Jos nesto za proveru

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo mene sa drugog kompa gde ima nesto za srediti. Nikakve smetnje nisam primetio, programi za zastitu su mi rekli da ima nekih problema.

Skenirao sam prvo sa MBAM a AVG-ov Resident Shield se istovremeno oglasavao. Onda sam pustio i AVG.

Potrebni logovi su ispod.

Nemam Comodo Firewall, koristim Windows-ov.

MBAM
https://www.mycity.rs/must-login.png

AVG
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png

DDS
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by Nikola at 12:53:55 on 2011-07-16
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.383.119 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *Enabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\nMtsk.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nMTaskBarService] nMtsk.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:224
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{059D30B3-FADA-4C40-A901-D0EF11968FF1} : DHCPNameServer = 192.168.1.1
Handler: ipp - <Clsid value has no data>
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: msdaipp - <Clsid value has no data>
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dziu-dzica\application data\mozilla\firefox\profiles\4xotjyfy.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-1-22 24786]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2009-8-30 72478]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2009-1-22 45534]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-15 41272]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== File Associations ===============
.
ShellExec: SketchUp.exe: open=blank
.
=============== Created Last 30 ================
.
2063-09-19 05:50:50 5501 ----a-w- c:\windows\system32\rtclmg32.dll
2011-07-16 08:42:34 -------- d--h--w- C:\$AVG
2011-07-15 18:39:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 18:39:11 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-15 18:39:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:18:37 -------- d-----w- c:\documents and settings\dziu-dzica\application data\AVG10
2011-07-15 13:17:54 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-15 13:11:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-15 13:11:40 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-07-15 13:08:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 12:53:43 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-15 12:51:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-15 12:51:06 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-07-15 12:51:06 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-07-15 12:51:06 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-07-15 12:51:06 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-07-15 12:51:06 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-15 12:51:06 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-15 12:51:06 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-07-15 12:51:06 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-15 12:51:06 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-15 12:42:00 -------- d-----w- c:\program files\JDownloader
2011-07-15 12:40:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-15 12:40:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 12:35:45 -------- d-----w- c:\documents and settings\dziu-dzica\application data\BSplayer Pro
2011-07-15 12:35:45 -------- d-----w- c:\documents and settings\dziu-dzica\application data\BSplayer
2011-07-15 12:32:15 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-15 12:32:14 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-07-15 12:32:04 -------- d-----w- c:\windows\Logs
2011-07-15 12:31:46 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2011-07-15 12:31:45 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2011-07-15 12:30:46 -------- d-----w- c:\windows\RegisteredPackages
2011-07-15 12:29:37 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-07-15 12:29:37 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-07-15 12:29:37 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-07-15 12:29:37 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-07-15 12:29:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-07-15 12:29:35 59888 ------w- c:\windows\system32\pxwma.dll
2011-07-15 12:26:22 -------- d-----w- c:\program files\Glary Utilities
.
==================== Find3M ====================
.
.
============= FINISH: 12:54:37.96 ===============

https://www.mycity.rs/must-login.png

GMER
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 16 Jul 2011 17:48

Iskljuci System Restore, restartuj pa ponovo ukljuci SR.

Odradi update Malwarebytes-a, pusti Quick scan i postavi mi log koji dobijes.

Dopuna: 16 Jul 2011 18:56

Kole pronadji i posalji mi ovaj fajl na proveru

c:\windows\system32\rtclmg32.dll

Preko ovog linka http://www.mycity.rs/ambulanta-upload.php

I obavesti me kad to uradis.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Okacio sam dll.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7162

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/16/2011 7:15:38 PM
mbam-log-2011-07-16 (19-15-3.txt

Scan type: Quick scan
Objects scanned: 196199
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kole, da li je sada sve u redu, onaj fajl je cist ako te zanima.

Jos uvek si na SP2, znaci potrebno je da azuriras windows na SP3
Takodje i AVG i gomilu programa, Adobe, Java...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:da li je sada sve u redu
Nije sve u redu. Firefox mi kaslje kod flash filmova. Juce sam azurirao Flash Player. Koce se filmovi dosta i nece da pravilno pusti film preko celog ekrana vec umesto slike prikazuje beo ekran. Zauzece procesora ode na 100%. Problematicni proces je FF-ov plugin_container.exe.
Problemu nije mesto ovde?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deinstaliraj taj plugin pa javi stanje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 16 Jul 2011 21:52

Logicno, trazi plugin da bi mogao da pustim klip.

U pitanju je verzija flash playera. Stariji je komp. Verzija 9 radi.

Dopuna: 16 Jul 2011 22:02

Prerano sam ovo napisao. Ovaj mi se crashuje i tesko napustam full screen (barem mogu da udjem). Otvoricu novu temu tamo gde treba.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Znaci mozemo da zatvorimo slucaj.