Ima virusa! Obrisati ih kako? :)

1

Ima virusa! Obrisati ih kako? :)

offline
  • Pridružio: 16 Okt 2007
  • Poruke: 68

Prekjuce sam skenirao komp sa malwerbytesom, prilikom ukljucivanja nije uspeo da se updejtuje, sve jedno sam pustio skan nasao je neke viruse dao sam da ih obrise! Ondak rekoh, kada je ova stara verzija nasla viruse ajde da nju obrisem i istaliram novu tako i uradim samo sto ovoga puta nadjem pro verziju, kada vidim da u karantinu prikazuje one iste viruse koja je nasla starija verzija! Dao sam da se kompletno odstrani starija verzija, pre istaliranja nove! Ali od juce komp radi losije, tj sporije se podize, internet zeza tj sporo ucitava i ne ucitava do kraja stranice a i u vecini puta prikaze da nema neta! Internet koji koristim je Telekomov uzimam ga preko Wi Fi. U medjuvremenu sam obrisao malwerbytes misleci da on pravi probleme, ali komp se ponasa isto!


mycity.rs/must-login.png

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.20861 BrowserJavaVersion: 10.11.2
Run by princeza at 21:54:26 on 2013-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\wen9g.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\amdpcom32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Documents and Settings\princeza\qyndixfozemy.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Documents and Settings\princeza\jusudduwolij.exe
C:\Documents and Settings\princeza\zimepylzetyl.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\amdpcom32.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uWinlogon: Shell = explorer.exe,c:\documents and settings\princeza\vjksnu.exe
mWinlogon: TaskMan = c:\documents and settings\princeza\vjksnu.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: BitAcceleratorBHO Class: {CAC42510-9B41-42c1-9DCD-7282A2D07C61} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\princeza\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [qyndixfozemy] c:\documents and settings\princeza\qyndixfozemy.exe
uRun: [jusudduwolij] c:\documents and settings\princeza\jusudduwolij.exe
uRun: [zimepylzetyl] c:\documents and settings\princeza\zimepylzetyl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [smwcore] c:\windows\system32\amdpcom32.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [AppDataLow] c:\documents and settings\princeza\application data\CB913C.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\minima~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 12 standard\MiniMavis.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0254EFB2-F63E-4867-BE69-2F9BECF34CE2} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AvyothugYuth.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Kodek9xe;Upeharbse;c:\windows\smss.exe [2013-2-5 83456]
R2 Qiperect9xP ;Librari7XP Abramics;c:\windows\wen9g.exe [2013-2-5 88064]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 Strikersgame;Iogame Arhitecturex32;c:\windows\csrss.exe [2013-2-5 79872]
R2 Yoorfylders;OptimizeProcessors;c:\windows\lsass.exe [2013-2-5 79872]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-12-17 1594944]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2012-9-22 433920]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-3 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-3 8576]
.
=============== Created Last 30 ================
.
2013-02-06 20:49:13 27136 ----a-w- c:\windows\system32\ATIDEMGX.exe
2013-02-06 20:37:13 36816 ----a-w- c:\windows\system32\atkctrs.exe
2013-02-06 20:36:08 27136 ----a-w- c:\windows\system32\appmgr.exe
2013-02-06 20:12:03 36816 ----a-w- c:\windows\system32\apphelp.exe
2013-02-06 20:10:59 27136 ----a-w- c:\windows\system32\actxprxy.exe
2013-02-06 18:34:55 36816 ----a-w- c:\windows\system32\atmpvcno.exe
2013-02-06 18:33:44 27136 ----a-w- c:\windows\system32\6to4svc.exe
2013-02-06 18:33:44 13824 ----a-w- c:\windows\system32\AvyothugYuth.dll
2013-02-06 17:49:11 36816 ----a-w- c:\windows\system32\admparse.exe
2013-02-06 17:47:35 27136 ----a-w- c:\windows\system32\aticaldd.exe
2013-02-06 15:13:43 36816 ----a-w- c:\documents and settings\princeza\zimepylzetyl.exe
2013-02-06 15:12:46 36816 ----a-w- c:\windows\system32\a3d.exe
2013-02-06 15:11:33 27136 ----a-w- c:\windows\system32\adsldpc.exe
2013-02-06 12:28:49 64512 ----a-w- c:\windows\system32\aaaamon.exe
2013-02-06 12:12:55 64512 ----a-w- c:\windows\system32\aaclient.exe
2013-02-06 12:12:22 297472 ----a-w- c:\windows\system32\amdpcom32.exe
2013-02-06 11:11:43 64512 ----a-w- c:\windows\system32\atiadlxx.exe
2013-02-06 09:34:42 64512 ----a-w- c:\windows\system32\adsmsext.exe
2013-02-06 07:59:24 64512 ----a-w- c:\windows\system32\ati2cqag.exe
2013-02-05 23:19:10 36312 ----a-w- c:\windows\system32\amstream.exe
2013-02-05 23:13:08 64512 ----a-w- c:\windows\system32\cabview.exe
2013-02-05 23:11:31 -------- d-----w- c:\documents and settings\princeza\application data\Chrome
2013-02-05 21:14:07 64512 ----a-w- c:\windows\system32\activeds.exe
2013-02-05 19:14:33 10240 ----a-w- c:\windows\system32\acledit.exe
2013-02-05 19:12:12 64512 ----a-w- c:\windows\system32\adsnds.exe
2013-02-05 18:58:58 10240 ----a-w- c:\windows\system32\adsnt.exe
2013-02-05 18:54:45 64512 ----a-w- c:\windows\system32\adsnw.exe
2013-02-05 18:38:18 10240 ----a-w- c:\windows\system32\ati2dvag.exe
2013-02-05 18:32:57 64512 ----a-w- c:\windows\system32\advpack.exe
2013-02-05 18:28:48 297472 ----a-w- c:\windows\system32\aticalcl.exe
2013-02-05 15:14:26 36312 ----a-w- c:\documents and settings\princeza\jusudduwolij.exe
2013-02-05 15:11:34 36312 ----a-w- c:\windows\system32\ati2edxx.exe
2013-02-05 15:07:16 64512 ----a-w- c:\windows\system32\acctres.exe
2013-02-05 15:05:21 83456 ----a-w- c:\windows\smss.exe
2013-02-05 15:05:21 79872 ----a-w- c:\windows\csrss.exe
2013-02-05 15:05:19 88064 ----a-w- c:\windows\wen9g.exe
2013-02-05 15:05:19 79872 ----a-w- c:\windows\lsass.exe
2013-02-05 15:04:28 297472 ----a-w- c:\windows\system32\atiok3x2.exe
2013-02-05 14:59:48 35808 ----a-w- c:\documents and settings\princeza\qyndixfozemy.exe
2013-01-31 23:50:38 -------- d-----w- c:\program files\SpeedFan
2013-01-27 15:39:53 -------- d-----w- c:\documents and settings\princeza\application data\RealNetworks
2013-01-27 15:38:56 -------- d-----w- c:\program files\RealNetworks
2013-01-27 15:38:51 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-01-27 15:38:39 -------- d-----w- c:\program files\common files\xing shared
2013-01-25 21:30:30 74012 --sh--r- c:\documents and settings\princeza\vjksnu.exe
2013-01-25 08:55:01 -------- d-sh--r- C:\Win
2013-01-20 02:55:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-01-27 15:38:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-27 15:38:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-01-08 22:38:01 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 22:38:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 22:37:56 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-11-14 10:47:06 2 ----a-w- c:\windows\system32\Dvbpws.dll
.
============= FINISH: 21:54:49.81 ===============

mycity.rs/must-login.png


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


mycity.rs/must-login.png

Neki sam okacio 2x. Na ovom racunaru ne postoji antivirus. Ali na drugom koji je vezan za ovaj i preko njega uzima net i podatke postoji . Na drugom mi se sada upravo javlja C:\Win\1.exe C:\Win\2.exe u vidu dos fajla i tako je stigao do 25 prozorcica zablokirao je masinu! Antivirus koji ima je AVG besplatni!

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav mozda

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------


Arrow
Pre prelaska na sledeci korak obavezno odradi sledece:
Računar, na kom su napravljeni svi ti logovi i nema Antivirus, obavezno poveži direktno na internet, a onaj računar, na kome se nalazi AVG, isključi iz mreže.

Racunari ne smeju da budu povezani u mrezu!!!


Ukoliko posedujes USB flash ili memorijsku karticu, nemoj da prikljucujes na racunar dok ti ja ne kazem!!!







Arrow

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 16 Okt 2007
  • Poruke: 68

Napisano: 07 Feb 2013 2:04

Pozdrav hvala na odgovoru!
Mrka kapa, do sada buljim u ove monitore digo sam nove sisteme.
Posto je ovaj komp sa AVG poludeo skroz iskakali prozori non stop procesor na 100%! A na prvom kompu, internet nije hteo, pa nisam mogao da procitam poruke!
Internet mogu samo preko WiFi!
Trebalo bi iskenirati particije. Molio bih za savet sa cime i kako? Da li sa DDS, Gmer?
Fleske necu ubacivati vec ako me zena ne zezne ujutru dok spavam Smile
poz

Dopuna: 07 Feb 2013 22:35

Nemoguce da niko nema ideju?

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Dostavi mi sveze DDS.txt Attach.txt i GMER logove.

offline
  • Pridružio: 16 Okt 2007
  • Poruke: 68

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Princ at 0:17:17 on 2013-02-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.476 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9D222C0A-6098-44BA-8102-288E8157F535} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-2-7 1714176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
.
=============== Created Last 30 ================
.
2013-02-07 13:19:43 -------- d-----w- C:\games
2013-02-07 12:27:43 60928 ----a-r- c:\windows\system32\drivers\viamraid.sys
2013-02-07 12:18:00 -------- d-----r- c:\program files\Skype
2013-02-07 12:01:39 -------- d-----w- c:\windows\system32\ReinstallBackups
2013-02-07 12:01:25 -------- d-----w- c:\program files\VIA
2013-02-07 11:43:04 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2013-02-07 10:58:31 48128 ----a-w- c:\windows\system32\Remove.exe
2013-02-07 10:58:31 458752 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2013-02-07 10:58:30 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2013-02-07 10:58:29 -------- d-----w- c:\program files\ANC
2013-02-07 10:58:28 14336 ----a-w- c:\windows\system32\P7302USD.dll
2013-02-07 10:58:28 129024 ----a-w- c:\windows\system32\SP7302.AX
2013-02-07 10:58:28 -------- d-----w- c:\windows\PixArt
2013-02-07 10:58:28 -------- d-----w- c:\program files\common files\PAC7302
2013-02-07 10:57:49 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2013-02-07 10:57:49 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2013-02-07 10:57:49 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2013-02-07 10:57:49 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2013-02-07 10:57:48 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2013-02-07 10:56:55 -------- d-----w- c:\program files\Microsoft WSE
2013-02-07 09:22:48 1714176 ----a-r- c:\windows\system32\drivers\athuw.sys
2013-02-07 09:22:27 1714176 ----a-r- c:\windows\system32\athuw.sys
2013-02-07 09:22:26 -------- d-----w- c:\windows\Options
2013-02-07 09:21:58 -------- d-----w- c:\documents and settings\all users\application data\TP-LINK
2013-02-07 09:08:24 81920 ----a-w- c:\windows\system32\ZDPN50.DLL
2013-02-07 09:08:24 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys
2013-02-07 09:08:24 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys
2013-02-07 09:08:24 28672 ----a-w- c:\windows\system32\InsDrvZD.dll
2013-02-07 09:08:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe
2013-02-07 09:08:24 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2013-02-07 09:08:24 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2013-02-07 09:08:24 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS
2013-02-07 09:08:24 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL
2013-02-07 09:08:13 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2013-02-07 09:08:12 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2013-02-07 09:05:37 0 ----a-w- c:\windows\ativpsrm.bin
2013-02-07 09:03:40 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2013-02-07 09:03:40 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-02-07 09:03:40 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2013-02-07 09:03:40 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2013-02-07 09:03:39 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2013-02-07 09:03:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2013-02-07 09:03:39 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2013-02-07 09:03:39 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2013-02-07 09:03:31 593920 ------w- c:\windows\system32\ati2sgag.exe
2013-02-07 09:02:55 -------- d-----w- c:\program files\ATI Technologies
2013-02-07 09:02:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-02-07 09:02:44 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-02-07 09:02:44 221184 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2013-02-07 09:02:44 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-02-07 09:02:43 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2013-02-07 09:02:19 -------- d-----w- C:\ATI
.
==================== Find3M ====================
.
.
============= FINISH: 0:18:05.23 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Napisano: 08 Feb 2013 12:59

Nisi instalirao Antivirus.

Instaliraj Avast free i pokreni opciju Boot time scan, odaberi sve drajvove i restartuj.



Dopuna: 08 Feb 2013 13:18

Obavezno da odradis update oba Windowsa.
Ova zakrpa je obavezna kod tebe

http://www.microsoft.com/en-us/download/details.aspx?id=3205

offline
  • Pridružio: 16 Okt 2007
  • Poruke: 68

Iskenirao sam ga i sve sto je nasao dao sam da odradi delete all! Istalirao sam update koji si mi rekao!
Dali sada mogu da ubacim USB flash? Na kome sigurno ima virusa.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Instaliraj program MCShield
http://amf.mycity.rs/mcshield/downloads.html

Nakon toga prikljuci USB flash i sacekaj da je program skenira.

Kopiraj izvestaj koji se nalazi na sledecoj lokaciji:

All programs > MCShield > logs > All Scans

offline
  • Pridružio: 16 Okt 2007
  • Poruke: 68

Evoga 3 USB flasha. Nasao je i avast i nesto je i on uradio.
mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Napisano: 08 Feb 2013 23:15

Sada je sve u redu. Otvori flesku i obrisi fajl autorun.inf.vir
Imas ga na dve fleske.

MCShield da instaliras na oba racunara. Da si ga imao ranije do svega ovoga nebi doslo.


Kako sada radi racunar?

Dopuna: 08 Feb 2013 23:21

Uverio si se koliko je mocan, sve je pobrisao i vratio je tvoje foldere koji su bili skriveni na Flash-u.
Izvanredan program.

Ko je trenutno na forumu
 

Ukupno su 1059 korisnika na forumu :: 37 registrovanih, 8 sakrivenih i 1014 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, AF-1, airsuba, amaterSRB, bojank, Chainsaw, comi_pfc, Dimitrise93, Dorcolac, draganca, draganl, HogarStrashni, hooraay, Karla, Krvava Devetka, Kvazar, ladro, Luka Blažević, Milometer, milos.cbr, Milos82, MilosKop, mocnijogurt, nemkea71, novator, Panter, Parker, pein, procesor, Shinobi, Sirius, Smd, Srle993, stegonosa, vathra, VP6919, |_MeD_|