MyCity » Ambulanta -> Arhiva Ambulante » Sumnja na malware

Sumnja na malware

Napisano na dan: 11.11.2010

Strana:
1
2

Sumnja na malware

Sledeća strana

Pagination

Odgovori

Strana:
1
2

serdarvule Poslao: 11 Nov 2010 22:04 Idi na vrh
offline serdarvule Građanin Pridružio: 25 Feb 2010 Poruke: 53	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Može li mi neko pomoći oko čišćenja kompa od Malware i virusa pošto mi po nekad podivlja komp izgleda da mi virusi napadaju tastaturu i miša.Ima Aviru antivirus slobodnu verziju skenirao sam sa njom ona nije ništa detektovala.Sada mi je trenutno ok komp ali bi volio da budem siguran da se to neće ponoviti. Unaprijed zahvalan

Profil

1l padr1n0 Poslao: 11 Nov 2010 22:09 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

serdarvule Poslao: 12 Nov 2010 15:43 Idi na vrh
offline serdarvule Građanin Pridružio: 25 Feb 2010 Poruke: 53	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 11 Nov 2010 23:19 evo potrebnih logova: mycity.rs/must-login.png DDS (Ver_10-11-10.01) - NTFSx86 Run by Dijuf at 22:15:47.93 on иet 11.11.2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1014.70 [GMT 1:00] AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\vsnp325.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Dijuf\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=16143&l=dis uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.15)_Gecko/2009101601_Firefox/3.0.15" -"http://www.zezamose.com/besplatne-igre-za-decu/game-dexters-laboratory-laser-lab.html" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [FileSeekerUpdater] "c:\program files\file seeker\FSeekerDBUpdater.exe" -start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [snp325] c:\windows\vsnp325.exe mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\dijuf\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dijuf\applic~1\mozilla\firefox\profiles\y6pyp6l9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=16143&l=dis FF - component: c:\documents and settings\dijuf\application data\mozilla\firefox\profiles\y6pyp6l9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\dijuf\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\dijuf\application data\mozilla\firefox\profiles\y6pyp6l9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-8-24 308248] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-27 11608] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-27 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-27 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-27 56816] R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-2-23 53248] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-1-13 451456] S1 vdi3mtk2;AVZ-BC Kernel Driver;\??\c:\windows\system32\drivers\vdi3mtk2.sys --> c:\windows\system32\drivers\vdi3mtk2.sys [?] S2 gupdate1ca50b44f5471b0;Google Update Service (gupdate1ca50b44f5471b0);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2008-9-9 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2008-9-9 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2008-9-9 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2008-9-9 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2008-9-9 83344] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\windows live\messenger\usnsvc.exe [2007-10-18 98328] =============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ ==================== Find3M ==================== ============= FINISH: 22:16:41.56 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 12 Nov 2010 15:43 može li mi neko reći šta je u pitanju ?

Profil

1l padr1n0 Poslao: 12 Nov 2010 16:40 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav serdarvule! Log-ovi koje si postavio, a ja ih pregledao, su cisti. To znaci da je tvoj racunar cist sto se malware-a tice. Ukoliko imas nekih problema sa racunarom, ti problemi trenutno nisu izazvani malware-om, pa ti preporucujem da otvoris temu u odgovarajucem potforumu MyCity-ja ukoliko ima potrebe. Hvala sto verujes AMF Timu Pozdrav, goran9888 (AMF Tim)

Profil

serdarvule Poslao: 18 Nov 2010 16:11 Idi na vrh
offline serdarvule Građanin Pridružio: 25 Feb 2010 Poruke: 53	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 12 Nov 2010 21:15 Ok druže hvala puno! Dopuna: 18 Nov 2010 16:11 opet mi se javio problem virus vjerovatno,kompijute sam je podivljao ne mogu ni jednu ikonicu sa destopa da otvorim,ne mogu internet da pokrenem sa ikonice koja je na destopu već idem preko Start.Takodje i tastatura mi otkaže piše nekakve hjeruglife sada sam jedva uspjeo da vam napišem ovo,Pomagajte tu su i moji log fajlovu gore sam ih predhodno okačio kada sam prvi put objavio ovaj problem istoa se i sad pojavilo.Antiviru§€@

Profil

1l padr1n0 Poslao: 18 Nov 2010 16:51 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada restartujes racunar jel se sredi stanje? Ukoliko zelis, postavi opet DDS i GMER (3 log-a) log-ove.

Profil

serdarvule Poslao: 18 Nov 2010 21:04 Idi na vrh
offline serdarvule Građanin Pridružio: 25 Feb 2010 Poruke: 53	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: evo logova prijatelju: mycity.rs/must-login.png DDS (Ver_10-11-10.01) - NTFSx86 Run by Dijuf at 19:20:25.92 on иet 18.11.2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1014.384 [GMT 1:00] AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\vsnp325.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Dijuf\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=16143&l=dis uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.15)_Gecko/2009101601_Firefox/3.0.15" -"http://www.zezamose.com/besplatne-igre-za-decu/game-dexters-laboratory-laser-lab.html" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [FileSeekerUpdater] "c:\program files\file seeker\FSeekerDBUpdater.exe" -start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [snp325] c:\windows\vsnp325.exe mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\dijuf\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dijuf\applic~1\mozilla\firefox\profiles\y6pyp6l9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=16143&l=dis FF - component: c:\documents and settings\dijuf\application data\mozilla\firefox\profiles\y6pyp6l9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\dijuf\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\dijuf\application data\mozilla\firefox\profiles\y6pyp6l9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-8-24 308248] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-27 11608] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-27 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-27 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-27 56816] R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-2-23 53248] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-1-13 451456] S1 vdi3mtk2;AVZ-BC Kernel Driver;\??\c:\windows\system32\drivers\vdi3mtk2.sys --> c:\windows\system32\drivers\vdi3mtk2.sys [?] S2 gupdate1ca50b44f5471b0;Google Update Service (gupdate1ca50b44f5471b0);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2008-9-9 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2008-9-9 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2008-9-9 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2008-9-9 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2008-9-9 83344] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\windows live\messenger\usnsvc.exe [2007-10-18 98328] =============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ ==================== Find3M ==================== ============= FINISH: 19:21:02.09 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Možeš li mi provjeriti imali virusa?

Profil

1l padr1n0 Poslao: 19 Nov 2010 00:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log-ovi koje si postavio izgledaju prilicno cisto, tako da ovde, kao sto rekoh u prethodnoj poruci, problem najverovatnije nije izazvan malware-om. No, ukoliko zelis, izvrsicemo jos jedno dodatno skeniranje. Isprati detaljno sledece uputstvo. Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

serdarvule Poslao: 19 Nov 2010 15:48 Idi na vrh
offline serdarvule Građanin Pridružio: 25 Feb 2010 Poruke: 53	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 19 Nov 2010 15:44 evo log fajla što sam skenirao: mycity.rs/must-login.png Dopuna: 19 Nov 2010 15:48 Izgledao da je čist komp,ne znam šta bi mogao biti problem?Je li ovo znači da komp nije zaražen virusima?Sada mi je OK komp sve funkcioniše samo ponekad mi se pojavi ovaj problem.

Profil

1l padr1n0 Poslao: 19 Nov 2010 17:04 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde definitivno nije problem do malware-a. Problem je najverovatnije do Windows-a. Prenatrpao si sistemsku particiju, prenatrpao si startup itd itd. Uglavnom taj tvoj Windows se treba "dovesti u red". Da bi resio problem , trebas se javiti u Windows potforum, tako sto ces otvoriti novu temu: http://www.mycity.rs/Windows/ Iznesi svoj problem i napomeni da si bio u Ambulanti i da je racunar cist. Hvala sto verujes AMF Timu Pozdrav, goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sumnja na malware

Ko je trenutno na forumu

Ukupno su 712 korisnika na forumu :: 25 registrovanih, 2 sakrivenih i 685 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aramis s, bbogdan, Bubimir, deimos25, draganl, DragoslavS, esx66, indja, janbo, kolle.the.kid, Koridor, ladro, Lazarus, loon123, maCvele, Mi lao shu, mrav pesadinac, nedeljkovici, RJ, SR-3m, stegonosa, vandrej, VP6919

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by