My Security Shield

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E ovo mi je jedan veeeeliki problem,jer mi se dotični "antivirus" program iznenada pojavio na desktopu i sad mi non/stop iskaču prozorčići sa porukama kako mi je navodno kompjuter zaražen .Pošto sam ukapirala da je sam program ustvari virus, pomozite mi ,jer ne mogu da ga obrišem.Probala sam da na googlu pronađem rešenje ali ipak nisam uspela da ga obrišem.

• 1Ovo se svidja korisniku: Mirabe
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav i dobro dosla u Ambulantu MyCity foruma.


Ovde postoje neka pravila.
Da bi otvorila temu, potrebno je da detaljno ispratis sve korake u Uputstvu sa ovog link-a:
-> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html



U sledecoj poruci mi postavi potrebne log-ove.





goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 11 Avg 2010 19:16

:oops: Tako je to kad se ne čita

E pa ovako onda:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mirjana at 18:39:34,17 on sre 11.08.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1016 [GMT 2:00]

AV: My Security Shield *On-access scanning enabled* (Updated) {D9F22040-A050-40C4-82C7-09B9C1ED4F7A}
FW: My Security Shield *enabled* {D9F8F1A8-1627-4819-8933-03AAC365B101}

Nadam se da sam sad sve dobro uradila



============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\antivirus\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mirjana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Service Pack 3 Internet Explorer
uStart Page = hxxp://mystart.incredimail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=fbpage&s={searchTerms}&f=4
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] d:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [My Security Shield] "c:\documents and settings\all users\application data\08bf9d4\MS08bf_289.exe" /s /d
uRun: [SUPERAntiSpyware] d:\antivirus\SUPERAntiSpyware.exe
mRun: [DSLAGENTEXE] c:\program files\conexant\adsl\dslagent.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DSLSTATEXE] c:\program files\conexant\adsl\dslstat.exe icon
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NPSStartup]
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\mirjana\startm~1\programs\startup\thinkg~1.lnk - c:\program files\stardock\desktopgadgets\think green weather\Think Green Weather.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {A0164A24-5F86-41AA-A8EE-0890C26C8708} = 77.105.0.19 77.105.0.18
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\antivirus\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - d:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\antivirus\SASSEH.DLL
mASetup: ccc-core-static - msiexec /fums {399150FC-EB45-1CE0-0792-1F3A23397BD4} /qb
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mirjana\applic~1\mozilla\firefox\profiles\yte2e31i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=35233539&tool_id=60531&qkw=
FF - component: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - component: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\mirjana\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-2-15 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-2-15 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R1 SASDIFSV;SASDIFSV;d:\antivirus\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\antivirus\SASKUTIL.SYS [2010-5-10 67656]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-17 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-17 36608]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 ekrn;ESET Service;"d:\program files\eset\eset nod32 antivirus\ekrn.exe" --> d:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-5-17 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-5-17 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-5-17 121856]

=============== Created Last 30 ================

2010-08-11 15:59:53 0 d-----w- c:\docume~1\mirjana\applic~1\SUPERAntiSpyware.com
2010-08-11 15:59:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-11 11:12:08 5694 ----a-w- C:\Sdicon32.ico
2010-08-11 10:12:51 0 d-----w- c:\docume~1\mirjana\applic~1\Malwarebytes
2010-08-11 10:12:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 10:12:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-11 10:12:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 09:51:54 0 d-----w- c:\docume~1\mirjana\applic~1\GetRightToGo
2010-08-07 09:29:24 767952 ----a-w- c:\windows\BDTSupport.dll0839.old
2010-08-07 09:29:23 1652688 ----a-w- c:\windows\PCTBDCore.dll0839.old
2010-08-07 09:29:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0839.old
2010-08-07 09:09:39 0 d-----w- c:\program files\Spyware Doctor
2010-08-07 09:09:39 0 d-----w- c:\program files\common files\PC Tools
2010-08-07 07:26:59 0 d-----w- c:\docume~1\mirjana\applic~1\QuickScan
2010-08-07 07:21:51 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-08-06 19:09:32 0 d-sh--w- c:\docume~1\mirjana\applic~1\My Security Shield
2010-08-06 19:09:22 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSKSGMEUIRS
2010-08-05 17:06:06 0 d-----w- c:\docume~1\alluse~1\applic~1\PhotoMail
2010-08-05 17:06:05 0 d-----w- c:\program files\PhotoMail Maker
2010-08-05 17:05:04 0 d-----w- c:\program files\IncrediMail
2010-08-05 17:05:04 0 d-----w- c:\docume~1\alluse~1\applic~1\IncrediMail
2010-08-05 17:05:04 0 d-----w- c:\docume~1\alluse~1\applic~1\IM
2010-07-26 13:08:46 0 d-----w- c:\docume~1\alluse~1\applic~1\KONAMI
2010-07-24 08:14:50 0 d-----w- c:\program files\common files\DivX Shared
2010-07-14 08:01:39 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-06-12 13:11:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-16 12:19:37 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 18:40:13,60 ===============

mycity.rs/must-login.png




mycity.rs/must-login.png

Dopuna: 11 Avg 2010 19:19

Da i zaboravila sam da kažem da mi je obrisao NOD32

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio/la uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

------------------------------------------------------------------------------------




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.






goran9888 (AMF Tim).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Radila sam sve po upustvu, sve je išlo OK ali ništa nije očitano,stajalo je ovako 5 sati i ništa!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Izvinjavam se sto kasnim sa odgovorom ali pisanje skripte je dosta dugo trajalo. Nadam se da ces imati razumevanja.




Korak 1.

Snimi sledeci file na Desktop.
-> https://www.mycity.rs/must-login.png


Korak 2.

Preuzmi AVZ Antiviral Toolkit sa sledećeg linka :

http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip


Raspakuj arhivu u neki folder (uputstvo), a zatim:
pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Custom Scripts;

u prozor koji se otvori klikni na Load

otvorice se novi prozor u kome je potrebno da sa leve strane izaberes Desktop i pronadjes .txt file pod nazivom 94804_1121177995_Script.txt (klik na file pa na Open)


klikni taster Run i sačekaj da se skripta izvrši.


--------------------------------


Korak 3.


Ponovo pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Standard Scripts;

U prozoru koji se otvori štikliraj opciju 2 i klikni Execute Selected Scripts;

klikni Yes;

po završetku skeniranja dobićeš obaveštenje: Script Executed;

izađi iz programa.

Uploaduj fajl virusinfo_syscheck.zip koji se nalazi u avz\log folderu na forum.




goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

Nadam se da sam dobro uradila

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesi.

Detaljno isprati Uputstvo


Korak 1.


Preuzmi AVZ Antiviral Toolkit sa sledećeg linka :

http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip


Raspakuj arhivu u neki folder (uputstvo), a zatim:
pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Custom Scripts;

u prozor koji se otvori iskopiraj sve što se nalazi unutar Kod polja:

begin
ClearHostsFile;
RebootWindows(true);
end.

klikni taster Run i sačekaj da se skripta izvrši

nakon zavrsetka skripte (potrebno je da pritisnes Ok) racunar ce se restartovati (onda predji na Korak 2.).
--------------------------------


Korak 2.


Ponovo pokreni AVZ (dvoklikom na ikonicu);

u meniju izaberi File > Standard Scripts;

U prozoru koji se otvori štikliraj opciju 2 i klikni Execute Selected Scripts;

klikni Yes;

po završetku skeniranja dobićeš obaveštenje: Script Executed;

izađi iz programa.

Uploaduj fajl virusinfo_syscheck.zip koji se nalazi u avz\log folderu na forum.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje racunara?


Sada bi Combo Fix trebalo da radi.
Vrati se par post-ova iznad i isprati detaljno uputstvo za Combo Fix koje sam ti postavio (skini novu verziju CF-a sa link-a, izvrsi scan i postavi potreban log u sledecoj poruci).




goran9888 (AMF Tim)