Browseri se crashuju.


Browseri se crashuju.

  • Pridružio: 21 Maj 2011
  • Poruke: 5

Do pre par dana racunar mi je radio sasvim normalno.....onda odjednom poceli su problemi...u device manageru mi je pisalo da nemam instalirano nesto za graficku,ni u jedan browser (firefox,opera,internet explorer) ne mogu da udjem...iz ko zna kojeg puta sam uspela da otvorim google chrome...jedan moj drug mi je dao link ka vasem forumu i rekao mi je da ispratim uputsva za otvaranje teme u ovom delu foruma.E sad tu se pojavio novi problem. DDS sam probala sve tri verzije da pokrenem...sve one se pokrenu ali nema nikakvih logova...takodje RootRepal ne mogu da otpakujem sa winrarom. Sta da radim??

  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav Saky1995

Preuzmi program OTL sa sledece adrese:
OTL download
Kliknite dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.

Arrow Dvoklikom pokrenite OTL;

Arrow kliknite Run Scan;

Arrow po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Arrow Priložite izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

  • Pridružio: 21 Maj 2011
  • Poruke: 5

[Link mogu videti samo ulogovani korisnici]
Izvoli. Smile

  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


 SRV - File not found [Auto | Stopped] -- -- (svciyyyt)
 SRV - File not found [Auto | Stopped] -- -- (AMService)
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 FF - HKLM\software\mozilla\Firefox\Extensions\\ C:\Program Files\MyWebSearch\bar\2.bin [2011/05/01 23:40:59 | 000,000,000 | ---D | M]
 2011/04/21 01:47:50 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkqpp1at.default\extensions\
 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:
 O3 - HKLM\..\Toolbar: (no name) - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No CLSID value found.
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
 [2011/04/21 01:47:52 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
 [2011/03/27 12:09:45 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchw7th2.xml
 [2011/05/01 23:40:59 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN
 [2011/04/15 02:25:11 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
 [2011/04/15 02:25:11 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
 O20 - HKLM Winlogon: Shell - (ysrqi) - File not found
 O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
 O29 - HKLM SecurityProviders - (mqrujuql.dll) - File not found
 O20 - HKLM Winlogon: Shell - ("C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\") - File not found
 [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E7127D2



Klikni taster Run Fix;

Log koji dobiješ iskopiraj ovde u poruci.

  • Pridružio: 21 Maj 2011
  • Poruke: 5

All processes killed
========== SERVICES/DRIVERS ==========
Service svciyyyt stopped successfully!
Service svciyyyt deleted successfully!
Service AMService stopped successfully!
Service AMService deleted successfully!
Error: No service named :OTL was found to stop!
Service\Driver key :OTL not found.
Error: No service named SRV - File not found [Auto | Stopped] -- -- (svciyyyt) was found to stop!
Service\Driver key SRV - File not found [Auto | Stopped] -- -- (svciyyyt) not found.
Error: No service named SRV - File not found [Auto | Stopped] -- -- (AMService) was found to stop!
Service\Driver key SRV - File not found [Auto | Stopped] -- -- (AMService) not found.
Error: No service named IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] was found to stop!
Service\Driver key IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] not found.
Error: No service named FF - HKLM\software\mozilla\Firefox\Extensions\\ C:\Program Files\MyWebSearch\bar\2.bin [2011/05/01 23:40:59 | 000,000,000 | ---D | M] was found to stop!
Service\Driver key FF - HKLM\software\mozilla\Firefox\Extensions\\ C:\Program Files\MyWebSearch\bar\2.bin [2011/05/01 23:40:59 | 000,000,000 | ---D | M] not found.
Error: No service named 2011/04/21 01:47:50 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkqpp1at.default\extensions\ was found to stop!
Service\Driver key 2011/04/21 01:47:50 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkqpp1at.default\extensions\ not found.
Error: No service named FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}: was found to stop!
Service\Driver key FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}: not found.
Error: No service named O3 - HKLM\..\Toolbar: (no name) - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No CLSID value found. was found to stop!
Service\Driver key O3 - HKLM\..\Toolbar: (no name) - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No CLSID value found. not found.
Error: No service named O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. was found to stop!
Service\Driver key O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. not found.
Error: No service named O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No CLSID value found. was found to stop!
Service\Driver key O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No CLSID value found. not found.
Error: No service named O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. was found to stop!
Service\Driver key O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. not found.
Error: No service named [2011/04/21 01:47:52 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml was found to stop!
Service\Driver key [2011/04/21 01:47:52 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml not found.
Error: No service named [2011/03/27 12:09:45 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchw7th2.xml was found to stop!
Service\Driver key [2011/03/27 12:09:45 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchw7th2.xml not found.
Error: No service named [2011/05/01 23:40:59 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN was found to stop!
Service\Driver key [2011/05/01 23:40:59 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN not found.
Error: No service named [2011/04/15 02:25:11 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A} was found to stop!
Service\Driver key [2011/04/15 02:25:11 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A} not found.
Error: No service named [2011/04/15 02:25:11 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A} was found to stop!
Service\Driver key [2011/04/15 02:25:11 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A} not found.
Error: No service named O20 - HKLM Winlogon: Shell - (ysrqi) - File not found was found to stop!
Service\Driver key O20 - HKLM Winlogon: Shell - (ysrqi) - File not found not found.
Error: No service named O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found was found to stop!
Service\Driver key O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found not found.
Error: No service named O29 - HKLM SecurityProviders - (mqrujuql.dll) - File not found was found to stop!
Service\Driver key O29 - HKLM SecurityProviders - (mqrujuql.dll) - File not found not found.
Error: No service named O20 - HKLM Winlogon: Shell - ("C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\") - File not found was found to stop!
Service\Driver key O20 - HKLM Winlogon: Shell - ("C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\") - File not found not found.
Error: No service named [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] was found to stop!
Service\Driver key [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] not found.
Error: No service named [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] was found to stop!
Service\Driver key [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] not found.
Error: No service named @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 was found to stop!
Service\Driver key @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 not found.
Error: No service named @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E7127D2 was found to stop!
Service\Driver key @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E7127D2 not found.
Error: No service named :files was found to stop!
Service\Driver key :files not found.
Error: No service named C:\PROGRAM FILES\MYWEBSEARCH was found to stop!
Service\Driver key C:\PROGRAM FILES\MYWEBSEARCH not found.
Error: No service named :Commands was found to stop!
Service\Driver key :Commands not found.
Error: No service named [purity] was found to stop!
Service\Driver key [purity] not found.
Error: No service named [emptytemp] was found to stop!
Service\Driver key [emptytemp] not found.
Error: No service named [resethosts] was found to stop!
Service\Driver key [resethosts] not found.
Error: No service named [EMPTYFLASH] was found to stop!
Service\Driver key [EMPTYFLASH] not found.
Error: No service named [Reboot] was found to stop!
Service\Driver key [Reboot] not found.

OTL by OldTimer - Version log created on 05232011_192753

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Uradila sam kao sto si rekao, izvoli izvestaj. Smile

  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav Saky1995!

Moj kolega ima privatnih obaveza, tako da cu ja nastaviti resavanje tvog slucaja.

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:

Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

goran9888 (AMF Tim)

  • Pridružio: 21 Maj 2011
  • Poruke: 5


Pratila sam uputstva i dobila ovaj izvestaj:
[Link mogu videti samo ulogovani korisnici]

ComboFix 11-05-25.01 - Administrator 05/25/2011 23:45:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.671 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\Administrator\Application Data\
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\unlock\wrar380.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00071E72
c:\program files\MyWebSearch\bar\Cache\00876F91.bin
c:\program files\MyWebSearch\bar\Cache\008772BE.bmp
c:\program files\MyWebSearch\bar\Cache\008774B2.bin
c:\program files\MyWebSearch\bar\Cache\008775DB.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))
2011-05-23 17:27 . 2011-05-23 17:27 -------- d-----w- C:\_OTL
2011-05-21 12:29 . 2011-05-21 12:29 -------- d--h--w- c:\windows\PIF
2011-05-19 21:25 . 2011-05-19 21:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2011-05-19 21:24 . 2011-05-19 21:24 -------- d-----w- c:\program files\TeamViewer
2011-05-19 10:05 . 2011-05-19 10:05 -------- d-----w- c:\program files\ATI Stream
2011-05-09 15:28 . 2011-05-25 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-09 15:27 . 2011-05-09 15:27 -------- d-----w- c:\program files\Common Files\Skype
2011-05-08 20:22 . 2011-05-08 20:22 -------- d-----w- c:\program files\MagicISO
2011-05-08 18:51 . 2011-05-08 18:51 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM
2011-05-08 18:51 . 2011-05-08 18:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-07 23:25 . 2011-05-07 23:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2011-05-07 13:12 . 2011-05-07 13:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\The Music Producer
2011-05-07 13:11 . 2011-05-07 13:16 -------- d-----w- c:\program files\The Music Producer
2011-05-06 14:26 . 2011-05-06 14:26 -------- d-----w- C:\spoolerlogs
2011-05-05 17:47 . 2011-05-05 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\MAGIX
2011-05-05 17:44 . 2011-05-05 21:33 -------- d-----w- c:\program files\MAGIX
2011-05-05 17:44 . 2011-05-05 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2011-05-05 17:44 . 2011-05-05 21:33 -------- d-----w- c:\program files\Common Files\MAGIX Services
2011-05-05 11:26 . 2011-05-05 11:26 -------- d-----w- c:\program files\EA GAMES
2011-05-05 11:26 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2011-05-03 22:34 . 2011-05-03 22:34 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-03 13:14 . 2011-05-03 13:14 -------- d-----w- c:\program files\AMD APP
2011-05-03 10:44 . 2011-05-03 12:49 -------- d-----w- c:\program files\CDisplay
2011-05-02 22:39 . 2011-05-02 22:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Panda Security
2011-05-02 22:35 . 2011-05-02 22:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\panda2_0dn
2011-05-02 22:34 . 2011-05-25 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
2011-05-02 22:34 . 2011-05-05 18:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\pandasecuritytb
2011-05-02 22:33 . 2011-05-02 22:34 -------- d-----w- c:\program files\Panda Security
2011-05-02 22:33 . 2011-05-02 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-05-02 20:57 . 2011-05-02 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2011-05-02 20:56 . 2011-05-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-05-02 20:56 . 2011-05-02 20:56 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-02 18:11 . 2011-05-02 18:11 134144 ----a-w- c:\windows\system32\drivers\ethrhffn.sys
2011-05-02 15:56 . 2011-05-03 09:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-02 15:33 . 2011-05-03 09:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-01 04:32 . 2011-05-01 04:32 -------- d-----w- c:\windows\Installing Adobe Acrobat Reader
2011-04-30 17:52 . 2011-05-01 23:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mipony
2011-04-30 17:05 . 2011-04-30 17:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NetTVPlusPlayer3
2011-04-30 16:07 . 2011-04-30 16:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2011-04-30 16:07 . 2011-05-19 21:33 -------- d-----w- c:\program files\Opera
2011-04-30 14:37 . 2011-05-02 19:16 -------- d-----w- c:\program files\Google
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-04-17 16:09 . 2011-04-17 15:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-05 20:09 . 2011-04-05 20:09 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-05 20:09 . 2011-04-05 20:09 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-03-21 19:16 . 2011-03-21 19:16 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-20 15:15 . 2011-03-20 15:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-20 15:15 . 2011-03-20 15:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 16:26 . 2011-05-19 21:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2009-09-20 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-09-20 . AB9E8F44D2F80A8060BEFB29192F4249 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-05-17 231592]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-07-31 286720]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-05 311296]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mqrujuql.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-05 00:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
"RelevantKnowledge"=c:\program files\relevantknowledge\rlvknlg.exe -boot
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"d:\\Dungeon Siege\\dungeonsiege.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"11633:UDP"= 11633:UDP:Windows Media Format SDK (iexplore.exe)
"11632:UDP"= 11632:UDP:Windows Media Format SDK (iexplore.exe)
"11636:UDP"= 11636:UDP:Windows Media Format SDK (iexplore.exe)
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/21/2011 9:16 PM 218688]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
S1 ethrhffn;ethrhffn;c:\windows\system32\drivers\ethrhffn.sys [5/2/2011 8:11 PM 134144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2011 5:32 PM 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 cpuz134;cpuz134; [x]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2011 5:32 PM 136176]
Contents of the 'Scheduled Tasks' folder
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 15:32]
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 15:32]
------- Supplementary Scan -------
uStart Page = [Link mogu videti samo ulogovani korisnici]
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkqpp1at.default\
FF - prefs.js: - Yahoo
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - user.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - user.js: keyword.enabled - 1
- - - - ORPHANS REMOVED - - - -
Toolbar-{0E91EFA2-AF48-4333-9965-5DD29DE31B56} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{0E91EFA2-AF48-4333-9965-5DD29DE31B56} - (no file)
MSConfigStartUp-Google Update - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2011-05-26 00:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Link mogu videti samo ulogovani korisnici]
Windows 5.1.2600 Disk: Maxtor_6Y060L0 rev.YAR41VW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D7157B
user & kernel MBR OK
--------------------- LOCKED REGISTRY KEYS ---------------------
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(928-)
- - - - - - - > 'explorer.exe'(6796)
c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\panda_url_filtering.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
------------------------ Other Running Processes ------------------------
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
Completion time: 2011-05-26 00:06:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-25 22:06
Pre-Run: 22,517,866,496 bytes free
Post-Run: 22,748,991,488 bytes free
[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 61ABF9A7D2BEE5F64DBAF75D4AF20529

  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
[Link mogu videti samo ulogovani korisnici]

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.
Klikni na Scan.
Kada zavrsi skeniranje, klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.


Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.

Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici]

Vise o MCShield-u mozes saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici]

goran9888 (AMF Tim)

  • Pridružio: 21 Maj 2011
  • Poruke: 5

Evo prvi izvestaj:
[Link mogu videti samo ulogovani korisnici]
Kada se komp restartovao, nije se odmah upalio, vec se opet nekoliko puta restartovao.

A evo i drugog izvestaja:
[Link mogu videti samo ulogovani korisnici]

  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish


Ponovo pokreni aswMBR.
Klikni na Scan.
Kada zavrsi skeniranje, Klikni na Fix.
Kada zavrsi popravku (Fix), izaberi Save Log i sacuvaj log na desktop.
Potrebno je restartovati racunar.
Kopiraj sadrzaj aswMBR loga nazad u temu.


Ponovo pokreni ComboFix, prateci prethodno uputstvo i postavi mi izvestaj koji dobijes.

goran9888 (AMF Tim)

Ko je trenutno na forumu

Ukupno su 1006 korisnika na forumu :: 86 registrovanih, 5 sakrivenih i 915 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 6aurora9, acov34, Aleksa-, Asteker, bavar357, bbogdan, Ben Roj, bigfoot, blatruc82, bobomicek, bojan581, bojanstros9, bolimejoli, boromir, Buzdovan, casual03, Cigi, Cili, crazydkure, Dare, Darko Jovanovic, dejno, Dioniss, djboj, Djole3621, dradex, draganca, galico, Grilzz, GveX, Hardenberg, ikan, ILGromovnik, Ir, Jovan1983, kendzo-andzo-boni-fju, Korle, krokodokodil, Kubovac, kutija11, Langdorf, ljuba.b, Magistar78, markolopin, Marky, Metanoja, MGBRBG, Miki281, mikrimaus, milan.tatanac1, mile33, milutin134, Mineral, mitja2512, nekdo, nenad81, nikoladim, Nobunaga, Paraglajder, Peruta, Pinchroller, PlayerOne, PMsnow, Podljub, Prečanin30, raf87, raso76, S2M, SamostalniReferent, Sava89, Smajser, stokssone, tachinni, tecataki, Toper, Tunguska55, tvlada, ujke, vaci, Viktor Petrenko, Vlada1389, Vlado82, vladulns, yiyi, Zvone, ZZZ