Nije dobro

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 12 Jul 2012 0:51

Nisam skinuo Windows Update odprilike 40setak dana. a u među vremenu sam imao nekih virusa... malopre sam našao sa
Malwarebytes Anti-Malware virus koji nije mogao da izbrise i sa avastom sam morao da radim. Imam pes igricu nekad je otvori normalno a nekad dok se ne restartuje računar ne mogu da je pokrenem.
Kada mi se počelo to sa igricom desavati javik se. Ima tih jos problemčiča.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Vladan at 22:52:56 on 2012-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.422 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MCShield\MCShieldRTM.exe
F:\Bluetooth Exchange Folder\BTTray.exe
svchost.exe
F:\Bluetooth Exchange Folder\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vladan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = use:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe
uRun: [Google Update] "c:\documents and settings\vladan\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - f:\bluetooth exchange folder\BTTray.exe
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - f:\bluetooth exchange folder\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - f:\bluetooth exchange folder\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A9DA7AA-5954-410F-BA11-7CC00D0A2505} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.2 company.zynga.com
Hosts: 127.0.0.3 poker.zynga.com
Hosts: 127.0.0.4
Hosts: 127.0.0.5 zynga.com
Hosts: 127.0.0.6 apps.facebook.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://tv.sb.eurosport.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109989&tt=050412_30b&babsrc=KW_ss&mntrId=205cf23d0000000000000001295006e2&q=
FF - plugin: c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\vladan\application data\mozilla\firefox\profiles\oc38iv22.default\extensions\{7d2fb79e-e58c-4db5-a36f-ac1c73967f4d}\plugins\npqbc.dll
FF - plugin: c:\documents and settings\vladan\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 205cf23d0000000000000001295006e2
FF - user.js: extensions.BabylonToolbar_i.hardId - 205cf23d0000000000000001295006e2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15435
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:03:45
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2012-6-2 43936]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-1-21 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-1-21 43784]
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2011-6-1 73088]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-3 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-1 353688]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-1-21 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-1-21 185864]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2012-6-2 11264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-1 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-21 44808]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-1-27 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-1-27 8456]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\msi\live update 5\msibios32_100507.sys --> c:\program files\msi\live update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\msi\live update 5\ntiolib.sys --> c:\program files\msi\live update 5\NTIOLib.sys [?]
.
=============== Created Last 30 ================
.
2012-07-06 19:12:52 -------- dc----w- c:\documents and settings\all users\application data\Norton
2012-07-06 19:12:46 -------- dc----w- c:\documents and settings\all users\application data\NortonInstaller
2012-07-06 15:24:10 -------- dc----w- c:\program files\DivX
2012-07-06 15:21:47 -------- dc----w- c:\documents and settings\all users\application data\DivX
2012-07-05 17:43:16 -------- dc----w- c:\documents and settings\vladan\application data\GlarySoft
2012-07-05 17:43:14 -------- dc----w- c:\program files\Glary Utilities
2012-06-18 19:08:28 -------- dc----w- c:\program files\MSECache
2012-06-13 22:10:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 22:10:27 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-12 22:10:27 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-23 22:02:39 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 22:02:39 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 13:19:44 22040 -c--a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 -c--a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 -c--a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 -c--a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 -c----w- c:\windows\system32\html.iec
2012-05-10 20:50:28 5965312 -c--a-w- c:\windows\system32\vbsbak.dat
2012-05-04 13:12:30 2192640 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-16 20:08:18 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2012-04-16 20:08:18 472808 -c--a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:53:47,68 ===============





https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 12 Jul 2012 1:03


Zaboravih ovo kako da super utilites. uklonim da mi ne stoji tu kada sam ga izbrisao sa računara pomoću
Revo Uninstaller.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,šemahenry23.
Potrebno je da vidimo šta su Malwarebytes i avast detektovali.

Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter


i prikači uz poruku sve njegove izveštaje koje pronađeš u tom folderu.


Zatim idi na sledeću lokaciju:
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report
i sve izveštaje koje nađeš zapakuj u rar arhivu i prikači uz poruku.

NIx Car (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tvoji logovi su čisti što se malware-a tiče.

Preporučujem ti da odradiš sledeće:

Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preporučujem ti da odradiš sledeće: Šta bi trebao obrisati.
MCShield već koristim.
šta da uradpm sa ovim programom sa slike. super utilites. kako da gha uklonim a obrisao sam ga iz kontrolne table, ali je ostao taj dio koji sam vam prikazao na slici.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori novu temu u potforumu Windows. U ambulanti se bavimo iskljucivo problemima vezanim za maliciozne programe.

Pozdrav.