\msonpmon.dll
2010-12-03 09:15:07   --------   d-----w-   c:\windows\SHELLNEW
2010-12-03 09:14:49   --------   d-----w-   c:\docume~1\user\locals~1\applic~1\Microsoft Help
2010-12-03 09:11:41   499712   ------w-   c:\windows\system32\msvcp71.dll
2010-12-03 09:11:37   77824   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-12-03 09:11:37   32768   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-12-03 09:11:37   225280   ----a-w-   c:\program files\common files\installshield\iscript\iscript.dll
2010-12-03 09:11:37   176128   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-12-03 09:11:36   614532   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-12-03 09:11:33   --------   d-----w-   c:\docume~1\user\locals~1\applic~1\Google
2010-12-03 09:10:58   --------   d-----w-   c:\docume~1\user\locals~1\applic~1\ashampoo
2010-12-03 09:10:58   --------   d-----w-   c:\docume~1\alluse~1\applic~1\ashampoo
2010-12-03 09:10:52   --------   d-----w-   c:\program files\Ashampoo
2010-12-03 09:10:31   421888   ----a-w-   c:\windows\system32\ac3filter.acm
2010-12-03 09:10:23   --------   d-----w-   c:\program files\XP Codec Pack
2010-12-03 09:09:55   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-12-03 09:09:55   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-12-03 09:09:50   --------   d-----w-   c:\program files\Webteh
2010-12-03 09:09:01   --------   d-----w-   c:\program files\GRETECH
2010-12-03 09:06:57   26496   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
2010-12-03 09:03:27   6400   ----a-w-   c:\windows\system32\drivers\splitter.sys
2010-12-03 09:03:24   142464   ----a-w-   c:\windows\system32\drivers\aec.sys
2010-12-03 09:03:22   54272   ----a-w-   c:\windows\system32\drivers\swmidi.sys
2010-12-03 09:03:19   52864   ----a-w-   c:\windows\system32\drivers\DMusic.sys
2010-12-03 09:03:16   7552   ----a-w-   c:\windows\system32\drivers\MSKSSRV.sys
2010-12-03 09:03:13   2944   ----a-w-   c:\windows\system32\drivers\drmkaud.sys
2010-12-03 09:03:11   4992   ----a-w-   c:\windows\system32\drivers\MSPQM.sys
2010-12-03 09:03:08   82944   ----a-w-   c:\windows\system32\drivers\wdmaud.sys
2010-12-03 09:03:05   5376   ----a-w-   c:\windows\system32\drivers\MSPCLOCK.sys
2010-12-03 09:03:03   171776   ----a-w-   c:\windows\system32\drivers\kmixer.sys
2010-12-03 09:03:00   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys
2010-12-03 09:02:54   3072   ----a-w-   c:\windows\system32\drivers\audstub.sys
2010-12-03 09:02:22   10624   ----a-w-   c:\windows\system32\drivers\gameenum.sys
2010-12-03 09:01:47   57472   ----a-w-   c:\windows\system32\drivers\redbook.sys
2010-12-03 09:01:06   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2010-12-03 09:00:42   4096   -c--a-w-   c:\windows\system32\dllcache\ksuser.dll
2010-12-03 09:00:42   4096   ----a-w-   c:\windows\system32\ksuser.dll
2010-12-03 09:00:42   334208   ----a-w-   c:\windows\system32\drivers\ds1wdm.sys
2010-12-03 09:00:42   145792   -c--a-w-   c:\windows\system32\dllcache\portcls.sys
2010-12-03 09:00:42   145792   ----a-w-   c:\windows\system32\drivers\portcls.sys
2010-12-03 09:00:41   60288   -c--a-w-   c:\windows\system32\dllcache\drmk.sys
2010-12-03 09:00:41   60288   ----a-w-   c:\windows\system32\drivers\drmk.sys
2010-12-03 09:00:41   130048   ----a-w-   c:\windows\system32\ksproxy.ax
2010-12-03 09:00:38   42368   ----a-w-   c:\windows\system32\drivers\AGP440.SYS
2010-12-03 09:00:20   5504   ----a-w-   c:\windows\system32\drivers\intelide.sys
2010-12-03 09:00:13   74240   ----a-w-   c:\windows\system32\usbui.dll

==================== Find3M  ====================

2010-06-14 14:30:28   743936   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-03 02:41:44   3600384   ----a-w-   c:\windows\system32\GPhotos.scr
2010-05-02 05:56:34   1850880   ----a-w-   c:\windows\system32\win32k.sys
2010-04-20 05:51:20   285696   ----a-w-   c:\windows\system32\atmfd.dll
2010-04-16 15:36:49   662016   ----a-w-   c:\windows\system32\wininet.dll
2010-04-16 15:36:48   61952   ----a-w-   c:\windows\system32\tdc.ocx
2010-04-16 15:36:45   81920   ----a-w-   c:\windows\system32\ieencode.dll
2010-04-16 13:41:15   369664   ----a-w-   c:\windows\system32\html.iec
2010-04-07 02:02:28   45056   ----a-w-   c:\windows\system32\aticalrt.dll
2010-04-07 02:02:16   45056   ----a-w-   c:\windows\system32\aticalcl.dll
2010-04-07 02:01:28   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2010-04-07 02:00:26   3981312   ----a-w-   c:\windows\system32\aticaldd.dll
2010-04-07 01:52:16   14356480   ----a-w-   c:\windows\system32\atioglxx.dll
2010-04-07 01:46:42   446464   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45:46   300544   ----a-w-   c:\windows\system32\ati2dvag.dll
2010-04-07 01:41:38   3620288   ----a-w-   c:\windows\system32\ati3duag.dll
2010-04-07 01:31:00   208896   ----a-w-   c:\windows\system32\atipdlxx.dll
2010-04-07 01:30:44   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2010-04-07 01:30:32   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30:24   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2010-04-07 01:30:10   159744   ----a-w-   c:\windows\system32\ati2evxx.dll
2010-04-07 01:28:56   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2010-04-07 01:28:06   2220928   ----a-w-   c:\windows\system32\ativvaxx.dll
2010-04-07 01:27:34   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26:48   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2010-04-07 01:23:14   585728   ----a-w-   c:\windows\system32\atikvmag.dll
2010-04-07 01:21:52   393216   ----a-w-   c:\windows\system32\atiok3x2.dll
2010-04-07 01:21:20   184320   ----a-w-   c:\windows\system32\atiadlxx.dll
2010-04-07 01:20:54   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2010-04-07 01:15:22   638976   ----a-w-   c:\windows\system32\ati2cqag.dll
2010-04-07 01:14:06   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2010-04-07 01:14:06   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2010-03-10 08:02:04   417792   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-05 14:57:17   65536   ----a-w-   c:\windows\system32\asycfilt.dll
2010-02-16 13:19:55   2181376   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04   2058368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:36:09   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-05 18:40:58   1291264   ----a-w-   c:\windows\system32\quartz.dll
2010-01-29 15:08:04   683520   ----a-w-   c:\windows\system32\inetcomm.dll
2010-01-29 14:43:39   307260   ----a-w-   c:\windows\system32\l3codeca.acm
2010-01-29 14:43:39   143422   ----a-w-   c:\windows\system32\l3codecx.ax
2010-01-13 14:10:54   85504   ----a-w-   c:\windows\system32\cabview.dll
2009-12-24 07:05:26   177664   ----a-w-   c:\windows\system32\wintrust.dll
2009-12-22 18:39:20   922112   ------w-   c:\windows\system32\imapi2fs.dll
2009-12-22 18:39:20   426496   ------w-   c:\windows\system32\imapi2.dll
2009-12-16 12:58:04   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:35:35   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-11-27 17:33:35   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 16:37:27   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:37:27   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-21 16:36:13   470528   ----a-w-   c:\windows\apppatch\aclayers.dll
2009-10-15 21:51:48   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-10-15 17:21:47   82432   ----a-w-   c:\windows\system32\fontsub.dll
2009-10-13 10:53:29   266752   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:54:17   69632   ----a-w-   c:\windows\system32\raschap.dll
2009-10-12 13:54:17   112128   ----a-w-   c:\windows\system32\rastls.dll
2009-09-11 14:33:52   133632   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-09-01 14:32:11   282654   ----a-w-   c:\windows\system32\msaud32.acm
2009-08-26 08:16:37   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-06 18:24:18   21728   ----a-w-   c:\windows\system32\wucltui.dll.mui
2009-08-06 18:24:12   15072   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2009-08-06 18:24:10   217816   ----a-w-   c:\windows\system32\wuaucpl.cpl
2009-08-06 18:24:06   15064   ----a-w-   c:\windows\system32\wuapi.dll.mui
2009-08-06 18:24:00   17632   ----a-w-   c:\windows\system32\wuaueng.dll.mui
2009-08-05 09:11:47   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-31 04:57:32   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2009-07-17 18:55:28   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-17 16:27:47   1435648   ----a-w-   c:\windows\system32\query.dll
2009-07-13 09:08:14   286720   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-06-25 18:36:08   95744   ----a-w-   c:\windows\system32\mqsec.dll
2009-06-25 18:36:08   661504   ----a-w-   c:\windows\system32\mqqm.dll
2009-06-25 18:36:08   517120   ----a-w-   c:\windows\system32\mqsnap.dll
2009-06-25 18:36:08   48640   ----a-w-   c:\windows\system32\mqupgrd.dll
2009-06-25 18:36:08   471552   ----a-w-   c:\windows\system32\mqutil.dll
2009-06-25 18:36:08   47104   ----a-w-   c:\windows\system32\mqdscli.dll
2009-06-25 18:36:08   225280   ----a-w-   c:\windows\system32\mqoa.dll
2009-06-25 18:36:08   186880   ----a-w-   c:\windows\system32\mqtrig.dll
2009-06-25 18:36:08   177152   ----a-w-   c:\windows\system32\mqrt.dll
2009-06-25 18:36:08   16896   ----a-w-   c:\windows\system32\mqise.dll
2009-06-25 18:36:08   138240   ----a-w-   c:\windows\system32\mqad.dll
2009-06-25 18:36:08   123392   ----a-w-   c:\windows\system32\mqrtdep.dll
2009-06-25 08:44:41   724480   ----a-w-   c:\windows\system32\lsasrv.dll
2009-06-25 08:44:41   59392   ----a-w-   c:\windows\system32\wdigest.dll
2009-06-25 08:44:41   56320   ----a-w-   c:\windows\system32\secur32.dll
2009-06-25 08:44:41   298496   ----a-w-   c:\windows\system32\kerberos.dll
2009-06-25 08:44:41   168448   ----a-w-   c:\windows\system32\schannel.dll
2009-06-24 14:39:26   1003520   ----a-w-   c:\windows\system32\VSFilter.dll
2009-06-22 11:49:23   19968   ----a-w-   c:\windows\system32\mqbkup.exe
2009-06-22 11:49:23   117248   ----a-w-   c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49:04   4608   ----a-w-   c:\windows\system32\mqsvc.exe
2009-06-12 11:50:54   80896   ----a-w-   c:\windows\system32\tlntsess.exe
2009-06-12 11:50:53   76288   ----a-w-   c:\windows\system32\telnet.exe
2009-06-10 06:32:40   132096   ----a-w-   c:\windows\system32\wkssvc.dll
2009-06-05 07:42:37   655872   ----a-w-   c:\windows\system32\mstscax.dll
2009-05-11 21:35:28   118784   ----a-w-   c:\windows\system32\atibtmon.exe
2009-05-07 15:44:00   344064   ----a-w-   c:\windows\system32\localspl.dll

============= FINISH:  5:56:45,96 ===============

Ovo izgleda Ok.

Kao sto gore rekoh...nema tragova malware. Racunar je cist.
AV ti je najverovatnije detektovao neki crack...a mbam je pronasao ostatke adware-a...nista strasno.


edit:

Pojasni molim te ovo za ikonice. Kako mogu same da se kopiraju. Ovo malware ne radi.

Sto se tice neta...preuzece te kolege...

Za pocetak im daj reci koji je tvoj provajder,brzinu neta,kako si zakacen na net...itd...

Kazes usporen...kako usporen...non stop ili povremeno uspori?

Jos nesto sto bi mogao uraditi...

http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Preuzmi,pokreni ga i restart ...

pa usporio se od kad su mi se te ikonice pocele kopirati..mada sad posle ciscenja malwarebyte-om, stanje je bolje...A duplirau mi se ikonice ..recimo chrome-a, i bude pun desktop.... Brzina je 1mb/s, a niko od drugara koji koriste net od ovog provajdera nema problema...msm to sto je usporen i nije problem,nego ovo dupliranje ikonica

Ako potraje ovo ciscenje,da li moze neko da mi objasni kako da podesim preko timeview da povezem dva kompa, posto sam za ovim kompom jos malo.... i da li mogu da cistim svoj komp sa drugog racuara koji je povezan preko ovog programa

Ok...moguce je da je DDS doista nesto preskocio. Po nekad se desi da preskoci crve...

Ovako...idemo na dodatno i rubosnije skeniranje.

*  Preuzmi ComboFix program na Desktop.
Poseti ovu stranicu za download linki Uputstvo za koriscenje Combofix programa:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*  Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html

*  Pokreni Combofix!
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Kopiraj taj izvestaj ovde radi preglednosti.
http://pastebin.com/
ides na SUBMIT i kopiras mi link.
Kao na slici
http://i47.tinypic.com/2d94mcw.jpg

 (tipicna lokacija loga: C:\ComboFix.txt)

evo loga http://pastebin.com/V6tDiCiy

Nista strasno...u svakom slucaju ComboFix je resetovao odredjene sistemske postavke na default. Sistem bi u svakom slucaju sad trebao bolje raditi. Idemo dalje...


--> Uninstalliraj Windows Medija Player. Nije hitno ali odradi to ...
Po zelji posle ciscenja mozes ga ponovo instalirati. Preuzmi svezu instalaciju sa neta.



Ovo odradi iz safe moda.
--> Sa ove stranice preuzmi msgsvc.dll file.

http://www.dlldump.com/download-dll-files_new.php/dllfiles/M/msgsvc.dll/5.1.2600.2180/download.html

Kopiraj ga u c:\windows\system32 folder. Na pitanje koje ti izbaci odogovori sa Yes



Ponovo digni Windows u normal mode.
--> Otvori Notepad i kopiraj tekst koji se nalazi ispod:


Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop


Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe

To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt). Kopiraj mi ga opet preko pastebin-a.

Problem je sto sad moram da idem  i sto ovo necu stici da odradim Da li moze sa  drugog kompa da pristupim svom kompu  i odradim ovo sve, cuo sam da sa TimeView mozes da ulazis u drugi komp...I da li ja sada, ako nista ne moze da se ucini,mogu da unistal comfobix?

Ti taj Team Viewer imas instaliran. Samo ga nadji i pokreni ga. Dobices random ID i pass.
Naravno...jasno ti je da ces imati remote control do restarta kompa. CF ce mozda traziti restart.

Rekao sam ti...nikakav malware ti nije instaliran na sistemu.
Upravo si dobio cesljanje po sistemu koje je efikasnije,sigurnije i bolje od bilo kakve kombinacije AV, AM programa.

Ovom skriptom sto sam ti napisao radimo neke stvari...da ti ne objasnjavam sad sta i kako...ne bi razumeo.
File-ove zamenjujemo sa legitimnima reda radi. Nisu to neki sistemski fajlovi pa da oni prave problem,ali kad vec gledam log volim da sam temenjan.

Odradi gore sto sam napisao u mom predhodnom postu. Svez ComboFix log mi i ne moras slati. Nema potrebe.

Kad zavrsisi sve to,uninstalliraj ComboFix ovako:

Start >> Run

Combofix /Uninstall

Ok