MyCity » Ambulanta -> Arhiva Ambulante » Windows 7 i virusi

Windows 7 i virusi

Napisano na dan: 18.10.2012

Strana:
1
2
3

Windows 7 i virusi

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Ljilja Hnovi Poslao: 18 Okt 2012 09:18 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Poštovani.Imam laptop TOSHIBA Satellite C660-11V,to je Windows 7 ultimate 32bita.Koristim FL@T 2 - do 2 Mbps/256 kbps.Koristim AV program Microsoft Security Essentialis.Ima mjesec(od prilike) dana da imam problem sa Windows explorerom.Svakih7-8 sekundi mi je gasio ikonice na desktopu i nakon sekund-dva palio.Od video zapisa i muzike nije mogao ništa da otvori-pisalo je Windovs explorer prestao sa radom,a pojedine fajlove nisam mogla ni da brišem.Sada je to u redu,ali SpeedMaxPc mi je otkrio "zarazno odjeljenje".Malwarebytes anti Malvare,Avast i McAffe su mi pokazivali po jednu prijetnju ili ni jednu.Neznam,ali dok sam se sama koristila internetom nisam imala problema.Vjerovatno trba paziti na koje se sajtove ulazi. DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2 Run by Trony at 8:32:42 on 2012-10-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.2931.1553 [GMT 2:00] . AV: AVG Internet Security 2011 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2011 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall Enabled {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\ProgramData\IBUpdaterService\ibsvc.exe C:\Windows\system32\schtasks.exe C:\Windows\system32\conhost.exe C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Trony\SpeedMaxPc\SpeedMaxPc.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.me/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://home.sweetim.com/?barid={A04FAE8E-5FB7-11E1-B691-88AE1DF86FA6} uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll uURLSearchHooks: {34b59f25-e9d3-493a-bd46-1010827bd617} - <orphaned> uURLSearchHooks: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - <orphaned> uURLSearchHooks: {013a635f-e3aa-4371-b682-ece95ca974b0} - <orphaned> uURLSearchHooks: {6571950c-6eb2-4d8b-975e-5a25053ff845} - <orphaned> mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned> BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll BHO: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - <orphaned> BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned> BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - <orphaned> BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: {E87806B5-E908-45FD-AF5E-957D83E58E68} - <orphaned> TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - c:\program files\bittorrentbar\tbBitT.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D} : DHCPNameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D}\37F6B6F6 : DHCPNameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D}\947616C6F6350514 : DHCPNameServer = 192.168.3.2 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D}\A5978554C4 : DHCPNameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D}\C4A696C6A616 : DHCPNameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D}\C6A696C6A616 : DHCPNameServer = 195.66.189.137 195.66.189.138 TCP: Interfaces\{475F61A1-9213-4557-B565-A6457A24328D}\C6A696C6A61684E4 : DHCPNameServer = 195.66.189.137 195.66.189.138 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SecurityProviders: SecurityProviders = credssp.dll, UjwagrAmping.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\trony\appdata\roaming\mozilla\firefox\profiles\mg8nibx7.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.me/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q= FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\free ride games\npExentCtl.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\trony\appdata\roaming\mozilla\plugins\np-mswmp.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-09-03 15:23; plugin@videofiledownload.com; c:\users\trony\appdata\roaming\mozilla\firefox\profiles\mg8nibx7.default\extensions\plugin@videofiledownload.com FF - ExtSQL: 2012-09-09 17:11; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68667d4400000000000088252c465fd5&q= FF - user.js: extensions.BabylonToolbar.id - 68667d4400000000000088252c465fd5 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15592 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1217:47:54 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3612_7 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 MpKsl9cc3ab18;MpKsl9cc3ab18;c:\programdata\microsoft\microsoft antimalware\definition updates\{165ae740-d77e-4b84-b53e-49298f287e4e}\MpKsl9cc3ab18.sys [2012-10-18 29904] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-11 2309656] R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-9-28 610784] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272] R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2011-12-13 46184] R3 NisSrv;Microsoft pregled mreže;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192Ce.sys [2010-4-28 841248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-22 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-14 160944] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-22 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-14 115168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-19 15872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-27 1343400] S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] SUnknown TsUsbFlt;TsUsbFlt; [x] SUnknown tsusbhub;tsusbhub; [x] . =============== File Associations =============== . ShellExec: Sidebar.exe: open=c:\program files\windows sidebar\Sidebar.exe . =============== Created Last 30 ================ . 2012-10-18 06:30:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{165ae740-d77e-4b84-b53e-49298f287e4e}\MpKsl9cc3ab18.sys 2012-10-18 05:54:08 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{165ae740-d77e-4b84-b53e-49298f287e4e}\mpengine.dll 2012-10-16 21:16:56 -------- d-----w- c:\users\trony\appdata\roaming\SpeedMaxPc 2012-10-16 21:16:56 -------- d-----w- c:\users\trony\appdata\roaming\DriverCure 2012-10-16 21:16:26 -------- d-----w- c:\program files\common files\SpeedMaxPc 2012-10-16 21:16:23 -------- d-----w- c:\users\trony\SpeedMaxPc 2012-10-16 21:16:23 -------- d-----w- c:\programdata\SpeedMaxPc 2012-10-16 17:52:36 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-10-15 12:56:41 -------- d-----w- C:\download torentz 2012-10-15 09:45:18 -------- d-----w- c:\program files\common files\PC Tools 2012-10-14 19:14:03 767960 ----a-w- c:\windows\BDTSupport.dll1034.old 2012-10-14 19:14:02 149464 ----a-w- c:\windows\SGDetectionTool.dll1034.old 2012-10-14 19:13:58 2267096 ----a-w- c:\windows\PCTBDCore.dll1034.old 2012-10-14 19:12:38 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-10-14 19:12:38 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2012-10-14 19:10:52 -------- d-----w- c:\program files\PC Tools 2012-10-14 18:52:57 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2012-10-14 18:52:56 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys 2012-10-14 18:52:52 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-10-14 18:52:48 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-10-14 18:51:27 -------- d-----w- c:\users\trony\appdata\roaming\TestApp 2012-10-14 12:11:42 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2012-10-14 12:11:42 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2012-10-14 09:09:45 -------- d-----w- c:\users\trony\appdata\roaming\Systweak 2012-10-13 12:28:46 -------- d-----w- c:\users\trony\appdata\roaming\Malwarebytes 2012-10-13 12:27:59 -------- d-----w- c:\programdata\Malwarebytes 2012-10-12 19:09:07 -------- d-----w- c:\users\trony\appdata\local\Macromedia 2012-10-11 15:28:50 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2d918d0b-fa39-4cf1-b0d1-51c135625959}\gapaengine.dll 2012-10-11 15:20:58 -------- d-----w- c:\users\trony\Nova fascikla 2012-10-11 15:13:55 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-11 15:10:37 1159680 ----a-w- c:\windows\system32\crypt32.dll 2012-10-11 15:10:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-11 15:10:35 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-11 15:08:20 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-11 15:07:52 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-11 15:07:44 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-11 15:07:43 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-11 15:02:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 11:07:29 -------- d-----w- c:\programdata\Premium 2012-10-10 11:05:22 -------- d-----w- c:\program files\Optimizer Pro 2012-10-10 11:04:33 -------- d-----w- c:\programdata\InstallMate 2012-10-06 18:24:51 -------- d-----w- c:\users\trony\appdata\roaming\FreeVideoConverter 2012-10-05 05:36:31 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2012-09-28 18:10:29 -------- d-----w- c:\programdata\IBUpdaterService 2012-09-27 10:49:23 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-21 17:10:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-21 17:10:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2012-10-11 15:02:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-21 17:10:03 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 10:05:08 15544 ----a-w- c:\windows\system32\roboot.exe 2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-09 15:10:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-09-09 15:10:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-08-30 20:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll . ============= FINISH: 8:33:08,89 =============== c:\windows\system32\deployJava1.dll 2012-09-21 10:05:08 15544 ----a-w- c:\windows\system32\roboot.exe 2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-09 15:10:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-09-09 15:10:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-08-30 20:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll . ============= FINISH: 8:33:08,89 =============== https://www.mycity.rs/must-login.png Molim Vas ako je ovo urađeno kako treba da mi pomognete.Hvala

Profil

TwinHeadedEagle Poslao: 18 Okt 2012 10:33 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, potrebno je jos da postavis GMER logove za koje postoji objasnjenje u uputstvu za otvaranje teme...

Profil

Ljilja Hnovi Poslao: 18 Okt 2012 20:12 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! TwinHeadedEagle ::Pozdrav, potrebno je jos da postavis GMER logove za koje postoji objasnjenje u uputstvu za otvaranje teme...Ćao ja u gmer-u3 sve uradim do copy.U upustvu piše dakliknem na start onda run,ali ja do toga ne mogu da dođem,ne umijem.Gmer 1i 2 su o.k.Spašavajte.

Profil

TwinHeadedEagle Poslao: 18 Okt 2012 20:30 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, kada uradis copy, pojavi se prozor da je sadrzaj kopiran u clipboard. - Posle toga klikni na Start, na tastaturi odmah kucaj Notepad i pritisni enter. - Kada se Notepad otvori, klikni na Edit, pa Paste - Zatim na File --> Save, pa na Desktop kao Gmer3

Profil

Ljilja Hnovi Poslao: 18 Okt 2012 20:39 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sa zakašnjenjem i velikim mukama(jer nemam pojma o ovim stvarima) šaljem Vam GMER 1,2 i 3.Valjda je dobro,nemam pojma. https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Hvala na razumijevanju.

Profil

Ljilja Hnovi Poslao: 18 Okt 2012 20:53 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 18 Okt 2012 20:43 TwinHeadedEagle ::Ok, kada uradis copy, pojavi se prozor da je sadrzaj kopiran u clipboard. - Posle toga klikni na Start, na tastaturi odmah kucaj Notepad i pritisni enter. - Kada se Notepad otvori, klikni na Edit, pa Paste - Zatim na File --> Save, pa na Desktop kao Gmer3Bravo majstore,a i ja nisam loš đak.Ja poslah ali neznam hoće li da nađu i spoje jutrošnje slanje i ovo sada. Dopuna: 18 Okt 2012 20:53 Evo ovdje da postavim GMER 1,2 i 3.Puno kasnim,ali valjda nema veze. https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Hvala na razumijevanju

Profil

TwinHeadedEagle Poslao: 19 Okt 2012 16:10 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Nisi mi dostavila Gmer2 log, ponovo isprati uputstvo i dostavi izvestaj... Ok, da idemo dalje. Prati detaljno svako uputstvo koje ti dam... Korak 2. Preuzmi AVG Uninstall Tool na Desktop, kako bi uklonila ostatke AVG Antivirusa. Link je --> http://aa-download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_2706.exe Zatim prema ovom uputstvu udji u Safe Mode, odakle treba da pokrenes preuzeti alat. Kada zavrsis, i restartujes racunar, potrebno je da ispratis ovu temu --> http://www.mycity.rs/Zastitni-programi/Kako-ukloni.....mover.html - u delu osnovne informacije, imas link za download programa - pokreni AppRemover - na prvoj slici klikni na Next - na drugoj, izaberi CleanUp a failed Uninstall, klikni na Next i sacekaj dok se skeniranje izvrsi - ukoliko se na slici broj 4 pojave unosi, potrebno je da ih sve stikliras, a zatim kliknes na Next, a zatim ponovo na Next... - kada se proces zavrsi, restartuj sistem Korak 3. Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sledece programe: BitTorrentBar Toolbar Conduit Engine Java(TM) 6 Update 23 SpeedMaxPc Windows Media Player Firefox Plugin BrowserManager Restartuj racunar! Korak 4. Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Profil

Ljilja Hnovi Poslao: 21 Okt 2012 14:01 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 19 Okt 2012 19:31 TwinHeadedEagle ::Korak 1. Nisi mi dostavila Gmer2 log, ponovo isprati uputstvo i dostavi izvestaj... Ok, da idemo dalje. Prati detaljno svako uputstvo koje ti dam... Korak 2. Preuzmi AVG Uninstall Tool na Desktop, kako bi uklonila ostatke AVG Antivirusa. Link je --> http://aa-download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_2706.exe Zatim prema ovom uputstvu udji u Safe Mode, odakle treba da pokrenes preuzeti alat. Kada zavrsis, i restartujes racunar, potrebno je da ispratis ovu temu --> http://www.mycity.rs/Zastitni-programi/Kako-ukloni.....mover.html - u delu osnovne informacije, imas link za download programa - pokreni AppRemover - na prvoj slici klikni na Next - na drugoj, izaberi CleanUp a failed Uninstall, klikni na Next i sacekaj dok se skeniranje izvrsi - ukoliko se na slici broj 4 pojave unosi, potrebno je da ih sve stikliras, a zatim kliknes na Next, a zatim ponovo na Next... - kada se proces zavrsi, restartuj sistem Korak 3. Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sledece programe: BitTorrentBar Toolbar Conduit Engine Java(TM) 6 Update 23 SpeedMaxPc Windows Media Player Firefox Plugin BrowserManager Restartuj racunar! Korak 4. Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.Evo Gmer 2,valda je o.k.Sad ću pratiti ovaj Vaš tekst pa polako.Uh,Bože pomozi.Puno hvala što imate strpljenja (za moj osiromašeni um za ove stvari ) https://www.mycity.rs/must-login.png Dopuna: 21 Okt 2012 14:01 ComboFix 12-10-21.01 - Trony 21.10.2012 12:16:10.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.2931.2096 [GMT 2:00] Running from: c:\users\Trony\Desktop\ComboFix.exe AV: Microsoft Security Essentials Enabled/Updated {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials Enabled/Updated {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\roboot.exe . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 ))))))))))))))))))))))))))))))) . . 2012-10-21 10:23 . 2012-10-21 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-21 10:14 . 2012-10-21 10:14 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0349116-D166-41E5-80B3-9AEBA17EB9F7}\MpKsl4ca99c98.sys 2012-10-21 09:41 . 2012-10-21 10:24 -------- d-----w- c:\users\Trony\AppData\Local\temp 2012-10-20 18:23 . 2012-10-05 05:34 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E3E590B-9967-4246-B72E-A458998229A6}\gapaengine.dll 2012-10-20 18:22 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0349116-D166-41E5-80B3-9AEBA17EB9F7}\mpengine.dll 2012-10-19 21:04 . 2012-10-20 18:52 -------- d-----w- c:\program files\7-Zip 2012-10-19 20:42 . 2012-10-19 20:42 -------- d-----w- c:\program files\TeamViewer 2012-10-19 16:54 . 2012-10-19 16:54 100864 ----a-w- C:\awlirpod.sys 2012-10-19 12:43 . 2012-10-19 12:43 -------- d-----w- c:\programdata\Lavasoft 2012-10-19 12:43 . 2012-10-19 16:47 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-10-19 12:41 . 2012-10-19 12:41 -------- d-----w- c:\users\Trony\AppData\Roaming\blekko 2012-10-19 12:05 . 2012-10-19 12:05 -------- d-----w- c:\program files\Microsoft.NET 2012-10-19 10:05 . 2012-10-19 10:05 -------- d-----w- c:\users\Trony\AppData\Roaming\LavasoftStatistics 2012-10-19 10:04 . 2012-10-19 16:45 -------- d-----w- c:\users\Trony\AppData\Roaming\Ad-Aware Antivirus 2012-10-19 07:48 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-18 20:18 . 2012-10-18 20:19 -------- d-----w- c:\programdata\TuneUp Software 2012-10-18 20:18 . 2012-10-18 20:18 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-10-18 19:39 . 2012-10-18 19:39 -------- d-----w- c:\users\Trony\AppData\Roaming\TuneUp Software 2012-10-18 09:22 . 2012-10-18 14:42 -------- d-----w- c:\users\Trony\AppData\Roaming\AVG 2012-10-18 09:21 . 2012-10-18 09:23 -------- d-----w- c:\programdata\AVG 2012-10-18 09:21 . 2012-10-18 09:21 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2012-10-16 21:16 . 2012-10-16 21:16 -------- d-----w- c:\users\Trony\AppData\Roaming\SpeedMaxPc 2012-10-16 21:16 . 2012-10-16 21:16 -------- d-----w- c:\users\Trony\AppData\Roaming\DriverCure 2012-10-16 21:16 . 2012-10-19 10:57 -------- d-----w- c:\programdata\SpeedMaxPc 2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\programdata\RoboForm 2012-10-15 12:56 . 2012-10-18 08:36 -------- d-----w- C:\download torentz 2012-10-15 09:45 . 2012-10-15 09:54 -------- d-----w- c:\program files\Common Files\PC Tools 2012-10-14 19:12 . 2012-06-22 13:29 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2012-10-14 19:12 . 2012-06-22 13:29 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-10-14 19:10 . 2012-10-14 19:10 -------- d-----w- c:\program files\PC Tools 2012-10-14 18:52 . 2012-02-28 09:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2012-10-14 18:52 . 2012-02-28 09:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys 2012-10-14 18:52 . 2012-04-23 10:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-10-14 18:52 . 2012-06-22 13:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-10-14 18:51 . 2012-10-14 18:51 -------- d-----w- c:\users\Trony\AppData\Roaming\TestApp 2012-10-14 09:44 . 2012-10-15 14:13 -------- d-----w- c:\programdata\McAfee 2012-10-14 09:09 . 2012-10-14 10:37 -------- d-----w- c:\users\Trony\AppData\Roaming\Systweak 2012-10-13 12:28 . 2012-10-13 12:28 -------- d-----w- c:\users\Trony\AppData\Roaming\Malwarebytes 2012-10-13 12:27 . 2012-10-13 12:27 -------- d-----w- c:\programdata\Malwarebytes 2012-10-12 19:09 . 2012-10-12 19:09 -------- d-----w- c:\users\Trony\AppData\Local\Macromedia 2012-10-11 15:20 . 2012-10-14 13:48 -------- d-----w- c:\users\Trony\Nova fascikla 2012-10-11 15:13 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-11 15:10 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll 2012-10-11 15:10 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-11 15:10 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-11 15:08 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-11 15:07 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-11 15:07 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-11 15:07 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-11 15:02 . 2012-10-11 15:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 11:07 . 2012-10-10 11:07 -------- d-----w- c:\programdata\Premium 2012-10-10 11:05 . 2012-10-10 11:12 -------- d-----w- c:\program files\Optimizer Pro 2012-10-10 11:04 . 2012-10-10 11:07 -------- d-----w- c:\programdata\InstallMate 2012-10-06 18:24 . 2012-10-11 14:59 -------- d-----w- c:\users\Trony\AppData\Roaming\FreeVideoConverter 2012-10-05 05:36 . 2012-10-05 05:34 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-28 18:10 . 2012-10-11 14:59 -------- d-----w- c:\programdata\IBUpdaterService 2012-09-27 10:49 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-21 17:11 . 2012-09-21 17:11 -------- d-----w- c:\program files\Common Files\Java 2012-09-21 17:10 . 2012-09-21 17:10 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-21 17:10 . 2012-09-21 17:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 18:45 . 2012-04-14 17:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-10-11 15:02 . 2011-06-17 16:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-21 17:10 . 2011-01-22 15:15 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-09 15:10 . 2011-01-22 15:13 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-09-09 15:10 . 2011-01-22 15:13 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-08-31 05:40 . 2012-04-21 16:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 20:03 . 2012-03-20 18:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-22 17:16 . 2012-09-12 16:01 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-12 16:01 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-12 16:01 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-12 16:01 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-02 16:57 . 2012-09-12 16:01 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-10-11 01:05 . 2012-10-19 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-09-01 4862384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, UjwagrAmping.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] c:\program files\AVG\AVG10\avgtray.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] 2012-10-19 11:15 1398680 ----a-w- c:\program files\BitTorrent\BitTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser companion helper] c:\program files\BrowserCompanion\BCHelper.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender] 2011-09-01 18:18 4862384 ----a-w- c:\program files\Free Ride Games\GPlayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2011-08-31 19:09 177432 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2011-08-31 19:10 142616 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2] 2012-05-18 16:19 9106664 ----a-w- c:\users\Trony\AppData\Local\MediaGet2\mediaget.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2011-08-31 19:09 176408 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] c:\program files\QuickTime\QTTask.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-09-09 15:10 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt; [x] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S1 MpKsl4ca99c98;MpKsl4ca99c98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0349116-D166-41E5-80B3-9AEBA17EB9F7}\MpKsl4ca99c98.sys [x] S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] S3 NisSrv;Microsoft pregled mreže;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-22 15:43] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-22 15:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.me/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://home.sweetim.com/?barid={A04FAE8E-5FB7-11E1-B691-88AE1DF86FA6} uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 195.66.189.137 195.66.189.138 FF - ProfilePath - c:\users\Trony\AppData\Roaming\Mozilla\Firefox\Profiles\mg8nibx7.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-09-09 17:11; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - ExtSQL: 2012-10-19 14:41; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Trony\AppData\Roaming\Mozilla\Firefox\Profiles\mg8nibx7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3612_7 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68667d4400000000000088252c465fd5&q= FF - user.js: extensions.BabylonToolbar.id - 68667d4400000000000088252c465fd5 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15632 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.821:32 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{34b59f25-e9d3-493a-bd46-1010827bd617} - (no file) URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file) URLSearchHooks-{013a635f-e3aa-4371-b682-ece95ca974b0} - (no file) URLSearchHooks-{6571950c-6eb2-4d8b-975e-5a25053ff845} - (no file) URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file) Toolbar-10 - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.1] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.1\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.2] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.2\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-10-21 12:29:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-21 10:29 . Pre-Run: 83.397.120.000 bytes free Post-Run: 83.325.100.032 bytes free . - - End Of File - - E80F3719124185B5950B820D937622F6 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.1\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.2] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.2\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-10-21 12:29:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-21 10:29 . Pre-Run: 83.397.120.000 bytes free Post-Run: 83.325.100.032 bytes free . - - End Of File - - E80F3719124185B5950B820D937622F6 Ćao.Evo šaljem izvještaj Combofix-a.Vi pogledaj te pa ćete mi reći jel.o.k. i šta dalje.Pozdrav

Profil

TwinHeadedEagle Poslao: 21 Okt 2012 14:19 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	2Ovo se svidja korisnicima: silmany, ThePhilosopher Registruj se da bi pohvalio/la poruku! Pozdrav, Ponovo mi nisi dostavila odgovorajuci GMER izvestaj... Kao pomoc, koncentrisi se na ovaj tekst i sliku Citat:kliknite desnim tasterom u prozor programa Gmer i odaberite Options > Only non MS files - kliknite Scan; po završetku kratkotrajnog skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); ==================== Kazi mi je si ispratila sve prethodne korake pre pokretanja ComboFix-a? Ako nisi, isprati opet te korake...

Profil

Ljilja Hnovi Poslao: 21 Okt 2012 15:59 Idi na vrh
offline Ljilja Hnovi Prijatelj foruma Pridružio: 14 Okt 2012 Poruke: 3611 Gde živiš: Herceg Novi	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 21 Okt 2012 15:22 TwinHeadedEagle ::Pozdrav, Ponovo mi nisi dostavila odgovorajuci GMER izvestaj... Kao pomoc, koncentrisi se na ovaj tekst i sliku Citat:kliknite desnim tasterom u prozor programa Gmer i odaberite Options > Only non MS files - kliknite Scan; po završetku kratkotrajnog skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); ==================== Kazi mi je si ispratila sve prethodne korake pre pokretanja ComboFix-a? Ako nisi, isprati opet te korake...Sada ću uraditi skeniranje i poslati.Slala sam gmer 2 ponovo,ali nije u redu pa evo skenirat ću i poslati.Za Combofix ovako:nisam mogla da ga sačuvam u notepad već u program c mi se pojavio.Poplavila sam čitav sadržaj i nalijepila,a onda ga našla u C. Dopuna: 21 Okt 2012 15:59 Jesam i preuzela sam avg,ušla usafe mode,ispratila temu sa Vašeg sajta,,pokrenula appremover,skenirala,.Nije bilo ništa da štikliram i onda sam restartovala laptop.Išla u start meni,kontrolna tabla,programi i funkcije i deinstalirala što ste mi rekli(mada su 2 programa bila već prije deinstalirana,to ovi moji petljaju po laptopu kad nisam kući) i restartovala komp.Onda sam preuzela Combofix,ali mi je odma izašla tabla na kojoj je on skenirao.Dalje je bilo kako sam Vam napisala u poruci.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Windows 7 i virusi

Ko je trenutno na forumu

Ukupno su 1350 korisnika na forumu :: 69 registrovanih, 6 sakrivenih i 1275 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, Atomski čoban, babaroga, bladesu, Boris Bosiljčić, Boris90, botta, cenejac111, DejanSt, Denaya, djboj, Doca, doktor1964, Dorcolac, draganca, dragoljub11987, dule10savic, Faki-Valjevo, GandorCC, Georgius, havoc995, HogarStrashni, ikan, ivicasimo, JimmyNapoli, Joco Skljoco, JOntra, jukeboxer, kalens021, Karla, kokodakalo, Krusarac, Krvava Devetka, kunktator, kybonacci, mačković, mercedesamg, Mercury, mile23, milenko crazy north, milimoj, Miloskec, MiroslavD, mrvica78, nebkv, nemkea71, nikoladim, NoOneEver Dreams, oganj123, opt1, panzerwaffe, Parker, Romibrat, ruso, sasa87, Shinobi, Sirius, Sićko, slonic_tonic, SR-3m, vathra, virked, VJ, vukovi, wizzardone, YugoSlav, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by