MyCity » Ambulanta -> Arhiva Ambulante » virus

virus

Napisano na dan: 21.8.2011

Strana:
1
2

virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2

vmarko Poslao: 21 Avg 2011 19:17 Idi na vrh
offline vmarko Novi MyCity građanin Pridružio: 21 Avg 2011 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo! Usao sam na link, na chatu.Trazilo je da instaliram flash player ... Od tada nemogu na fejs. Ima li pomoci,ili moram reinstalirat sistem? Windows 7 koristim.Hvala unaprijed!

Profil

1l padr1n0 Poslao: 21 Avg 2011 19:33 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav vmarko! Ne moras reinstalirati Windows. Uklonicemo malware sa sistema, samo je potrebno da detaljno radis ono sto ti budem, u ovoj temi, pisao. Za pocetak, isprati detaljno Uputstvo sa ovog linka: UPUTSTVO ZA OTVARANJE TEME U AMBULANTU i postavi potrebne izvestaje dijagnostickih alata u zavisnosti od toga koji operativni sistem imas. goran9888 (AMF Tim)

Profil

vmarko Poslao: 21 Avg 2011 20:48 Idi na vrh
offline vmarko Novi MyCity građanin Pridružio: 21 Avg 2011 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ne koristim antivirus.Jedino sto sam skinuo "HitmanPro35",skenirao comp,i sad nemoze da se otvori nikako fejs stranicu.Ostale normalno.Unistalirao sam ga posle skeniranja. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 Run by bajo at 19:52:22 on 2011-08-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1909.1243 [GMT 2:00] . SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\CyberLink\YouCam\YouCamTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe mRun: [LoadBtnHnd] c:\program files\fujitsu\application panel\BtnHnd.exe mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0" mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [tray_ico] mRun: [tray_ico0] mRun: [tray_ico1] mRun: [tray_ico2] mRun: [tray_ico3] mRun: [tray_ico4] StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\program files\wibukey\server\WkSvMgr.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{FAA9618D-C36A-4F32-9F79-13B89BA61E9C} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{FAA9618D-C36A-4F32-9F79-13B89BA61E9C}\0596E646F6 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{FAA9618D-C36A-4F32-9F79-13B89BA61E9C}\461646F6 : DhcpNameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{FAA9618D-C36A-4F32-9F79-13B89BA61E9C}\C696E6B6379737 : DhcpNameServer = 213.133.3.5 212.200.246.8 TCP: Interfaces\{FAA9618D-C36A-4F32-9F79-13B89BA61E9C}\D43594 : DhcpNameServer = 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\bajo\appdata\roaming\mozilla\firefox\profiles\enarn2iu.default\ FF - prefs.js: browser.startup.homepage - http:/www.google.rs FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\mozilla firefox 4.0 beta 11\plugins\npwachk.dll FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-8-8 632792] R2 QDLService2kSierra;Qualcomm Gobi 2000 Download Service (Sierra);c:\program files\qualcomm\qdlservice2k\QDLService2kSierra.exe [2009-10-1 329976] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-5-27 2314240] R2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\csr\bluetooth feature pack 5.0\VFPRadioSupportService.exe [2009-12-24 111536] R2 WirelessSelectorService;WirelessSelectorService;c:\program files\fujitsu\wirelessselector\WSUService.exe [2008-10-9 62760] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2004-1-18 4864] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-11-27 209920] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-29 136176] S2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?] S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?] S2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?] S2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-29 136176] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-2 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224] S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-3 1343400] . =============== Created Last 30 ================ . 2011-08-21 15:59:05 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-08-21 15:59:04 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-08-21 15:58:02 -------- d-----w- c:\programdata\Hitman Pro 2011-08-21 14:03:06 -------- d-----w- c:\windows\rpcminer 2011-08-21 14:03:06 -------- d-----w- c:\windows\phoenix 2011-08-21 13:46:38 246272 ----a-w- c:\windows\unrar.exe 2011-08-21 09:25:46 -------- d-----w- c:\users\bajo\appdata\roaming\AnvSoft 2011-08-21 09:24:52 -------- d-----w- c:\program files\AnvSoft 2011-08-19 06:20:37 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eacd8eb6-f9d2-426a-9c70-c3eb80d07d4e}\mpengine.dll 2011-08-10 22:49:30 -------- d-----w- c:\program files\common files\Symantec Shared 2011-08-10 04:53:13 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 04:53:12 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-08-10 04:53:11 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 04:53:08 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-08 14:18:42 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-08-08 14:18:42 506368 ----a-w- c:\windows\system32\msxml.dll 2011-08-08 14:18:42 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-08-08 14:18:42 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-08-08 14:18:42 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-08-08 14:18:41 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2011-08-08 14:18:38 -------- d-----w- c:\program files\common files\PC Tools 2011-08-06 19:36:19 -------- d-----w- c:\programdata\Symantec 2011-08-06 19:36:17 -------- d-----w- c:\windows\system32\drivers\nss\0305010.006 2011-08-06 19:36:17 -------- d-----w- c:\windows\system32\drivers\NSS 2011-08-06 19:36:17 -------- d-----w- c:\programdata\Norton 2011-08-06 19:36:17 -------- d-----w- c:\program files\Norton Security Scan 2011-08-06 19:36:15 -------- d-----w- c:\programdata\NortonInstaller 2011-08-06 19:36:15 -------- d-----w- c:\program files\NortonInstaller 2011-08-06 17:36:14 -------- d-----w- c:\users\bajo\appdata\local\Real 2011-07-29 16:55:40 -------- d-----w- c:\programdata\Protexis 2011-07-28 17:08:06 -------- d-----w- c:\users\bajo\appdata\local\GS-LW-Temp 2011-07-28 17:00:16 -------- d-----w- c:\users\bajo\Graphisoft 2011-07-28 17:00:16 -------- d-----w- c:\users\bajo\appdata\roaming\Graphisoft 2011-07-28 17:00:16 -------- d-----w- c:\users\bajo\appdata\local\Graphisoft 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-07-28 16:52:46 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-07-28 16:52:01 -------- d-----w- c:\users\bajo\appdata\local\Apple 2011-07-28 16:45:44 -------- d-----w- c:\program files\Graphisoft 2011-07-22 20:29:42 -------- d-----w- c:\users\bajo\appdata\local\uTorrent . ==================== Find3M ==================== . 2011-08-21 13:48:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-06 17:36:42 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-06 17:36:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe 2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll 2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll 2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll 2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll 2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll 2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll 2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-06-03 20:14:19 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-06-03 20:14:19 13824 ----a-w- c:\windows\system32\slwga.dll 2011-06-03 20:14:18 811520 ----a-w- c:\windows\system32\user32.dll 2011-06-03 13:26:17 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-05-27 20:07:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll . ============= FINISH: 19:53:07.48 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 22 Avg 2011 00:32 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: Files to delete: c:\windows\sysdriver32.exe c:\windows\unrar.exe Folders to delete: c:\windows\update.5.0 c:\windows\update.2 c:\windows\update.1 c:\windows\rpcminer c:\windows\phoenix C:\Windows\update.7.1 Registry values to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico0 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico1 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico2 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico3 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico4 Drivers to delete: ddservice srvbtcclient srviecheck srvsysdriver32 wxpdrivers Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

vmarko Poslao: 22 Avg 2011 01:04 Idi na vrh
offline vmarko Novi MyCity građanin Pridružio: 21 Avg 2011 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 22 Avg 2011 0:51 Logfile of The Avenger Version 2.0, (c) by Swandog46 swandog46.geekstogo.com Platform: Windows Vista ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\windows\sysdriver32.exe" not found! Deletion of file "c:\windows\sysdriver32.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "c:\windows\unrar.exe" deleted successfully. Error: folder "c:\windows\update.5.0" not found! Deletion of folder "c:\windows\update.5.0" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "c:\windows\update.2" not found! Deletion of folder "c:\windows\update.2" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "c:\windows\update.1" not found! Deletion of folder "c:\windows\update.1" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "c:\windows\rpcminer" deleted successfully. Folder "c:\windows\phoenix" deleted successfully. Error: folder "C:\Windows\update.7.1" not found! Deletion of folder "C:\Windows\update.7.1" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "ddservice" deleted successfully. Driver "srvbtcclient" deleted successfully. Driver "srviecheck" deleted successfully. Driver "srvsysdriver32" deleted successfully. Driver "wxpdrivers" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico0" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico1" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico2" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico3" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|tray_ico4" deleted successfully. Completed script processing. ***************** Finished! Terminate. Dopuna: 22 Avg 2011 1:04 Malwarebytes' Anti-Malware 1.51.1.1800 malwarebytes.org Database version: 7529 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 8/22/2011 1:03:59 AM mbam-log-2011-08-22 (01-03-59).txt Scan type: Quick scan Objects scanned: 160160 Time elapsed: 4 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Users\bajo\AppData\Local\Temp\dpuztwsn.exe.part (Adware.FunWeb) -> Quarantined and deleted successfully. c:\Users\bajo\AppData\Local\Temp\6qlx1mux.exe.part (Adware.FunWeb) -> Quarantined and deleted successfully. c:\Windows\Temp\3756399.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Temp\4041184.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Profil

1l padr1n0 Poslao: 22 Avg 2011 01:14 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

vmarko Poslao: 22 Avg 2011 01:42 Idi na vrh
offline vmarko Novi MyCity građanin Pridružio: 21 Avg 2011 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-08-21.01 - bajo 08/22/2011 1:32.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1909.1212 [GMT 2:00] Running from: c:\users\bajo\Desktop\ComboFix.exe SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\page c:\programdata\page\page.ico c:\programdata\page\page.URL c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\loader2.exe_ok c:\windows\phoenix.rar c:\windows\proc_list1.log c:\windows\rpcminer.rar c:\windows\system32\drivers\etc\HSTS~1 c:\windows\ufa.rar c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log . . ((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))))) . . 2011-08-21 23:37 . 2011-08-21 23:37 -------- d-----w- c:\users\bajo\AppData\Local\temp 2011-08-21 23:37 . 2011-08-21 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-21 22:57 . 2011-08-21 22:57 -------- d-----w- c:\users\bajo\AppData\Roaming\Malwarebytes 2011-08-21 22:57 . 2011-08-21 22:57 -------- d-----w- c:\programdata\Malwarebytes 2011-08-21 22:57 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-21 22:57 . 2011-08-21 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-21 22:57 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-21 15:59 . 2011-08-21 16:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-08-21 15:59 . 2011-08-21 15:59 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-08-21 15:58 . 2011-08-21 16:08 -------- d-----w- c:\programdata\Hitman Pro 2011-08-21 09:25 . 2011-08-21 09:25 -------- d-----w- c:\users\bajo\AppData\Roaming\AnvSoft 2011-08-21 09:24 . 2011-08-21 09:24 -------- d-----w- c:\program files\AnvSoft 2011-08-19 06:20 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EACD8EB6-F9D2-426A-9C70-C3EB80D07D4E}\mpengine.dll 2011-08-10 22:49 . 2011-08-21 08:25 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-08-10 04:53 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 04:53 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-08-10 04:53 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 04:53 . 2011-06-21 05:34 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-08 14:18 . 2010-09-16 09:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-08-08 14:18 . 2008-04-02 13:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-08-08 14:18 . 2008-04-02 13:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-08-08 14:18 . 2008-04-02 13:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-08-08 14:18 . 2004-08-04 05:00 506368 ----a-w- c:\windows\system32\msxml.dll 2011-08-08 14:18 . 2008-09-17 19:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2011-08-08 14:18 . 2011-08-08 14:18 -------- d-----w- c:\program files\Common Files\PC Tools 2011-08-06 19:36 . 2011-08-06 19:36 -------- d-----w- c:\programdata\Symantec 2011-08-06 19:36 . 2011-08-06 19:36 -------- d-----w- c:\windows\system32\drivers\NSS 2011-08-06 19:36 . 2011-08-06 19:36 -------- d-----w- c:\programdata\Norton 2011-08-06 19:36 . 2011-08-06 19:36 -------- d-----w- c:\program files\Norton Security Scan 2011-08-06 19:36 . 2011-08-06 19:36 -------- d-----w- c:\program files\NortonInstaller 2011-08-06 17:36 . 2011-08-06 17:36 -------- d-----w- c:\users\bajo\AppData\Local\Real 2011-07-29 16:55 . 2011-07-29 16:55 -------- d-----w- c:\programdata\Protexis 2011-07-29 16:55 . 2011-07-29 16:55 -------- d-----w- c:\users\bajo\AppData\Roaming\Corel 2011-07-28 17:08 . 2011-07-28 17:08 -------- d-----w- c:\users\bajo\AppData\Local\GS-LW-Temp 2011-07-28 17:00 . 2011-08-07 11:08 -------- d-----w- c:\users\bajo\Graphisoft 2011-07-28 17:00 . 2011-07-28 22:01 -------- d-----w- c:\users\bajo\AppData\Local\Graphisoft 2011-07-28 17:00 . 2011-07-28 22:01 -------- d-----w- c:\users\bajo\AppData\Roaming\Graphisoft 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2011-07-28 16:52 . 2011-07-28 16:52 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2011-07-28 16:52 . 2011-07-28 16:52 -------- d-----w- c:\program files\QuickTime 2011-07-28 16:52 . 2011-07-28 16:52 -------- d-----w- c:\programdata\Apple Computer 2011-07-28 16:52 . 2011-07-28 16:52 -------- d-----w- c:\users\bajo\AppData\Local\Apple 2011-07-28 16:51 . 2011-07-28 16:51 -------- d-----w- c:\programdata\Apple 2011-07-28 16:51 . 2011-07-28 16:51 -------- d-----w- c:\program files\Apple Software Update 2011-07-28 16:45 . 2011-07-28 16:45 -------- d-----w- c:\program files\Graphisoft 2011-07-28 16:44 . 2011-07-28 16:44 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 13:48 . 2011-05-27 21:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-06 17:36 . 2011-05-27 20:05 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-08-06 17:36 . 2011-05-27 20:05 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-06-11 02:29 . 2011-07-13 10:23 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-06-03 20:14 . 2011-06-02 05:05 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-06-03 20:14 . 2011-06-02 05:05 13824 ----a-w- c:\windows\system32\slwga.dll 2011-06-03 20:14 . 2011-06-02 05:05 811520 ----a-w- c:\windows\system32\user32.dll 2011-06-03 13:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-05-27 20:07 . 2011-05-27 20:07 410984 ----a-w- c:\windows\system32\deploytk.dll 2011-05-24 17:14 . 2011-05-27 21:21 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:44 . 2011-06-29 08:07 293376 ----a-w- c:\windows\system32\umpnpmgr.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-06-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-07-15 639352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 138088] "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 33640] "CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 346512] "ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 504208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 166936] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-05-27 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-06 273544] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Network Server.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2011-7-28 3768320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-03 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792] S2 QDLService2kSierra;Qualcomm Gobi 2000 Download Service (Sierra);c:\program files\QUALCOMM\QDLService2k\QDLService2kSierra.exe [2009-10-01 329976] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240] S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 111536] S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2008-10-09 62760] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2004-01-18 4864] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] . . Contents of the 'Scheduled Tasks' folder . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 17:36] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 17:36] . 2011-08-21 c:\windows\Tasks\Norton Security Scan for bajo.job - c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-06 11:19] . 2011-08-21 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-08-08 08:02] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\bajo\AppData\Roaming\Mozilla\Firefox\Profiles\enarn2iu.default\ FF - prefs.js: browser.startup.homepage - http:/www.google.rs . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-22 01:39:01 ComboFix-quarantined-files.txt 2011-08-21 23:39 . Pre-Run: 71,814,242,304 bytes free Post-Run: 71,955,329,024 bytes free . - - End Of File - - A0A905704FC7C24C6EF6BEAD1231AA56

Profil

1l padr1n0 Poslao: 22 Avg 2011 01:56 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je da instaliras jedan Anti-Virus na sistem. Moj predlog je da koristis besplatan Anti-Virus ukoliko nemas licencu za komercijalnu verziju AV-a. Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan. Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa Kakvo je sada stanje sistema? goran9888 (AMF Tim)

Profil

vmarko Poslao: 22 Avg 2011 02:05 Idi na vrh
offline vmarko Novi MyCity građanin Pridružio: 21 Avg 2011 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gorane,hvala puno ! Sad radi sve normalno (pa ne znam do kad ce ) Mozda savjet,koji AV da instaliram ?

Profil

1l padr1n0 Poslao: 22 Avg 2011 02:16 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema na cemu. Sto se tice AV-a, pomenuo sam ti u prethodnoj poruci koje mozes instalirati. Bilo koji da odaberes neces pogresiti jer bolje je imati bilo kakav AV na sistemu, nego nemati nikakav. Inace, imamo jos par koraka do kraja ... Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Potrebno je obrisati folder na sledecoj lokaciji: C:\Avenger To je folder-karantin programa koji smo koristili za uklanjanje malware-a i u njemu se nalazi malware koji je obrisan. Ostale koriscene programe u slucaju slobodno mozes obrisati sa sistema. Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. -------------------------------------------------------- - Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html - Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Imas prastaru verziju Jave koju moras nadograditi zbog sigurnosnih propusta u njoj. U svakom slucaju, bilo koji dodatak da je stare verzije, bilo bi pozeljno nadograditi ga na najnoviju. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html - Start -> Control Panel -> Add or Remove Programs - deinstaliraj sve aplikacije koje su visak, tj. ne trebaju ti. Takodje preporucio bih ti i deinstaliranje toolbar-ova ako ih ne koristis: Norton Security Scan, Skype Toolbars, Google Toolbar for Internet Explorer. To bi bilo to.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus

Ko je trenutno na forumu

Ukupno su 893 korisnika na forumu :: 17 registrovanih, 2 sakrivenih i 874 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Battlehammer, brundo65, Dimitrise93, DonRumataEstorski, dragoljub11987, goxin, havoc995, Insan, JOntra, Kenanjoz, kovac9mm, mikki jons, pein, radionica1, sasa76, Srle993, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by