Moguc virus

Moguc virus

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 759
  • Gde živiš: Cacak

Do juce je racunar radio normalno ali kad sam ga jutros upalio haos. Neradi jdownloader,neradi nero, nemogu da otvorim pdf dokumenta, nece da otvori mozilu i ko zna sta jos pa mislim da je virus i molo bih da ga proverite. Pokusavao sam sa reinstaliranjem programa ali nijedan nemogu da instaliram.Koristim telekom ADSL a AVG nista ne prijavljuje o zarazama.


DDS (Ver_11-03-05.01) - NTFSx86
Run by Juca at 14:48:14,87 on Wed 04/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1170 [GMT 2:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Wally\Wally.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Documents and Settings\Juca\Local Settings\Application Data\vghd\bin\VirtuaGirl_Downloader.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Internet Lock\ILSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Juca\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO: GigaSize Toolbar: {89de49c7-e350-4c8e-885b-a41f859b93c4} - c:\program files\gigasizetb\gigasizeDx.dll
BHO: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {E9FAB13D-4600-49E1-90D1-EE961C859D39} - No File
TB: GigaSize Toolbar: {89de49c7-e350-4c8e-885b-a41f859b93c4} - c:\program files\gigasizetb\gigasizeDx.dll
TB: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
TB: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
uRun: [VisualTaskTips] c:\program files\visualtasktips\VisualTaskTips.exe
uRun: [µTorrent] "c:\documents and settings\juca\desktop\utorrent.exe"
uRun: [Wally] c:\program files\wally\Wally.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRun: [360desktop]
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PCTVRemote] c:\program files\pinnacle\pctv stereo\remote\Remoterm.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GEST] "c:\program files\gigabyte\gest\run.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [3200 Scan2PC] "c:\windows\twain_32\samsung\scx3200\Scan2pc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\deskto~1.lnk - c:\documents and settings\juca\local settings\application data\vghd\bin\vghd.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\juca\applic~1\mozilla\firefox\profiles\mfgjnbjj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b7d4962&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\mfgjnbjj.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-3-14 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-18 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-18 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-18 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-25 234888]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-21 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [2008-12-17 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2008-12-17 139264]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2009-2-18 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-14 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-3-14 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-3-14 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-3-14 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\gsvr.exe [2009-2-18 55816]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2011-4-20 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2009-2-18 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-17 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-14 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-14 30104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-23 30192]
.
=============== Created Last 30 ================
.
2011-04-20 12:19:52 -------- d-----w- c:\program files\facemoods.com
2011-04-20 12:19:14 -------- d-----w- c:\program files\JDownloader
2011-04-20 10:58:06 -------- d-----w- c:\windows\Nero Micro 9.2.6
2011-04-20 09:44:41 -------- d-----w- c:\windows\SxsCaPendDel
2011-04-20 08:57:34 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-20 08:57:25 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-20 08:57:16 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-04-19 15:22:28 -------- d-sh--w- C:\ProgramData
2011-04-19 15:22:24 -------- d-----w- c:\program files\Eraidea Software
2011-04-16 12:53:19 -------- d-----w- c:\docume~1\juca\locals~1\applic~1\Unity
2011-04-15 13:45:51 -------- d-----w- c:\program files\SuperMp3Download
2011-04-09 08:23:05 -------- d-----w- c:\docume~1\juca\applic~1\Vogat Interactive
2011-04-08 08:08:25 -------- d-----w- c:\docume~1\juca\applic~1\Artogon
2011-04-05 15:17:21 -------- d-----w- c:\program files\CCleaner
2011-04-05 05:55:46 -------- d-----w- c:\docume~1\juca\applic~1\Registry Mechanic
2011-03-31 21:32:18 -------- d-----w- c:\docume~1\juca\applic~1\TOMI3
2011-03-26 06:48:31 -------- d-----w- c:\program files\common files\Borland Shared
.
==================== Find3M ====================
.
2011-04-20 12:24:39 7 ----a-w- c:\windows\treeskp.sys
2011-04-20 12:24:39 7 ----a-w- c:\windows\sbacknt.bin
2011-04-20 11:35:40 16608 ----a-w- c:\windows\gdrv.sys
2011-03-08 09:14:19 152904 ------w- c:\windows\system32\vghd.scr
2011-02-02 20:40:23 472808 ------w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19:39 73728 ------w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 14:49:15,51 ===============

https://www.mycity.rs/must-login.png

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16486

Pozdrav,

Neophodno je da ispratiš uputstvo i postaviš GMER logove (korak 3 u uputstvu).

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 759
  • Gde živiš: Cacak

Gmer skenira sat ipo i kolko ja vidim samo se vrti u krug anezavrsava pa evo izvestaja od root repeala:
https://www.mycity.rs/must-login.png

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16486

Arrow

Preporučujem ti da deinstaliraš sve programe koje ne koristiš, kao što su različiti toolbarovi i drugo.


Arrow

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 759
  • Gde živiš: Cacak

Napisano: 21 Apr 2011 9:40

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzija baze: 6411

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/21/2011 9:35:56
mbam-log-2011-04-21 (09-35-56).txt

Način skeniranja: Brzo skeniranje
Skeniranih objekata 168311
Proteklo vreme 15 minuta(e), 16 sekundi

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani ključevi u registru:
(Maliciozne stavke nisu pronađene)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronađene)

Inficirani podaci u registru:
(Maliciozne stavke nisu pronađene)

Inficirane fascikle:
(Maliciozne stavke nisu pronađene)

Inficirane datoteke:
(Maliciozne stavke nisu pronađene)

Dopuna: 21 Apr 2011 9:41

U medjuvremenu sam pokrenuo i opciju kompletnog skeniranja i vec su se pojavila 2 inficirana objekta, tako da cu po zavrsenom skeniranju poslati izvestaj

Dopuna: 21 Apr 2011 15:35

Evo izvestaja kompletnog skeniranja po kome je nasao 153 inficirana objekta:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzija baze: 6411

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/21/2011 14:54:22
mbam-log-2011-04-21 (14-54-22).txt

Način skeniranja: Kompletno skeniranje (C:\|D:\|E:\|H:\|J:\Smajli
Skeniranih objekata 521723
Proteklo vreme 5 sat(i), 7 minuta(e), 53 sekundi

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 1
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 155

Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Backdoor) -> Quarantined and deleted successfully.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronađene)

Inficirani podaci u registru:
(Maliciozne stavke nisu pronađene)

Inficirane fascikle:
(Maliciozne stavke nisu pronađene)

Inficirane datoteke:
c:\system volume information\_restore{5c051867-87f6-4126-ade2-ed7cdb7d7ef2}\RP374\A0042721.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5c051867-87f6-4126-ade2-ed7cdb7d7ef2}\RP348\A0040440.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5c051867-87f6-4126-ade2-ed7cdb7d7ef2}\RP349\A0040546.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\my documents\malwarebytesportable\malwarebytesportable.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\alarm master plus v. 5.02\10000001400002i\NOTEPAD.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\alarm master plus v. 5.02\1000000500002i\hh.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\imageconverter plus 7.1\40000018000002i\icp.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\ipixsoft flash slideshow creator (1.8.3.1)\1000000500002i\RegSvr32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\ipixsoft flash slideshow creator (1.8.3.1)\300000003400002i\dwwin.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\ipixsoft flash slideshow creator (1.8.3.1)\400000f00003i\meclearer.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\ipixsoft flash slideshow creator (1.8.3.1)\4ad000006100003i\cmd.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\superfrog\4000002700002i\superfrog.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\superfrog\4000002ba200002i\run.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\superfrog\4ad000006100003i\cmd.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\cool music converter v7.4.3.66\4000002b700002i\ac.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\avs4you software navigator 1.3\300000003400002i\dwwin.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\blood ties\40000047800002i\bloodties.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\application data\thinstall\twistedbrush pro studio\1000000094b00002i\tbrush.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\10fe8372a03dcd517be12f7bfac6e15f2ceb2\splash screen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\13d22b3fd97fcc84f9c5cbe67445f34516e70da\webcammax.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\159aeac092ea3f9667aa902d87e5cf78b37bc620\DE~I9I75.SCR (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\19617042b66abbc93c007d414cbe053a61aff\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\1ee47dc718de30d5d58fa8b977e18f71b44b6d22\frekans7.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\204993219b45231815b8888e6421be13cd79c21\THBTPC.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\20e16feab74329ccdeffbd5cd235dc5b6d361aa\ferrarivr_low.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\2827e6bf11afcd4efd1d9201dc9cc7ac731d8c0\lemonade2.rwg (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\3cce1d66bd82e4ec25c524dbd92fbc1e815e5de4\uruninstaller.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\42c142e4766e1dc2fddb36a0ff77f6741e426\obulis.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\4834eac556ed55b123e2598eaba8d4de59ae684\hh.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\4b39c78133a6a1442af6dc6d84292803cb9be95\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\4ba17ca7aebc89046e8e2f3e915a3e8046f12f\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\5ac9c98324bab83fa2edf7e9bb56eeb6d38efee6\supermp3download-4.5.6.2.setup[1].exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\64b87a7fcd5a1c9dc8915e6e56dc9d66b579\RAW_003.wdt (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\68382253aeb319f2113e07495ccdd3e5e8d8033\Mariposa.RWG (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\695dd2415a67314f1d55644dfaa0ff66d43a995a\RAW_003.wdt (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\c67e0f3edec765197d6f3a4369fb9dc1b01498\supermp3download.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\d16aaa6e5ed02d78646a70c020abb51034eea4df\fvr_setup.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\d6306d76aefe6dde3db6da5966339937fcd07fa\lightdriver2.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\dbb6d1566997629af094d3c355b417a1f7ca6ca9\videoavatar.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\dc4850b0ab18ff87b2902425f98d9419ddad1bd\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\e69631d8b33f294242c12a65d89fb0e76dc85eed\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\eee691b58c23145652d66243f25873d76aeb818\autoupdater.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\78c8ed612063f168fb9c46c7a45f79fa3c23667\MakeUp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\809b81756ff879c56a3e94a947c243b98bb2f430\splash screen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\80d0d9434beccd303444503a4dd48b5de28056de\premodulateimage.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\86188f9d2b6644f04d9873b43942db187b627\hawaiian explorer pearl harbor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\8cfb24704315ed2cabe0944b54c5fa589e34629a\Portals.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\987529e0cdbc132e94dd41abc19794437f954492\ss3dfish.EXE (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\98c79a047bc322483d87229d4178bf24439427\mencoder.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\9d61e8c7f1f08186e0cbcc76b2e8e6f2c2df096\Pipeline.RWG (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\9ea8cad31a47e7f8512e227cccb212207edee81e\oggdec.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\b7e1611c5af4c2ba62382a610ed44fa73a09d51\Bingwood.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\b825c059b75c81a43d428a28d23037b3975e47c0\ferrarivr.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\29c93fff3bcc3df22c7e105b5869e17fc1e51a\regsvr32.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\3b22c444c4f958e9b554314ce4c34e2f2d49d2e\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\6baf57838ce3a0cda89788d8636d3d62e72eb8a0\acrord32info.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\b8db7984a0d7304b94ff5eeb5204b516c06786\light&shadow.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f49923fda0c23ed6dd8cbba875b0b9ac9de9bd31\Feelers.RWG (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\2f464080d362f556edb834bf8aa1cfeb2bc177e\icon constructor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\3202ccaf4b0758fee8eb4e7358d9a9eab829a59\wot_tangram.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\34428e4199eda57872aaa6a595b45e49d912bc34\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\34869bbad3b6c5dba2bcfca575f84e6ba12cbdd\cymo120.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\3798eba84b0d4ec57fafad3f28eaf23e934ec7a\pharaohs_secret.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\39af7f614412a0ff415ec9e12fa96c6f84d04c\ez-dj plus.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f5a5373d45eb65ce6788782121e8d5958c48ca\winpatrolex.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f5d20b64116ec029a7aff1ee95e9a287d8beb3\RAW_001.dat (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f650bd8a87a5a8db590d7699f6737d58f621cc\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f73427be86bec64ec5bc7688b1c872f85f4fb2b9\toolbarbroker.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f86bbc265d71a42fcbb344f6fb4fefbcf1d1\nandasisland.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\f92076475f875c918cf7edd7c327ecc0ba1223\splash screen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\Juca\local settings\application data\thinstall\Cache\Stubs\fe251e6813307e07e8c782c7c75822271b2313c\RAW_003.wdt (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\instalacije\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
d:\instalacije\najbolji besplatni multimedijski programi\best free audio editor-audacity 1.2.6\audacity v1.2.6 portable\Audacity.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\dvd obrada\tmpgenc dvd author 3 with divx authoring v3.1.1.174 retail\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\Slike\sklrinsejveri\3D Fish\3d fish school 4.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\Slike\sklrinsejveri\3d.fish.school.screensaver.v3.92\3d fish school 3.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\tutorijali\windows 7 activador.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
d:\tutorijali\windows activation pack\windows xp\X86\AntiWPA.Dll (PUP.Wpakill) -> Not selected for removal.
d:\tutorijali\tutorijali 1\xp simulation\Tutorial.exe (Trojan.Keylogger) -> Quarantined and deleted successfully.
d:\ZEZ\stress reducer.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
d:\ZEZ\Beer.exe (Application.Joke) -> Quarantined and deleted successfully.
d:\nova mapa\igrice\Pipeline.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\nova mapa\igrice\stressreducers2005.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
d:\nova mapa\igrice\thinstall\superfrog\400000200002i\runhiddenconsole.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\nova mapa\igrice\thinstall\superfrog\4000002e00003i\pskill.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\nova mapa\igrice\thinstall\superfrog\4ad000006100003i\cmd.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\portabl igrice\zodiac tower.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\portabl programi\portable video avatar v3.0.0.94.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\magic photo editor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\-by rain_drop-baby-diary-2.5.550\baby diary.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\5 program cover design portable\imandix cover professional 0.9.2.1\CoverPro.exe (Trojan.Backdoor) -> Delete on reboot.
d:\portabl programi\5-Icon-maker-program-portable\icon commander 1.10\icon commander.exe (Trojan.Backdoor) -> Delete on reboot.
d:\portabl programi\Paint\e-Paint.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\paragon partition manager professional 9.5 build 8622\Data\Virtual\STUBEXE\@programfiles@\paragon software\partition manager 9.5 professional\program\explauncher.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\paragon partition manager professional 9.5 build 8622\Data\Virtual\STUBEXE\@programfiles@\paragon software\partition manager 9.5 professional\program\launcher.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\polyglot 3000 (version 3.40)\polyglot 3000.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\4easysoft mkv converter 3.2.20 eng\4easysoft mkv converter.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\joboshare_mov_converter_2.7.1.0426_portable_by_lp\Stubs\273b333c512ac38b4d214bc644e462f470ea17\ctt.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\magic video converter 8.0.10.28\magic video converter.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\mkv_converter_studio_2_0_1_portable_by_lp\Stubs\5c14405af41aeaf18393febd798ebb25bc96aa6\apowersoftac.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\mkv_converter_studio_2_0_1_portable_by_lp\Stubs\ade71d2dc75a1ac6633ed469fb43ab79bffa4f1\apowersoftplayer.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\mkv_converter_studio_2_0_1_portable_by_lp\Stubs\ebecae5249998d2bc83728e8a12bd1607fb8791a\mkv-converter-studio.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\mkv_converter_studio_2_0_1_portable_by_lp\Stubs\f245d1cc8647c8e2cb4caf637ff2a2639446ec8d\mediainfo.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\wondershare video converter platinum v4.2.0.62\videoconverter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\wondershare video converter platinum v4.2.0.62\Data\Native\STUBEXE\@documents@\download.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\wondershare video converter platinum v4.2.0.62\Data\Native\STUBEXE\@SYSTEM@\drwtsn32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\wondershare video converter platinum v4.2.0.62\Data\Native\STUBEXE\@SYSTEM@\dwwin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\wondershare video converter platinum v4.2.0.62\Data\Virtual\STUBEXE\@programfiles@\wondershare\video converter platinum\Update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\video konverteri\wondershare video converter platinum v4.2.0.62\Data\Virtual\STUBEXE\@programfiles@\wondershare\video converter platinum\videoconverter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable_aleo_photo_collage_maker_v1.6\portable_aleo_photo_collage_maker_v1.6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable_imindmap_3\imindmap_by_pp\Virtual\STUBEXE\@programfiles@\buzan online\buzan's imindmap v3\buzan's imindmap.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable_inspiration_8\inspiration_8_by_pp\Native\STUBEXE\@SYSTEM@\drwtsn32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable_inspiration_8\inspiration_8_by_pp\Native\STUBEXE\@SYSTEM@\dwwin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable_inspiration_8\inspiration_8_by_pp\Virtual\STUBEXE\@programfiles@\inspiration 8\Insp8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\mos.2010.portable\office 2010 - portable\Stubs\176ae9d14a4d664dfa9eb72b8d7f837a956dc2a7\offlb.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\mos.2010.portable\office 2010 - portable\Stubs\3e88a070d68e65dfc859c55c57a9be3fb608467\Setup.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\mos.2010.portable\office 2010 - portable\Stubs\924add65dbd770cb776225fb45cea09e78d27dfe\ctfmon.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\mos.2010.portable\office 2010 - portable\Stubs\a8d0ae5f1794789ae0c7916392306721b4bfc420\OSPPSVC.EXE (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\hulu downloader 2.3.9.3 portable by lp\Stubs\3fe45726d63348e4d53dce27dff018ebf7b3c1\hh.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\winimage_8.50_portable\Patch\KeyGen.exe (Malware.Gen) -> Quarantined and deleted successfully.
d:\portabl programi\zonealarm with antivirus 9.1.008.000 + keygen-zwt\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\portabl programi\anvsoft photo flash maker pro v5.15 portable\portable anvsoft photo flash maker pro v5.15.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\anybizsoft pdf converter (build 2.0.0)\Stubs\2089dff71e1276172447f4c6917923fa3d6b7b\acrord32info.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\anybizsoft pdf converter (build 2.0.0)\Stubs\9ff9bd72814da6fcd9bd488a2c548772b47bb7eb\RegSvr32.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\anybizsoft pdf converter (build 2.0.0)\Stubs\f2117522333cc2e035e274273771eb149d3bd7\FireBird.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\kmk a4deskpro flash website builder 1.28\a4deskpro.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\convert pdf to word\portable tipard pdf to word converter v3.0.12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\coollector_movie_database_2.99.7_portable\Tmp\coollectorupdater.exe (Adware.BHO) -> Quarantined and deleted successfully.
d:\portabl programi\crckdownloader\(zabranjeno)down.exe ((zabranjeno)Tool.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable avs dvd authoring 1.3.3.46\Stubs\688032fa7853f7582f55d83ac3cf56179a4a1f6\BsSndRpt.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\portable icon constructor 3.54\portable icon constructor 3.54.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable microsoft office enterprise 2007 win 7 compatible by birungueta\ms office excel 2007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable microsoft office enterprise 2007 win 7 compatible by birungueta\ms office powerpoint 2007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable microsoft office enterprise 2007 win 7 compatible by birungueta\ms office word 2007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\visualroute_2010_pro_14.0c.4551_portable_by_lp\Stubs\ab9ad8fa1b2eb91d757651b6ef8026d7719381f\visualroute.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\tubehunter 9.7\thinstall\tubehunter\1000000500002i\regsvr32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\portabl programi\tubehunter 9.7\thinstall\tubehunter\1000000700002i\regsvr32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\portabl programi\tubehunter 9.7\thinstall\tubehunter\400000700002i\FCSplash.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\portabl programi\image konvertori\imageconverterplus\Stubs\861f10f8a3a96f8f7791dceaf3de97c883b217\icp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\portable pdf studio pro v6.50 by birungueta\portable pdf studio pro v6.50.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\portable pearlmountain photoframemaster v1.1.1.1 by birungueta\portable pearlmountain photoframemaster v1.1.1.1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\audio editori\power_audio_editor_7.4.3.155_portable_by_lp\power audio editor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\audio editori\power_audio_editor_7.4.3.155_portable_by_lp\Stubs\43e2131cdb813495adac068c074b92bf149d\ae.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\audio konvertori\cool.music.converter.v7.4.3.66.portable\cool music converter.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
d:\portabl programi\realplayer.sp.plus.12.0.0.756&dfx.9.300.portable.by_zulkani\Keymaker.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\portabl programi\nero 9 ultra\Keymaker.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
d:\portabl programi\dvd slideshow builder 4.5.1.1\portablevv07.ucoz.ru\Stubs\933e725925d38a47ddb46d2bd3a0e1dcd1745738\DxInfo.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\dvd slideshow builder 4.5.1.1\portablevv07.ucoz.ru\Stubs\e57adbb21aedafba27cd37346b8124129584f33\ws_burn.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portabl programi\teleport ultra\ultra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\portabl programi\teleport ultra\Data\Virtual\STUBEXE\@programfiles@\teleport ultra\ultra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
h:\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
h:\system volume information\_restore{5c051867-87f6-4126-ade2-ed7cdb7d7ef2}\RP353\A0040869.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
h:\system volume information\_restore{5c051867-87f6-4126-ade2-ed7cdb7d7ef2}\RP353\A0040870.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
h:\system volume information\_restore{5c051867-87f6-4126-ade2-ed7cdb7d7ef2}\RP355\A0041140.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16486

Pozdrav,

Arrow Na računaru nemaš aktivnog malware-a.

Kakvo je sada stanje sa računarom?

Arrow Ako i dalje budeš imao problema, preporučujem ti da otvoriš temu u Windows potforumu.

Takođe ti preporučujem da instaliraš Service Pack 3 za Windows XP. Na taj način ćeš ažurirati operativni sistem i zakrpiti odgovarajuće bezbednosne propuste na računaru. Prednosti su brojne, u odnosu na Service Pack 2, koji trenutno poseduješ.

**** Ukoliko se odlučis na ovaj korak (instaliranje SP3), preporučujem da prethodno uradiš backup svih bitnih podataka.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 759
  • Gde živiš: Cacak

Napisano: 22 Apr 2011 9:20

Posle ciscenja sa malvarebytes-om racunar je radio isto a nakon mozda par sati AVG mi je prijavio dve zaraze na d:\ Volume System Information\_restore .........koje sam premestio u karantin. Inace sve je isto, radi toliko usporeno da [po dva tri minuta nemoze da otvori gogle krome. Mozilu koju sam do sada koristio nece uopste da otvori, PDF dokumenta neotvara, Sistem restore ne moze da se vrati ni na jednu tacku posle 20-tog niti na predhodni mesec, neradi nero 9 (daje neku poruku o gresci u dll) i ko zna sta jos neradi .Molim te reci mi ako znas kako pomocu instalacionog diska da repariram windows a da ga ne reinstaliram. Jednom mi se nesto ovako slicno desilo i uspeo sam da ga repariram ali sam zaboravio postupak.

Dopuna: 22 Apr 2011 9:25

tacija ::Posle ciscenja sa malvarebytes-om racunar je radio isto a nakon mozda par sati AVG mi je prijavio dve zaraze na d:\ Volume System Information\_restore .........koje sam premestio u karantin. Inace sve je isto, radi toliko usporeno da [po dva tri minuta nemoze da otvori gogle krome. Mozilu koju sam do sada koristio nece uopste da otvori, PDF dokumenta neotvara, Sistem restore ne moze da se vrati ni na jednu tacku posle 20-tog niti na predhodni mesec, neradi nero 9 (daje neku poruku o gresci u dll) i ko zna sta jos neradi .Molim te reci mi ako znas kako pomocu instalacionog diska da repariram windows a da ga ne reinstaliram. Jednom mi se nesto ovako slicno desilo i uspeo sam da ga repariram ali sam zaboravio postupak.
Zaboravio sam da ti kazem da mi se cini da je sve pocelo kada sam pokusao da ocistim memoriju sa OneClickCleaner programom pa mi se cini da je to uzrok GUZ - Glavom U Zid

offline
  • Fil  Male
  • Legendarni građanin
  • Pridružio: 11 Jun 2009
  • Poruke: 16486

Pozdrav,

Kako na računaru nemaš aktivnog malware-a, preporučujem da otvoriš temu u Windows potforumu. Tu ti možemo pomoći i oko reparacije operativnog sistema (ako se odlučiš za taj korak). Ovde ne možemo voditi diskusiju takve vrste jer je ovo deo foruma koji se bavi dijagnostikom i uklanjanjem malware-a.

Preventivno, isključi i ponovo uključi Sistem Restore po ovom uputstvu:
http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


AMF Tim

Ko je trenutno na forumu
 

Ukupno su 445 korisnika na forumu :: 7 registrovanih, 1 sakriven i 437 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, cikadeda, dragoljub11987, gorantrojka, havoc995, VJ, wolverined4