Možda tražite i:
Malwarebytes Anti-Malware VS MCShield
IOBit krade MalwareBytes'-ove definicije malware-a

MyCity » Ambulanta -> Arhiva Ambulante » Problem s Malwar-om...

Problem s Malwar-om...

Napisano na dan: 10.12.2010

Problem s Malwar-om...

Sledeća strana

Pagination

Odgovori

negas Poslao: 11 Dec 2010 02:20 Idi na vrh
offline negas Građanin Pridružio: 10 Dec 2009 Poruke: 46 Gde živiš: Od Nisa 150km, BG 300km, Kg 250km...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 10 Dec 2010 4:08 CW1 i CW6 jer su to neki virusi? Ja sam ovo sa loga gore AVG-a uklanjao preko TC, i jos nekih programa! Ovo cw1, cw6 i nekih 10 programa koji su imali ovakav naziv, nesto bhkgk.exe, pa bsdie.exe. tako neke gluposto 10 komada, ukonih sa TCpmanderom ono kad se vide skriveni fajlovi. Nista nije kocilo pri radu, sem sto se pojavljivao neki cudan zvuk ono bezveze kad se radi i onaj zvuk kao da se otvaraju foderi, i nista vise! Ali evo logova sa procedure ovog foruma, da vidite da li je jos nesto ostalo: U pitanj je 32 bitni WIN kod mene! Prvo DDS: DDS (Ver_10-12-05.01) - NTFSx86 Run by Korisnik at 23:55:02,92 on cet 12/09/2010 Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1075 [GMT 1:00] AV: AVG Anti-Virus 2011 On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.microsoft.com udefault_page_url = hxxp://www.microsoft.com uWindow Title = Microsoft Internet Explorer mDefault_Page_URL = hxxp://www.microsoft.com mStart Page = hxxp://www.microsoft.com mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = *.local mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [DrvIcon] c:\windows\7sp_files\drive icon\DrvIcon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279208048328 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279208792609 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\dji7eshf.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\dji7eshf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984] R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 BBDemon;Backbone Service;d:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-4-16 38144] R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\pc auto shutdown\ShutdownService.exe [2010-10-29 461928] R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-12-4 30152] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] R3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2010-4-16 332928] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176] S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-16 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-16 8456] S3 SliceDisk5;SliceDisk5; [x] =============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ ==================== Find3M ==================== 2099-08-15 07:36:33 315392 ----a-w- c:\windows\HideWin.exe 2010-11-21 21:36:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-21 21:36:14 348160 ----a-w- c:\windows\system32\msvcr71.dll 2008-03-09 05:25:10 236 ---ha-w- c:\program files\common files\dx.reg ============= FINISH: 23:55:45,40 =============== mycity.rs/must-login.png Sada drugi program GMER: Imate Log 1, 2, 3! mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Treci program: Odradicu danas-to ostajem duzan!!! Pa posle Vi kazite... Dopuna: 11 Dec 2010 2:20 Treci program koji sam ostao duzan, ne mogu pokrenuti, tj kada krene da skenira javi mi se ovo obavestenje (plavi ekran): Проблем је био откривен и прозори је затворена за спречавање штета од овог рачунара! Процес или нит од кључног значаја за систем рада неочекивано је завршио или није окончан. Ако је ово први пут да сте видели ову грешку заустављања екрана, поново покрените рачунар. Ако се овај екран се појави поново, следите ове кораке: Проверите да ли било који нови хардвер и софтвер правилно инсталиран. Ако је ово нове инсталације, питајте хардвер или софтвер произвођача за све допуне за Виндовс можда ће бити потребно. Ако се проблем настави, онемогућите или уклоните све ново инсталираног хардвера софтвера. Онемогући меморије БИОС опције као што је кеширање или сенчење. Ако морате да користите безбедном режиму да уклоне или онемогућите компоненте. поново покрените рачунар, притисните тастер Ф8 да бисте изаберите Адванцед Стартуп Оптионс, а затим изаберите Сафе Мод. A problem has been detected and windows has been shut down to prevent damage of this computer! A process or thread crucial to sistem operation has unexpectedly exited or been terminated. If thsi is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps: Check to make sure any new hardware and software is properly installed. If this a new installation, ask your hardware or software manufacturer for any windows updates you might need. If problem continue, disable or remove any newly installed hardware of software. Disable Bios memory options such as caching or shadowing. If you need to Use safe mode to remove or disable components. restart your computer, press F8 to select Advanced startup options, and then select safe mod. Nece dakle da ga prihvati moji WIN, a proverih da je 32 bitni!

Profil

diarno Poslao: 11 Dec 2010 11:32 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

negas Poslao: 11 Dec 2010 22:09 Idi na vrh
offline negas Građanin Pridružio: 10 Dec 2009 Poruke: 46 Gde živiš: Od Nisa 150km, BG 300km, Kg 250km...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo izvestaja, samo da kazem da sam morao da deinstaliram AVG 2011, pa tek onda je program mogao da skenira comp, pored onog totalnog iskljucenja, pa evo rezultata, javite ako treba jos nesto da radim: ComboFix 10-12-11.01 - Korisnik 12/11/2010 21:50:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT 1:00] Running from: d:\my documents\Downloads\ComboFix.exe AV: AVG Anti-Virus 2011 On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\PRAVOS~1\PRAVos~1.exe c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-21 21:36 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-21 21:36 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-09 21:20 . 2010-11-09 21:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2008-03-09 05:25 . 2010-04-09 00:19 236 ---ha-w- c:\program files\Common Files\dx.reg . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"= "c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"= "d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"= "d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

Profil

diarno Poslao: 11 Dec 2010 22:24 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log nije kompletan. Ako ne moze da stane ceo okaci ga preko opcije prikaci fajl.

Profil

negas Poslao: 12 Dec 2010 01:27 Idi na vrh
offline negas Građanin Pridružio: 10 Dec 2009 Poruke: 46 Gde živiš: Od Nisa 150km, BG 300km, Kg 250km...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Dec 2010 22:29 Izvinjavam se moja greska Evo celog: ComboFix 10-12-11.01 - Korisnik 12/11/2010 21:50:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1554 [GMT 1:00] Running from: d:\my documents\Downloads\ComboFix.exe AV: AVG Anti-Virus 2011 On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\PRAVOS~1\PRAVos~1.exe c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-21 21:36 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-21 21:36 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-09 21:20 . 2010-11-09 21:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2008-03-09 05:25 . 2010-04-09 00:19 236 ---ha-w- c:\program files\Common Files\dx.reg . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvIcon"="c:\windows\7SP_Files\Drive Icon\DrvIcon.exe" [2008-04-13 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk \0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"= "c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"= "d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"= "d:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\MartView\\IeEmbed.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/13/2010 9:36 PM 685816] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 299984] R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [7/11/2003 2:22 PM 14912] R2 BBDemon;Backbone Service;d:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [9/6/2005 9:11 PM 35840] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [4/16/2010 10:59 AM 38144] R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [10/29/2010 2:23 AM 461928] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/4/2010 3:38 AM 30152] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:42 PM 136176] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4/16/2010 9:37 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4/16/2010 9:37 PM 8456] S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [4/16/2010 10:57 AM 332928] S3 SliceDisk5;SliceDisk5; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:42] 2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:42] 2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1647877149-839522115-1003Core.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 20:44] 2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1647877149-839522115-1003UA.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 20:44] 2010-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1647877149-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33] 2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1647877149-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.microsoft.com mStart Page = hxxp://www.microsoft.com mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = .local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\dji7eshf.default\ FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\dji7eshf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - e:\hbcd\wintools\HijackThis.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-11 21:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System] "OODEFRAG12.00.00.01PROFESSIONAL"= ... --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2764) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG10\avgrsx.exe c:\windows\system32\nvsvc32.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\Raxco\PerfectDisk\PDEngine.exe c:\windows\system32\wscntfy.exe c:\program files\Raxco\PerfectDisk\PDAgentS1.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe . ************************************************************************* . Completion time: 2010-12-11 22:01:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-11 21:01 Pre-Run: 5.349.470.208 bytes free Post-Run: 5.267.374.080 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 73541A9CCB4AB86FE147BD087198030C Dopuna: 11 Dec 2010 22:34 U logu stoji da radi AVG, a ja ga deinstalirao Dopuna: 12 Dec 2010 1:27 Obrisao sam AVG bio je ostao u Program Files, ne znam kako a radio je u task Manageru...Dok je radio radio sam skeniranje s Combo Fix-om!

Profil

diarno Poslao: 12 Dec 2010 17:20 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje racunara...? Sto se tice AV-a sredicemo

Profil

negas Poslao: 13 Dec 2010 01:20 Idi na vrh
offline negas Građanin Pridružio: 10 Dec 2009 Poruke: 46 Gde živiš: Od Nisa 150km, BG 300km, Kg 250km...	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Napisano: 13 Dec 2010 1:15 Obrisai sam ja AV ono sto je moglu u TComanderu, a neki fajlovi nisu hteli! Pa sam butovao sa miniXP i obrisao sve osatlo! Inace, sa racunarom je OK, mada mi je pre dizao sistem sa 6 vozica, sada mu treba 10! Ne znam mozda mi je vratio ona difolt podesaavanja po registriju, jer sam mu radio ono friziranje, prebacivanje onih brojeva iz 0 u 1 i tako, da bi se brze dizao, a na listi podizanja, ne dize neki program pride, pa da znam zasto je produzio to dizanje sistema, mnada nije strasno, to je to! Jeino neka pri radu, al to ima vise od godinu dana, nekad zacrni se ekran, ono 2-3 sec, i to prodje i nastavi da radi bez problema! Mislimda to nema veze s virusima! Sad mali OFF, kako se brisu datoteke iz kante u miniXP-u, tj koji je folder tamo kanta recaycle bin, jer recaycler? Nekad na desktopu, mi u ikonici za kantu stoji kao da imam neki fajl unutra, a unutra ja sve pobrisah, pa reko daubijem sve u njoj Dopuna: 13 Dec 2010 1:20 Inace ne koristim AV to me nervira, ne znam zasto, ma nikad mi se nista ne desava, sem sada sa Malvarom, ali se nadam da sam ih pobio do sada, a kod Vas je uzorak sada na analizu!!! Samo ako posumnjam na nesto, ja instaliram AV, to ubijem ako je sumnjivo i teraj...

Profil

diarno Poslao: 13 Dec 2010 10:33 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro sad, necu ja da ti pametujem, al bolje spreciti nego leciti Da zove se recycler, a imena fajlova su tipa dc1,dc2 i sl. I nema potrebe da zbog toga dizes minixp i sl ilegalne tvorevine, kad ccleaner ima opciju empty recycle bin. No, to bi bilo to Uradi jos ovo : Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Pozzz

Profil

negas Poslao: 13 Dec 2010 11:20 Idi na vrh
offline negas Građanin Pridružio: 10 Dec 2009 Poruke: 46 Gde živiš: Od Nisa 150km, BG 300km, Kg 250km...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok. odradicu !

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem s Malwar-om...

Ko je trenutno na forumu

Ukupno su 1068 korisnika na forumu :: 48 registrovanih, 5 sakrivenih i 1015 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksandarbl, antonije64, babaroga, BlekMen, Bobrock1, bokisha253, BRATORIII, cenejac111, darkangel, doom83, dragoljub11987, drimer, FOX, goxin, HogarStrashni, ILGromovnik, Insan, jackreacher011011, Karla, Kibice, kikisp, kokodakalo, Krvava Devetka, Kubovac, kybonacci, Lucije Kvint, Marko Marković, Mi lao shu, milenko crazy north, Ne doznajem se u oružje, Nobunaga, NoOneEver Dreams, ObelixSRB, operniki, Parker, pavlo, rasok, Ripanjac, RJ, robertino, Rogan33, sasa87, slonic_tonic, Srle993, stegonosa, suton, vladulns

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by