MyCity » Ambulanta -> Arhiva Ambulante » Mozda virus?

Mozda virus?

Napisano na dan: 30.6.2013

Mozda virus?

Sledeća strana

Pagination

Odgovori

Killer7 Poslao: 30 Jun 2013 09:23 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Problem se javio pre nekoliko nedelja pokusavao sam ga resiti na sve nacine,razne programe medutim nista nije pomoglo.Uradio sam Defragmaciju i sada je brzi kompjuter ali bi voleo znati da li moj kompjuter ima virus. Internet konekcija je 3,4 Mbs. Imam antivirus Bitdefender. Problem je sto kad se ukljucuje kompjuter i kad dode do Windows XP treba mu 1 minuta da ucita a kod svih kompjutera oko 5-10 sekundi. Igrice su pre kocile ali sada ne mada ponekad pocne ali i ne primeti se otkad sam uradio defragmaciju,pa bi voleo da znam da li ima moj kompjuter virus evo ovde su log files: I evo Attach https://www.mycity.rs/must-login.png DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Slavko Radic at 9:12:11 on 2013-06-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.364 [GMT 2:00] . AV: Bitdefender Antivirus Free Edition Enabled/Updated {9488E0FA-F058-4673-850E-E755F112BABC} FW: Enabled FW: AVG Internet Security 2012 Enabled . ============== Running Processes ================ . C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341956071921 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab TCP: Interfaces\{DCDA6A31-04D3-488B-BDC7-FBF8DD2AA9B8} : DHCPNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 192.168.1.2 ps2nfs04.ea.com ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\slavko radic\application data\mozilla\firefox\profiles\bgy97gij.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-5-15 633344] R1 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-5-15 164952] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2013-2-23 21664] R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\bitdefender\antivirus free edition\gzserv.exe [2013-3-5 50816] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-5-15 1435984] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-5-15 486536] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-1-20 1691480] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-6-29 260992] . =============== File Associations =============== . FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice] FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice] . =============== Created Last 30 ================ . 2013-06-29 21:22:29 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-06-29 21:22:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-29 17:48:14 257408 ----a-w- c:\windows\system32\PuranDC.exe 2013-06-29 17:48:14 219520 ----a-w- c:\windows\system32\PuranDefrag.dll 2013-06-29 17:48:13 260992 ----a-w- c:\windows\system32\PuranDefragS.exe 2013-06-29 17:48:13 1136512 ----a-w- c:\windows\system32\PuranFD.exe 2013-06-29 17:48:13 109952 ----a-w- c:\windows\system32\PuranDefragBT.exe 2013-06-29 17:48:08 -------- d-----w- c:\program files\Puran Defrag 2013-06-29 09:25:19 355744 ----a-w- c:\windows\system32\drivers\trufos.sys 2013-06-02 16:51:33 -------- d-----w- c:\documents and settings\slavko radic\local settings\application data\LogMeIn Hamachi 2013-06-02 16:50:49 -------- d-----w- c:\program files\LogMeIn Hamachi . ==================== Find3M ==================== . 2013-06-29 21:21:43 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-29 21:21:42 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-19 14:07:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-19 14:07:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-15 18:37:50 242504 ----a-w- c:\windows\system32\drivers\avchv.sys 2013-05-15 18:37:35 633344 ----a-w- c:\windows\system32\drivers\avc3.sys 2013-05-15 18:37:34 486536 ----a-w- c:\windows\system32\drivers\avckf.sys 2013-05-15 18:37:34 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys 2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll 2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec 2013-05-04 22:12:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 9:13:12,31 =============== Pa sad vi vidite

Profil

argus Poslao: 30 Jun 2013 10:27 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	1Ovo se svidja korisniku: TwinHeadedEagle Registruj se da bi pohvalio/la poruku! Obrisi ostatke AVG-a http://www.avg.com/ww-en/utilities ============ Next ============== Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom. Dvoklikom pokreni FRST; Kada se alat startuje, klikni Yes na disclaimer. Klikni na dugme Scan; Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan. Iskopiraj sadrzaj tog loga u poruku. Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

Profil

Killer7 Poslao: 30 Jun 2013 11:29 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Uradio sam AVG removal evo izvestaja: Aditional https://www.mycity.rs/must-login.png FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01 Ran by Slavko Radic (administrator) on 30-06-2013 11:25:04 Running from C:\Documents and Settings\Slavko Radic\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE (PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x] HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13670504 2010-03-16] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110696 2010-03-16] (NVIDIA Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\Slavko Radic\Application Data\Mozilla\Firefox\Profiles\bgy97gij.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: torntv - C:\Documents and Settings\Slavko Radic\Application Data\Mozilla\Firefox\Profiles\bgy97gij.default\Extensions\torntv@torntv.com.xpi FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] C:\Program Files\fbphotozoom\fbphotozoom13.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) ========================== Services (Whitelisted) ================= R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [50816 2013-06-29] (Bitdefender) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.) S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software) S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-05-15] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-05-15] (BitDefender) R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-05-15] (Bitdefender SRL) R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [134136 2012-10-02] (BitDefender LLC) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-05-15] (BitDefender LLC) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) R3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-04] (Conexant Systems, Inc.) R3 HSF_DP; C:\Windows\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-04] (Conexant Systems, Inc.) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [21664 2013-02-23] (REALiX(tm)) S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105344 2006-08-14] (NVIDIA Corporation) R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation) R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [343456 2012-10-31] (BitDefender S.R.L.) R3 winachsf; C:\Windows\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-04] (Conexant Systems, Inc.) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x] S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [x] S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S4 IntelIde; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S3 NTACCESS; \??\E:\NTACCESS.sys [x] S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [x] S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-30 11:26 - 2013-06-30 11:26 - 00355744 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys 2013-06-30 11:23 - 2013-06-30 11:23 - 00000000 ____D C:\FRST 2013-06-30 09:13 - 2013-06-30 09:13 - 00011577 ____A C:\Documents and Settings\Slavko Radic\Desktop\attach.txt 2013-06-30 09:13 - 2013-06-30 09:13 - 00008759 ____A C:\Documents and Settings\Slavko Radic\Desktop\dds.txt 2013-06-29 23:22 - 2013-06-29 23:21 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-29 23:22 - 2013-06-29 23:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-29 23:22 - 2013-06-29 23:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-29 23:22 - 2013-06-29 23:21 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl 2013-06-29 23:22 - 2013-06-29 23:21 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-29 23:21 - 2013-06-29 23:21 - 00000000 ____D C:\Program Files\Java 2013-06-29 19:48 - 2013-06-29 23:12 - 00000000 ____D C:\Program Files\Puran Defrag 2013-06-29 19:48 - 2013-06-29 19:48 - 00000740 ____A C:\Documents and Settings\Slavko Radic\Desktop\Puran Defrag.lnk 2013-06-29 19:48 - 2013-01-17 16:24 - 01136512 ____A (Puran Software) C:\Windows\System32\PuranFD.exe 2013-06-29 19:48 - 2013-01-17 16:23 - 00260992 ____A (Puran Software) C:\Windows\System32\PuranDefragS.exe 2013-06-29 19:48 - 2013-01-17 16:23 - 00257408 ____A (Puran Software) C:\Windows\System32\PuranDC.exe 2013-06-29 19:48 - 2013-01-17 16:23 - 00109952 ____A (Puran Software) C:\Windows\System32\PuranDefragBT.exe 2013-06-29 19:48 - 2012-12-13 12:09 - 00219520 ____A (Puran Software) C:\Windows\System32\PuranDefrag.dll 2013-06-29 19:36 - 2013-06-29 23:59 - 00000000 ____D C:\Documents and Settings\Slavko Radic\My Documents\Command and Conquer Generals Zero Hour Data 2013-06-29 19:21 - 2013-06-29 19:21 - 00000353 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals Zero Hour .lnk 2013-06-29 19:05 - 2013-06-29 19:05 - 00000349 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals.lnk 2013-06-29 14:48 - 2013-06-29 14:53 - 00002755 ____A C:\AdwCleaner[S2].txt 2013-06-29 14:47 - 2013-06-29 14:48 - 00002536 ____A C:\AdwCleaner[R2].txt 2013-06-18 22:35 - 2013-06-18 22:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$ 2013-06-18 22:29 - 2013-06-18 22:31 - 00010979 ____A C:\Windows\KB2838727-IE8.log 2013-06-18 22:02 - 2013-06-18 22:35 - 00013847 ____A C:\Windows\KB2839229.log 2013-06-02 18:51 - 2013-06-30 11:20 - 00000000 ____D C:\Documents and Settings\Slavko Radic\Local Settings\Application Data\LogMeIn Hamachi 2013-06-02 18:51 - 2013-06-30 11:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2013-06-02 18:50 - 2013-06-02 18:50 - 00000685 ____A C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk 2013-06-02 18:50 - 2013-06-02 18:50 - 00000000 ____D C:\Program Files\LogMeIn Hamachi ==================== One Month Modified Files and Folders ======== 2013-06-30 11:26 - 2013-06-30 11:26 - 00355744 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys 2013-06-30 11:23 - 2013-06-30 11:23 - 00000000 ____D C:\FRST 2013-06-30 11:21 - 2012-03-01 19:24 - 01449781 ____A C:\Windows\WindowsUpdate.log 2013-06-30 11:20 - 2013-06-02 18:51 - 00000000 ____D C:\Documents and Settings\Slavko Radic\Local Settings\Application Data\LogMeIn Hamachi 2013-06-30 11:20 - 2013-06-02 18:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi 2013-06-30 11:20 - 2012-03-01 20:17 - 00000159 ____A C:\Windows\wiadebug.log 2013-06-30 11:20 - 2012-03-01 20:17 - 00000049 ____A C:\Windows\wiaservc.log 2013-06-30 11:20 - 2010-03-16 04:37 - 00276951 ____A C:\Windows\System32\NvApps.xml 2013-06-30 11:19 - 2012-07-19 13:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-30 11:19 - 2012-03-01 19:30 - 00000062 __ASH C:\Documents and Settings\Slavko Radic\Local Settings\desktop.ini 2013-06-30 11:19 - 2012-03-01 19:29 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-30 11:19 - 2012-03-01 19:29 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-30 11:19 - 2012-03-01 19:28 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-30 11:17 - 2013-03-07 00:47 - 00998830 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-606747145-839522115-1003-0.dat 2013-06-30 11:17 - 2013-03-05 23:55 - 00145390 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2013-06-30 11:17 - 2012-03-01 19:29 - 00032620 ____A C:\Windows\SchedLgU.Txt 2013-06-30 11:06 - 2012-04-13 16:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-30 10:32 - 2012-07-19 13:00 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-30 09:13 - 2013-06-30 09:13 - 00011577 ____A C:\Documents and Settings\Slavko Radic\Desktop\attach.txt 2013-06-30 09:13 - 2013-06-30 09:13 - 00008759 ____A C:\Documents and Settings\Slavko Radic\Desktop\dds.txt 2013-06-29 23:59 - 2013-06-29 19:36 - 00000000 ____D C:\Documents and Settings\Slavko Radic\My Documents\Command and Conquer Generals Zero Hour Data 2013-06-29 23:21 - 2013-06-29 23:22 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-29 23:21 - 2013-06-29 23:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-29 23:21 - 2013-06-29 23:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-29 23:21 - 2013-06-29 23:22 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl 2013-06-29 23:21 - 2013-06-29 23:22 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-29 23:21 - 2013-06-29 23:21 - 00000000 ____D C:\Program Files\Java 2013-06-29 23:21 - 2012-08-02 12:18 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll 2013-06-29 23:21 - 2012-03-01 19:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-29 23:12 - 2013-06-29 19:48 - 00000000 ____D C:\Program Files\Puran Defrag 2013-06-29 23:10 - 2012-03-01 20:14 - 00142832 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-29 19:48 - 2013-06-29 19:48 - 00000740 ____A C:\Documents and Settings\Slavko Radic\Desktop\Puran Defrag.lnk 2013-06-29 19:29 - 2012-04-27 21:48 - 00001434 ____A C:\Windows\eReg.dat 2013-06-29 19:29 - 2012-03-01 19:36 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-06-29 19:21 - 2013-06-29 19:21 - 00000353 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals Zero Hour .lnk 2013-06-29 19:05 - 2013-06-29 19:05 - 00000349 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals.lnk 2013-06-29 19:02 - 2012-07-12 14:09 - 00000000 ____D C:\Documents and Settings\Slavko Radic\Application Data\uTorrent 2013-06-29 14:53 - 2013-06-29 14:48 - 00002755 ____A C:\AdwCleaner[S2].txt 2013-06-29 14:48 - 2013-06-29 14:47 - 00002536 ____A C:\AdwCleaner[R2].txt 2013-06-29 14:32 - 2012-03-01 20:06 - 00025704 ____A C:\Documents and Settings\Slavko Radic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-06-29 11:12 - 2004-08-04 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-06-19 16:07 - 2012-04-13 16:30 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-19 16:07 - 2012-03-01 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-18 22:35 - 2013-06-18 22:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$ 2013-06-18 22:35 - 2013-06-18 22:02 - 00013847 ____A C:\Windows\KB2839229.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00721678 ____A C:\Windows\iis6.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00680114 ____A C:\Windows\FaxSetup.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00309369 ____A C:\Windows\tsoc.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00223228 ____A C:\Windows\comsetup.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00205626 ____A C:\Windows\msmqinst.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00135023 ____A C:\Windows\ntdtcsetup.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00118804 ____A C:\Windows\netfxocm.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00047261 ____A C:\Windows\MedCtrOC.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00037097 ____A C:\Windows\ocmsn.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00034366 ____A C:\Windows\tabletoc.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00033834 ____A C:\Windows\msgsocm.log 2013-06-18 22:35 - 2012-12-01 12:57 - 00001374 ____A C:\Windows\imsins.log 2013-06-18 22:35 - 2012-12-01 12:56 - 00325029 ____A C:\Windows\ocgen.log 2013-06-18 22:35 - 2012-07-28 16:58 - 00692959 ____A C:\Windows\setupapi.log 2013-06-18 22:32 - 2012-05-26 06:49 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-18 22:31 - 2013-06-18 22:29 - 00010979 ____A C:\Windows\KB2838727-IE8.log 2013-06-18 22:31 - 2013-01-19 22:34 - 00167334 ____A C:\Windows\updspapi.log 2013-06-18 22:31 - 2012-12-01 12:57 - 00001374 ____A C:\Windows\imsins.BAK 2013-06-02 18:50 - 2013-06-02 18:50 - 00000685 ____A C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk 2013-06-02 18:50 - 2013-06-02 18:50 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2013-06-01 13:18 - 2012-09-17 18:02 - 00000583 ____A C:\Windows\CoD.INI 2013-05-31 18:41 - 2012-03-01 20:13 - 00000223 ___SH C:\boot.ini 2013-05-31 18:41 - 2004-08-04 14:00 - 00000852 ____A C:\Windows\win.ini 2013-05-31 18:41 - 2004-08-04 14:00 - 00000227 ____A C:\Windows\system.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

Profil

argus Poslao: 30 Jun 2013 11:55 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemas malware. Preporucujem ti da koristiš program MCShield za zaštitu od zaraženih USB memorijskih uredaja. Nakon instalacije programa, prikljuci USB memorijske uredaje, koji ce automatski biti skenirani. Na kraju skeniranja dobices izveštaj da je uredaj cist ili obaveštenje o uklonjenom malware-u. Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop Dvoklikom pokreni program. Štikliraj sledeće opcije: Remove disinfection tools Purge System Restore Reset system settings Klikni na dugme "Run" i pričekaj da program završi rad. Kada alat završi, otvoriće izvestaj u notepadu. Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Profil

Killer7 Poslao: 30 Jun 2013 13:07 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Jun 2013 13:06 Probao sam ovaj program DelFix. Kada je zavrsio pojavio se notepad ali moj antivirus je blokirao process tog programa mogu ga unblock ali nisam siguran da to uradim . Ako ti treba Notepad izvestaj javi. Dopuna: 30 Jun 2013 13:07 I hvala na pomoci

Profil

argus Poslao: 30 Jun 2013 14:30 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Antivirus pa ponovo odradi sa Dellfix i ne zaboravi da ponovo ukljucis AV.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Mozda virus?

Ko je trenutno na forumu

Ukupno su 877 korisnika na forumu :: 7 registrovanih, 2 sakrivenih i 868 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: comi_pfc, esx66, marsovac 2, panzerwaffe, Parker, repac, uruk

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by