MyCity » Ambulanta -> Arhiva Ambulante » virus radi pometnju.

virus radi pometnju.

Napisano na dan: 6.8.2012

virus radi pometnju.

Sledeća strana

Pagination

Odgovori

šemahenry23 Poslao: 06 Avg 2012 20:43 Idi na vrh
offline šemahenry23 Građanin Pridružio: 23 Dec 2011 Poruke: 290	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Avg 2012 17:14 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by Vladan at 15:32:29 on 2012-08-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.439 [GMT 2:00] . AV: avast! Antivirus Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security Enabled . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MCShield\MCShieldRTM.exe svchost.exe F:\Bluetooth Exchange Folder\bin\btwdins.exe F:\Bluetooth Exchange Folder\BTTray.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Documents and Settings\Vladan\Start Menu\Programs\Startup\mgyjn.exe C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://domredi.com/1/ uInternet Settings,ProxyServer = use:80 uInternet Settings,ProxyOverride = <local> uSearchAssistant = mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe uRun: [Google Update] "c:\documents and settings\vladan\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - f:\bluetooth exchange folder\BTTray.exe mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - f:\bluetooth exchange folder\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - f:\bluetooth exchange folder\btsendto_ie.htm IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9A9DA7AA-5954-410F-BA11-7CC00D0A2505} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Hosts: 127.0.0.2 company.zynga.com Hosts: 127.0.0.3 poker.zynga.com Hosts: 127.0.0.4 Hosts: 127.0.0.5 zynga.com Hosts: 127.0.0.6 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://tv.sb.eurosport.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109989&tt=050412_30b&babsrc=KW_ss&mntrId=205cf23d0000000000000001295006e2&q= FF - plugin: c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\extensions\{7d2fb79e-e58c-4db5-a36f-ac1c73967f4d}\plugins\npqbc.dll FF - plugin: c:\documents and settings\vladan\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\Npindeo.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 205cf23d0000000000000001295006e2 FF - user.js: extensions.BabylonToolbar_i.hardId - 205cf23d0000000000000001295006e2 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15435 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:03:45 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-1-21 50312] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-1-21 43784] R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2011-6-1 73088] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-3 24408] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-1 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-1 353688] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-1-21 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-1-21 185864] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-1 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-21 44808] S1 SuperMounter;SuperMounter; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-1-27 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-1-27 8456] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-6 113120] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\msi\live update 5\msibios32_100507.sys --> c:\program files\msi\live update 5\msibios32_100507.sys [?] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\msi\live update 5\ntiolib.sys --> c:\program files\msi\live update 5\NTIOLib.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-08-06 12:29:08 143872 -c--a-w- c:\windows\system32\javacpl.cpl 2012-08-02 22:02:41 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-02 22:02:41 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-05 20:06:20 687544 -c--a-w- c:\windows\system32\deployJava1.dll 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 11:46:44 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:19:59 1866112 -c--a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 -c--a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 -c--a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 -c--a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:44 22040 -c--a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:38 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:34 15384 -c--a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19:30 17944 -c--a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 -c--a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42:33 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 -c----w- c:\windows\system32\html.iec . ============= FINISH: 15:33:45,60 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Dopuna: 06 Avg 2012 20:43 ...........................................

Profil

ivance95 Poslao: 06 Avg 2012 21:31 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, šemahenry23 Korak 1 Preuzmi program OTM na Desktop. Dvoklikom pokreni OTM.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:files c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Korak 2 Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop Dvoklikom pokreni program i klikni na dugme [Search] . Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad. Klikni na dugme [Delete] i pricekaj da program zavrsi. Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt Korak 3 Opiši kakve konkretno probleme imaš, da li se stanje popravilo nakon ovoga?

Profil

šemahenry23 Poslao: 06 Avg 2012 22:11 Idi na vrh
offline šemahenry23 Građanin Pridružio: 23 Dec 2011 Poruke: 290	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Avg 2012 21:49 ========== FILES ========== File move failed. c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe scheduled to be moved on reboot. OTM by OldTimer - Version 3.1.21.0 log created on 08062012_214212 Files moved on Reboot... c:\documents and settings\vladan\start menu\programs\startup\mgyjn.exe moved successfully. Registry entries deleted on Reboot... 1 korak završen. Dopuna: 06 Avg 2012 22:03 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png 2 korak gotov. Dopuna: 06 Avg 2012 22:11 Nema ovoga virusa sto je bio. Mozete mi reći sta da uklonim sa računara ako ima neki visak.

Profil

ivance95 Poslao: 06 Avg 2012 22:15 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hoćeš li molim te da opišeš problem?

Profil

šemahenry23 Poslao: 06 Avg 2012 22:34 Idi na vrh
offline šemahenry23 Građanin Pridružio: 23 Dec 2011 Poruke: 290	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo pogledaj ovu temu. http://www.mycity.rs/Windows/Pretrazivaci-se-ukoce.html kada odem na youtube koč mi pretrazivaci. ovoga virusa nema više. memam sad nikakvih problema. osim ovoga sa pretrazivacima

Profil

ivance95 Poslao: 06 Avg 2012 22:43 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

šemahenry23 Poslao: 06 Avg 2012 23:24 Idi na vrh
offline šemahenry23 Građanin Pridružio: 23 Dec 2011 Poruke: 290	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ComboFix 12-08-05.02 - Vladan 06.08.2012 22:59:44.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.647 [GMT 2:00] Running from: c:\documents and settings\Vladan\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security Enabled {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0406.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AFPANSI . . ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))) . . 2012-08-06 19:34 . 2012-08-06 19:34 -------- d-----w- C:\_OTM 2012-08-06 13:03 . 2012-08-06 13:03 -------- dc----w- c:\program files\Mozilla Maintenance Service 2012-08-06 12:34 . 2012-08-06 12:34 -------- dc----w- c:\program files\Common Files\Java 2012-08-06 12:31 . 2012-08-06 12:31 -------- dc----w- c:\program files\Oracle 2012-08-06 12:30 . 2012-08-06 12:30 -------- dc----w- c:\documents and settings\Vladan\Application Data\Oracle 2012-08-06 12:30 . 2012-07-05 20:06 772544 -c--a-w- c:\windows\system32\npDeployJava1.dll 2012-07-28 18:07 . 2012-07-28 18:07 -------- dc----w- c:\program files\directx 2012-07-28 18:05 . 2012-07-28 18:06 -------- dc----w- c:\program files\Common Files\Logitech 2012-07-28 18:04 . 2012-07-28 18:04 -------- d-----w- C:\My Music 2012-07-28 18:04 . 2012-07-28 18:15 -------- dc----w- c:\program files\Common Files\Real 2012-07-28 18:04 . 2012-07-28 18:04 -------- dc----w- c:\program files\Windows Media Components 2012-07-28 18:03 . 2012-07-28 18:12 -------- d--h--w- c:\windows\msdownld.tmp 2012-07-28 18:02 . 2012-07-28 18:28 -------- dc----w- c:\program files\Logitech 2012-07-28 18:01 . 2012-07-28 18:01 53248 -c----w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll 2012-07-28 18:01 . 2012-07-28 18:01 126976 -c----w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe 2012-07-28 18:01 . 2012-07-28 18:01 114688 -c----w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll 2012-07-22 23:26 . 2012-07-23 00:13 -------- dc----w- c:\program files\FileMenuTools 2012-07-22 18:36 . 2012-07-22 23:24 -------- d-----w- C:\FileMenuTools 2012-07-18 11:44 . 2012-07-18 19:51 -------- dc----w- c:\program files\Common Files\RBSoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-06 12:29 . 2012-04-16 20:08 143872 -c--a-w- c:\windows\system32\javacpl.cpl 2012-08-02 22:02 . 2012-04-05 20:15 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 22:02 . 2012-02-21 15:13 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-05 20:06 . 2011-06-15 20:28 687544 -c--a-w- c:\windows\system32\deployJava1.dll 2012-07-03 16:21 . 2011-06-01 14:52 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-06-01 15:13 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-06-01 14:53 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-06-01 14:53 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-06-01 14:52 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-06-01 14:52 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-03 16:21 . 2011-06-01 14:52 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-03 16:21 . 2011-06-01 14:52 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-03 16:21 . 2011-06-01 15:13 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-06-01 14:52 227648 -c--a-w- c:\windows\system32\aswBoot.exe 2012-07-03 11:46 . 2012-01-07 16:11 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:19 . 2008-04-13 23:00 1866112 -c--a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-04-14 03:42 1372672 -c--a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2008-04-14 03:42 1172480 -c--a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-14 03:42 152576 -c--a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-08-06 18:24 22040 -c--a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2011-06-01 14:16 329240 -c--a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2011-06-01 14:16 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2011-06-01 14:16 210968 -c--a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-08-06 18:24 15384 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2011-06-01 14:16 53784 -c--a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2011-06-01 14:16 35864 -c--a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 18:24 45080 -c--a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-08-06 18:24 15384 -c--a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-04-14 03:41 97304 -c--a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 17944 -c--a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2011-06-01 14:16 577048 -c--a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2011-06-01 14:16 1933848 -c--a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2008-04-14 03:41 599040 -c--a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2008-04-14 03:42 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42 . 2008-04-14 03:42 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-05-11 14:42 . 2008-04-14 03:41 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-05-11 11:38 . 2008-04-13 22:07 385024 -c----w- c:\windows\system32\html.iec . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-01-02 . 0387E9B5976A4941E50BF934D0F84686 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "MCShield Monitor"="c:\program files\MCShield\MCShieldRTM.exe" [2012-03-12 583680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - f:\bluetooth exchange folder\BTTray.exe [2006-4-12 643133] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "NMSAccess"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "Guard Agent"=2 (0x2) "EaseUS Agent"=2 (0x2) "Ati HotKey Poller"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "f:\\KONAMI\\pes2012.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [21.1.2012 13:09 50312] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [21.1.2012 13:09 43784] R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [1.6.2011 16:34 73088] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3.5.2012 2:20 24408] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.6.2011 17:13 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.6.2011 16:53 353688] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [21.1.2012 13:09 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [21.1.2012 13:09 185864] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.6.2011 16:53 21256] S1 SuperMounter;SuperMounter; [x] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 22:15 250056] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.1.2012 18:51 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.1.2012 18:51 8456] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.8.2012 15:03 113120] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . --- Other Services/Drivers In Memory --- . NewlyCreated - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:02] . 2012-08-06 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 16:21] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-152049171-725345543-1003Core.job - c:\documents and settings\Vladan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-25 16:49] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-152049171-725345543-1003UA.job - c:\documents and settings\Vladan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-25 16:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://domredi.com/1/ uInternet Settings,ProxyServer = use:80 uInternet Settings,ProxyOverride = <local> uSearchAssistant = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - f:\bluetooth exchange folder\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Vladan\Application Data\Mozilla\Firefox\Profiles\oc38iv22.default\ FF - prefs.js: browser.startup.homepage - hxxp://tv.sb.eurosport.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-06 23:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1614895754-152049171-725345543-1003\ "_] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "MachineID"=hex:3d,f2,5d,09,50,06,e2,00 DUMPHIVE0.003 (REGF) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe f:\bluetooth exchange folder\bin\btwdins.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-08-06 23:13:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-06 21:13 . Pre-Run: 4.021.465.088 bytes free Post-Run: 3.781.029.888 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /noexecute=alwaysoff /fastdetect . - - End Of File - - D780A0BE792C78B024DD8507D726FD03 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

ivance95 Poslao: 07 Avg 2012 09:32 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na računaru više nemaš aktivnog malware-a. Ukoliko i dalje imaš problema u radu obrati se u svojoj temi u Windows potforumu. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html Ivance95 (AMF Tim)

Profil

šemahenry23 Poslao: 07 Avg 2012 13:10 Idi na vrh
offline šemahenry23 Građanin Pridružio: 23 Dec 2011 Poruke: 290	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Testiro sam pretrazivač sve je dobro. jutjub stopa jos ne mogu da odem na settings(na videosnimak pa desni taster misa pa settings)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus radi pometnju.

Ko je trenutno na forumu

Ukupno su 1137 korisnika na forumu :: 30 registrovanih, 1 sakriven i 1106 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100ka, 357magnum, A.R.Chafee.Jr., acatomic, Andrija357, Apok, ArchaBasha, babaroga, Bane san, Ben Roj, doloress, draganl, Drakce65, Duh sa sekirom, Fabius, Georgius, HrcAk47, ikan, Inner-Cell, kybonacci, Mihajlo, mikrimaus, Nemanja.M, Panter, radojevic169, RED4G-304, Romibrat, shaja1, vathra, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by