|
Poslao: 06 Mar 2012 17:17
|
offline
- Nevena Tripic
- Novi MyCity građanin
- Pridružio: 02 Mar 2012
- Poruke: 13
|
Ja imam problem sa racunarom, neka nepoznata osobam i je skinula kompletnu istoriju caskanja, od pre godinu dana, nakon toga, taj prijatelj mi je bio blokiran i poslala redovnom postom...Zatim kada kod se prijavim na face book, restartuje mi se kompijuter....Na msn-ub pod istom sifrom pojavljivala mi se jos jedna osoba koja je promjnila mojei me i preyime...Molim Vas da mi iyvrsite yastitu ranura od nedozvoljenih upada i da provjerite o cemu se tacno radi da nije melwer...
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 06 Mar 2012 18:08
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Pozdrav Nevena.
Ukoliko nisi sacuvala logove, pokreni ponovo DDS i dostavi nam DDS.txt log fajl.
Dostavila si samo Attach log.
|
|
|
|
|
|
|
Poslao: 07 Mar 2012 16:35
|
offline
- Nevena Tripic
- Novi MyCity građanin
- Pridružio: 02 Mar 2012
- Poruke: 13
|
mycity.rs/must-login.png
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by PC at 16:29:26 on 2012-03-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.55 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\PC\LOCALS~1\Temp\SecurityScan_Release.exe
C:\Program Files\McAfee Security Scan\uninstall.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TempCleanerDeluxe] "c:\documents and settings\pc\my documents\TempCleaner.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [USB Security] c:\program files\usb disk security\USBGuard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{34A2CD82-5150-477B-B4F8-B43EC8417931} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-2-14 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-2-14 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-2-14 13616]
S0 fvdscsi;fvdscsi;c:\windows\system32\drivers\fvdscsi.sys --> c:\windows\system32\drivers\fvdscsi.sys [?]
.
=============== Created Last 30 ================
.
2012-02-25 09:54:17 -------- d-----w- c:\program files\EA Games
2012-02-25 09:52:03 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-02-25 09:52:03 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-02-25 09:52:03 225280 ------w- c:\program files\common files\installshield\iscript\IScript.dll
2012-02-25 09:52:03 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-02-25 09:52:03 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-02-18 12:00:08 115016 ----a-r- c:\windows\system32\MSINET.OCX
2012-02-18 12:00:07 89360 ----a-r- c:\windows\system32\VB5DB.DLL
2012-02-18 12:00:07 69632 ----a-r- c:\windows\system32\xmltok.dll
2012-02-18 12:00:07 36864 ----a-r- c:\windows\system32\xmlparse.dll
2012-02-18 12:00:07 35840 ----a-r- c:\windows\system32\comdlg32.oca
2012-02-18 12:00:07 29184 ----a-r- c:\windows\system32\MSINET.oca
2012-02-18 12:00:07 26096 ----a-r- c:\windows\system32\xmlinst.exe
2012-02-18 12:00:07 24576 ----a-r- c:\windows\system32\msxml3a.dll
2012-02-18 12:00:07 140488 ----a-r- c:\windows\system32\comdlg32.ocx
2012-02-17 14:56:00 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 14:56:00 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-03-03 09:23:11 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-02-28 22:08:28 566784 ----a-w- c:\windows\~de74bc.tmp
2012-01-21 10:50:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:45:42 919552 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:45:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:45:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:32:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 16:31:55,06 ===============
|
|
|
|
|
|
|
Poslao: 07 Mar 2012 17:13
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Nevena, zasto nemas antivirus?
Uradicemo proveru ovim alatom, sledi uputstva.
Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe
Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.
Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.
Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.
Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).
Deinstaliraj sve Toolbare koje imas. Najbolje da koristis ovaj alat za Uninstall Revo
|
|
|
|
|
|
|
Poslao: 08 Mar 2012 22:15
|
offline
- Nevena Tripic
- Novi MyCity građanin
- Pridružio: 02 Mar 2012
- Poruke: 13
|
Malwarebytes Anti-Malware 1.60.1.1000
malwarebytes.org
Database version: v2012.03.08.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PC :: PC-EB123282B636 [administrator]
8.3.2012 22:01:19
mbam-log-2012-03-08 (22-01-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182399
Time elapsed: 12 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
|
|
|
|
|
Poslao: 09 Mar 2012 10:07
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Racunar je cist, instaliraj antivirus i pobrisi sve toolbare.
Takodje, Goran ti u prethodnoj temi dao savete pa da ja ne ponavljam, isto vazi i za ovaj racunar.
Pozdrav.
|
|
|
|
|
|
|
|
