MyCity » Ambulanta -> Arhiva Ambulante » Dugo cekanje da se pojave ikonice pri dizanju sistema

Dugo cekanje da se pojave ikonice pri dizanju sistema

Napisano na dan: 8.4.2013

Strana:
1
2

Dugo cekanje da se pojave ikonice pri dizanju sistema

Sledeća strana

Pagination

Odgovori

Strana:
1
2

miki7878 Poslao: 08 Apr 2013 12:22 Idi na vrh
offline miki7878 Novi MyCity građanin Pridružio: 17 Jul 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 08 Apr 2013 12:00 Od pre par dana imam problem sa windowsom xp. Kada dize sistem sve je ok do onda kada se pojavi desktop. E onda se ceka da izbaci ikonice 3,4 minuta. Do pre par dana sve je radilo normalno a sada bas mora da se ceka. Inace, kompjuter sve normalno radi, nikakvih problema nema. Samo sto se dugo ceka da se pojave ikonice. Na startup programu mi je samo Avast. Sve sam sklonio. I opet isto. Jel zna neko o cemu se radi. Skenirao sam sistem i nema virusa ni pretnji. Ako neko zna..... hvala!! I samo jos ovo, ne znam jel ima neke veze, Na favoritima kad otvorim ikonice mi odjednom nemaju sliku. Ne sve, al vecina. Stoji samo bela fascikla. Ako neko moze da mi pomogne hvala puno! Dopuna: 08 Apr 2013 12:22 DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by WINXP at 12:18:23 on 2013-04-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2687.1572 [GMT 2:00] . AV: avast! Internet Security Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security Enabled . ============== Running Processes ================ . C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\program files\common files\wise installation wizard\wis1c4551a64743409391e41477cd655043_9_09_0203.msi" transforms="c:\program files\common files\wise installation wizard\wis1c4551a64743409391e41477cd655043_9_09_0203.mst" wise_setup_exe_path="e:\nvidia\win2k-xp\PhysX_9[1].09.0408_SystemSoftware.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab TCP: NameServer = 89.216.1.40 89.216.1.50 TCP: Interfaces\{B08D09C6-64B7-48EF-BEF4-7B0CEFB8A481} : DHCPNameServer = 89.216.1.40 89.216.1.50 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\WIN32C~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\ FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\components\RadioWMPCoreGecko5.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\components\RadioWMPCoreGecko6.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - component: c:\program files\searchcore for browsers\searchcore for browsers\firefoxextension\components\DataMngrHlpFF3.dll FF - plugin: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\plugins\np-mswmp.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2013-04-01 03:07; ascsurfingprotection@iobit.com; c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\ascsurfingprotection@iobit.com FF - ExtSQL: !HIDDEN! 2011-09-27 19:10; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\searchqu toolbar\datamngr\FirefoxExtension . ============= SERVICES / DRIVERS =============== . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-18 21576] R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-3-18 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-3-18 199384] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49248] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 164736] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-3-18 101656] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-6 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-6 368176] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-2-14 465216] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-6 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-18 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-6 45248] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-3-18 136912] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-10-2 54760] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] . =============== Created Last 30 ================ . 2013-04-04 15:58:34 -------- d-----w- c:\documents and settings\all users\application data\Graboid Inc 2013-04-04 15:58:33 -------- d-----w- c:\documents and settings\winxp\local settings\application data\Geckofx 2013-04-04 15:57:38 -------- d-----w- c:\program files\Graboid 2013-04-04 15:56:37 -------- d-----w- c:\documents and settings\all users\application data\Package Cache 2013-04-01 19:59:38 -------- d-----w- c:\program files\CCleaner 2013-03-31 23:28:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-29 16:29:20 -------- d-----w- c:\program files\Tennis Elbow 2013 2013-03-18 22:12:14 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-18 22:12:14 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-03-18 20:42:10 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-03-18 20:42:10 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-03-18 20:42:10 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-03-18 20:42:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-18 20:42:09 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-18 20:42:09 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-18 20:40:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys . ==================== Find3M ==================== . 2013-04-07 18:02:45 2516 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys 2013-03-31 23:28:20 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-31 23:28:20 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-31 23:28:19 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 01:22:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 01:22:28 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-15 17:49:16 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2013-01-08 20:34:58 6010368 ----a-w- c:\windows\system32\SETA91.tmp . ============= FINISH: 12:18:49,00 =============== mycity.rs/must-login.png Ovo sam zaboravio da stavim po protokolu! Pa stavljam!!

Profil

magna86 Poslao: 08 Apr 2013 14:17 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Pozdrav, U logovima vidim da imas aktivan IOBit -ov softver Advanced SystemCare 6. Citat:C:\Program Files\IObit\Advanced SystemCare 6 Moja je preporuka da taj software deinstaliras. Naravno, ta odluka je tvoja. Procitaj zvanicno MBAM obavestenje: http://forums.malwarebytes.org/index.php?showtopic=29681 ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- Otvori Notepad i kopiraj sljedeći tekst: `@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting Folders>>log.txt FOR %%i in ( "c:\program files\searchqu toolbar") DO ( IF EXIST %%i ( RD /S /Q %%i IF EXIST %%i ( ECHO %%i not deleted>>log.txt ) ELSE ( ECHO %%i deleted successfully>>log.txt) ) ELSE ( ECHO %%i not found>>log.txt)) START NOTEPAD.EXE log.txt DEL %0` Snimi ga na Desktop pod imenom fix.bat Obrati pažnju na ekstenziju .bat Pokreni fix.bat i kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u ( log.txt ). Ukoliko ti se Notepad ne otvori, napomeni to u poruci. ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop Dvoklikom pokreni program i klikni na dugme [Search] . Kada program zavrsi analizu otvorice notepad (AdwCleaner[R1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[R1].txt

Profil

miki7878 Poslao: 08 Apr 2013 15:10 Idi na vrh
offline miki7878 Novi MyCity građanin Pridružio: 17 Jul 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 08 Apr 2013 15:07 mycity.rs/must-login.png mycity.rs/must-login.png Obrisao sam advanced system care. Samo da napomenem da sam ovo sa ADW cleanerom vec izvrsio ranije na savet jednog tvog kolege. Dopuna: 08 Apr 2013 15:10 Ali opet sam uradio i stavio fajl iz tog programa. Ovo MBAM obavestenje nisam najbolje razumeo

Profil

magna86 Poslao: 08 Apr 2013 15:31 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 08 Apr 2013 15:25 Znam, video sam, zato sam i hteo da odradimo samo analizu da vidimo ima li nekih ostataka...i ima ih. Hajde da ih uklonimo. Ponovo pokreni AdwCleaner Klikni na dugme [Delete] i pricekaj da program zavrsi. Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- Ponovo pokreni DDS i postavi mi svez DDS.txt izvestaj, ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- Hajde da zavirimo dublje u sistem. Idemo i na dodatnu proveru. Preuzmite program GMER sa donjeg linka na Desktop: GMER download Kliknite dati link; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite GMER. Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No; kliknite Scan i sačekajte da skeniranje bude završeno; kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1); kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan; po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); Priložite oba izveštaja uz poruku korišćenjem opcije Prikači fajl. Dopuna: 08 Apr 2013 15:31 Citat:Ovo MBAM obavestenje nisam najbolje razumeo IOBit je krao MBAM definicije. Kada je MBAM otkrio prevaru, postavio je IOBit-u klopku detektujuci neki nepostojaci rogue. Za dve nedelje, IOBit je detektovao te iste lazne fajlove jer je samo prekopirao MBAM definicije. Ukratko ...

Profil

miki7878 Poslao: 08 Apr 2013 19:14 Idi na vrh
offline miki7878 Novi MyCity građanin Pridružio: 17 Jul 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 08 Apr 2013 16:56 mycity.rs/must-login.png DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by WINXP at 15:35:12 on 2013-04-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2687.1806 [GMT 2:00] . AV: avast! Internet Security Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security Enabled . ============== Running Processes ================ . C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\program files\common files\wise installation wizard\wis1c4551a64743409391e41477cd655043_9_09_0203.msi" transforms="c:\program files\common files\wise installation wizard\wis1c4551a64743409391e41477cd655043_9_09_0203.mst" wise_setup_exe_path="e:\nvidia\win2k-xp\PhysX_9[1].09.0408_SystemSoftware.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab TCP: NameServer = 89.216.1.40 89.216.1.50 TCP: Interfaces\{B08D09C6-64B7-48EF-BEF4-7B0CEFB8A481} : DHCPNameServer = 89.216.1.40 89.216.1.50 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\WIN32C~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\ FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\components\RadioWMPCoreGecko5.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\components\RadioWMPCoreGecko6.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll FF - component: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - component: c:\program files\searchcore for browsers\searchcore for browsers\firefoxextension\components\DataMngrHlpFF3.dll FF - plugin: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\winxp\application data\mozilla\firefox\profiles\d0admk95.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\plugins\np-mswmp.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2011-09-27 19:10; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\searchqu toolbar\datamngr\FirefoxExtension . ============= SERVICES / DRIVERS =============== . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-18 21576] R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-3-18 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-3-18 199384] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49248] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 164736] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-3-18 101656] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-6 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-6 368176] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-6 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-18 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-6 45248] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-3-18 136912] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-10-2 54760] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] . =============== Created Last 30 ================ . 2013-04-04 15:58:34 -------- d-----w- c:\documents and settings\all users\application data\Graboid Inc 2013-04-04 15:58:33 -------- d-----w- c:\documents and settings\winxp\local settings\application data\Geckofx 2013-04-04 15:57:38 -------- d-----w- c:\program files\Graboid 2013-04-04 15:56:37 -------- d-----w- c:\documents and settings\all users\application data\Package Cache 2013-04-01 19:59:38 -------- d-----w- c:\program files\CCleaner 2013-03-31 23:28:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-29 16:29:20 -------- d-----w- c:\program files\Tennis Elbow 2013 2013-03-18 22:12:14 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-18 22:12:14 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-03-18 20:42:10 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-03-18 20:42:10 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-03-18 20:42:10 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-03-18 20:42:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-18 20:42:09 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-18 20:42:09 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-18 20:40:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys . ==================== Find3M ==================== . 2013-04-07 18:02:45 2516 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys 2013-03-31 23:28:20 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-31 23:28:20 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-31 23:28:19 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 01:22:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 01:22:28 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-15 17:49:16 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe . ============= FINISH: 15:35:43,92 =============== mycity.rs/must-login.png mycity.rs/must-login.png Ovo sa gmer2 je napisao da nije nasao to za sta je skenirano. Al sam gasnimio, al mi javlja da je fajl prevelik. Hoces u privatnoj poruci da ti posaljem? Dopuna: 08 Apr 2013 19:14 Kompjuter pocinje sve sporije da radi. Prilikom dizanja sistema vec kod znaka windows xp pocne jako dugo da se ceka, kao i kod ikonica. A i kad se pojave, prvo sve budu onako fascikle, pa tek onda jedna po jedna se pretvara u sliku. A i kad slusam pesmu na you tube, pocne da krci i da mi koci. To sam primetio malo pre.

Profil

magna86 Poslao: 08 Apr 2013 19:30 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako, ovi logovi izgledaju poprilicno cisto i ja ne vidim da neki aktivan malware pravi problem. No, hteo bih da vidim i Combofix-ov izvestaj. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku; Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata; Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata; Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

Profil

miki7878 Poslao: 08 Apr 2013 19:56 Idi na vrh
offline miki7878 Novi MyCity građanin Pridružio: 17 Jul 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 13-04-08.02 - WINXP 08.04.2013 19:41:00.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2687.1878 [GMT 2:00] Running from: c:\documents and settings\WINXP\Desktop\ComboFix.exe AV: avast! Internet Security Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security Enabled {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\42B42C8501.sys c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\Cache c:\windows\system32\Cache\0049a09089a1dd4a.fb c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2a229f1a2f59b595.fb c:\windows\system32\Cache\30fe30c1d7ca3b27.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\Cache\fa9f289d8bfa00da.fb . . ((((((((((((((((((((((((( Files Created from 2013-03-08 to 2013-04-08 ))))))))))))))))))))))))))))))) . . 2013-04-07 18:02 . 2013-04-07 18:02 -------- d-----w- c:\documents and settings\WINXP\Application Data\vlc 2013-04-04 15:58 . 2013-04-04 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Graboid Inc 2013-04-04 15:58 . 2013-04-04 15:58 -------- d-----w- c:\documents and settings\WINXP\Local Settings\Application Data\Geckofx 2013-04-04 15:57 . 2013-04-05 10:44 -------- d-----w- c:\program files\Graboid 2013-04-04 15:56 . 2013-04-05 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache 2013-04-01 19:59 . 2013-04-01 19:59 -------- d-----w- c:\program files\CCleaner 2013-03-31 23:28 . 2013-03-31 23:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-29 16:29 . 2013-04-01 13:32 -------- d-----w- c:\program files\Tennis Elbow 2013 2013-03-18 22:12 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-18 22:12 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-03-18 20:42 . 2013-03-06 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-03-18 20:42 . 2013-03-06 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-03-18 20:42 . 2013-03-06 23:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-03-18 20:42 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-18 20:42 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-18 20:42 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-18 20:40 . 2013-02-18 08:41 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-07 18:02 . 2011-09-06 11:42 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2013-03-31 23:28 . 2012-06-27 16:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-31 23:28 . 2011-08-04 19:17 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-31 23:28 . 2011-08-04 19:17 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 01:22 . 2012-06-06 09:22 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 01:22 . 2011-11-23 17:42 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-06 23:33 . 2011-09-06 11:49 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 23:33 . 2011-09-06 11:49 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 23:33 . 2011-09-06 11:49 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-03-06 23:33 . 2011-09-06 11:49 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:33 . 2011-09-06 11:49 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 23:32 . 2011-09-06 11:49 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 23:32 . 2011-09-06 11:49 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-12 00:32 . 2011-09-06 09:04 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-04 03:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:05 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05 . 2004-08-04 04:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-05 20:05 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 05:53 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55 . 2004-08-04 04:56 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-15 17:49 . 2013-02-13 23:56 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-06-19 11:22 . 2012-04-21 10:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Documents and Settings^WINXP^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] DevDetect.exe -autorun [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2 . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-12-13 17:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-12-03 12:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-04-30 22:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-04-30 22:30 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-04-30 22:31 1657376 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-10-24 06:45 90112 ------r- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\AlexTV\\alextv.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\WINXP\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP::Disabled:Windows Remote Management . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [18.3.2013 22:42 21576] R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [18.3.2013 22:40 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [18.3.2013 22:42 199384] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [18.3.2013 22:42 49248] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [18.3.2013 22:42 164736] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [18.3.2013 22:42 101656] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.9.2011 13:49 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.9.2011 13:49 368176] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.9.2011 13:49 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18.3.2013 22:42 66336] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [18.3.2013 22:40 136912] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-01 17:17 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 01:22] . 2013-04-08 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-18 23:32] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-17 17:59] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-17 17:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: DhcpNameServer = 89.216.1.40 89.216.1.50 FF - ProfilePath - c:\documents and settings\WINXP\Application Data\Mozilla\Firefox\Profiles\d0admk95.default\ FF - ExtSQL: !HIDDEN! 2011-09-27 19:10; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension . - - - - ORPHANS REMOVED - - - - . AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe AddRemove-{5f6460bd-391e-43ce-bcf3-130ef02f8cb2}_is1 - c:\program files\VshareComplete\unins000.exe . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2013-04-08 19:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-299502267-1500820517-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-04-08 19:52:28 ComboFix-quarantined-files.txt 2013-04-08 17:52 . Pre-Run: 9.779.589.120 bytes free Post-Run: 9.732.005.888 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5DA20A24EF1011A1C1A9190AE39BD70A I samo da ti se zahvalim sto imas strpljenja samnom. Jer bi mi jako znacilo da ovo resimo bez rusenja sistema!!

Profil

magna86 Poslao: 08 Apr 2013 20:14 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `DDS:: IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html Reboot:: ClearJavaCache:: Folder:: c:\program files\Searchqu Toolbar c:\program files\SweetIM` Snimiti na Desktop fajl iz Notepada kao "CFScript" 1. Zatvori Firefox browser. 2. Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Racunar ce se restartovati, to je normalno. 3. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- >> Reci mi kako ti racunar sada radi? Ima li poboljsanja?

Profil

miki7878 Poslao: 08 Apr 2013 20:17 Idi na vrh
offline miki7878 Novi MyCity građanin Pridružio: 17 Jul 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Samo da ti odmah kazem pre nego sto ovo uradim. Nestao mi je zvuk, i avast mi je automatski istekao. I sada nemam zastitu. Jel znas kako to mogu da popravim?

Profil

magna86 Poslao: 08 Apr 2013 20:21 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! CF ne pokazuje da je bilo sta petljao oko drajvera. Hajde odradi CFScript pa da vidimo na cemu smo.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Dugo cekanje da se pojave ikonice pri dizanju sistema

Ko je trenutno na forumu

Ukupno su 1061 korisnika na forumu :: 30 registrovanih, 7 sakrivenih i 1024 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, avijacija, Ben Roj, bigfoot, bokisha253, dragoljub11987, Faki-Valjevo, Insan, Još malo pa deda, kikisp, kokodakalo, Kriglord, kybonacci, lcc, Leonov, Mad Serb, Magistar78, Marko Marković, Mendonca, mercedesamg, Metanoja, Milometer, mkukoleca, Nemanja.M, Penzula, predragc, solic, theNedjeljko, yrraf, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by