MyCity » Ambulanta -> Arhiva Ambulante » Komp zablokirao/izgleda od virusa

Komp zablokirao/izgleda od virusa

Napisano na dan: 24.1.2009

Strana:
1
2

Komp zablokirao/izgleda od virusa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

cicabroj1 Poslao: 24 Jan 2009 16:41 Idi na vrh
offline cicabroj1 Novi MyCity građanin Pridružio: 24 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skoro sam kupila laptop i izgleda da se vec zarazio virusima.Tesko se pali,potrebno mu je vise minuta,i kada se upali NOD prijavi sledece"Can not find script file C:/ WINDOWS"/system 32/killVBS.vbs. Skenirala sam WINDOWS i NOD je pronasao 16 virusa, ali ne moze da ih obrise. Internet je spor, a google ne radi, pa ako mozete da pomognete... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:23:35, on 24.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\vVX1000.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WinZip32\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\xp\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\xp\Desktop\New Folder\TR3.exe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs,C:\WINDOWS\system32\twex.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ljJBurss.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {B725AF68-83D1-41ED-98D1-9124C1F07C8E} - C:\WINDOWS\system32\urqRJApm.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [Mini-YuRecnik] C:\YuRecnik\MiniYuRecnik.exe O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [Windows Service] service.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [50e6225f] rundll32.exe "C:\WINDOWS\system32\jpvuyouy.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip32\WZQKPICK.EXE O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: crypt - crypts.dll (file missing) O20 - Winlogon Notify: ljJBurss - C:\WINDOWS\SYSTEM32\ljJBurss.dll O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe -- End of file - 5591 bytes

Profil

bobby Poslao: 24 Jan 2009 16:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

cicabroj1 Poslao: 24 Jan 2009 19:52 Idi na vrh
offline cicabroj1 Novi MyCity građanin Pridružio: 24 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ni jedan ComboFix nece da radi. Dopuna: 24 Jan 2009 19:52 Pise da je nepoznat izdavac i da mogu pokrenuti samo softvere od izdavaca kojem vruje.

Profil

bobby Poslao: 24 Jan 2009 23:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix odavde: http://amf.mycity.rs/programs/mirrored/C-F.exe Koji ti to program prijavljuje da je nepoznat izdavac? Je li ti to mozda Windows pokazuje? Postoji li opcija da ipak pustis taj program? Ako postoji, onda ga pokreni.

Profil

cicabroj1 Poslao: 25 Jan 2009 13:16 Idi na vrh
offline cicabroj1 Novi MyCity građanin Pridružio: 24 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uspela sam nekako da ga pokrenem, dok je ComboFix radio prijavljivao je vise puta da nedostaju neke stvari, koje ja ne razumem i restartovao se sam tri puta dok ComboFix nije sve zavrsio. ComboFix 09-01-21.04 - xp 2009-01-25 13:03:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.736 [GMT 1:00] Running from: c:\documents and settings\xp\Desktop\C-F.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Updated) * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com c:\windows\admintxt.txt c:\windows\system32\bgqkgtit.ini c:\windows\system32\drivers\UACdmiwtakx.sys c:\windows\system32\fclvgxxh.ini c:\windows\system32\gabwbbdy.ini c:\windows\system32\jpvuyouy.dll c:\windows\system32\jvcmorsj.ini c:\windows\system32\ljJBurss.dll c:\windows\system32\mmjrykim.ini c:\windows\system32\mpAJRqru.ini c:\windows\system32\mpAJRqru.ini2 c:\windows\system32\msnlhjsg.ini c:\windows\system32\nampiyvh.ini c:\windows\system32\opihcgym.ini c:\windows\system32\sdndhvsp.ini c:\windows\system32\twex.exe c:\windows\system32\UACemwsghrn.log c:\windows\system32\UAChomudjgq.log c:\windows\system32\UACkqmwxhik.log c:\windows\system32\UACokpjrigf.dll c:\windows\system32\UACptwqpqqa.dll c:\windows\system32\UACrqllrmot.dat c:\windows\system32\UACtbcgovbw.dll c:\windows\system32\UACypqsipxb.dll c:\windows\system32\urqRJApm.dll c:\windows\system32\wamsbqlq.ini c:\windows\system32\xxyaaawt.dll c:\windows\system32\yuoyuvpj.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))) . 2009-01-24 15:25 . 2009-01-24 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-21 22:44 . 2009-01-25 12:44 <DIR> d--hs---- c:\windows\system32\twain32 2009-01-21 18:39 . 2009-01-21 18:39 664 --a------ c:\windows\system32\d3d9caps.dat 2009-01-21 18:02 . 2009-01-21 18:15 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-15 01:21 . 2009-01-18 15:10 120,832 --a------ C:\cmxuwqj.exe 2009-01-15 01:21 . 2009-01-18 15:10 83,968 --a------ C:\wdueh.exe 2009-01-15 01:21 . 2009-01-18 15:10 8,192 --a------ C:\ndcnlcdr.exe 2009-01-15 01:21 . 2009-01-18 15:10 2 --a------ C:\1357259504 2009-01-15 01:21 . 2009-01-15 01:21 0 --a------ C:\sknyrb.exe 2009-01-10 15:45 . 2009-01-10 15:45 1,025 --a------ c:\windows\web_update.exe 2009-01-09 20:44 . 2009-01-09 20:44 <DIR> d-------- c:\windows\VMUVC 2009-01-09 20:43 . 2007-09-05 17:00 516,096 --a------ c:\windows\system32\VMUVC.ax 2009-01-09 20:43 . 2007-11-14 18:08 476,160 --a------ c:\windows\system32\drivers\vvftUVC.sys 2009-01-09 20:43 . 2008-04-03 14:35 250,240 --a------ c:\windows\system32\drivers\VMUVC.sys 2009-01-09 20:43 . 2007-10-11 13:51 188,416 --a------ c:\windows\system32\vvftUVC.ax 2009-01-09 20:43 . 2007-04-16 15:12 98,304 --a------ c:\windows\system32\VMCtrl.ax 2009-01-09 20:43 . 2007-04-12 23:00 94,208 --a------ c:\windows\system32\VvFtCtrl.dll 2009-01-09 20:43 . 2007-04-12 22:59 73,728 --a------ c:\windows\system32\exvmuvc.ax 2009-01-09 20:43 . 2008-02-29 10:11 11,776 --a------ c:\windows\system32\VMUVC.dll 2009-01-09 20:42 . 2009-01-09 20:42 <DIR> d-------- c:\program files\Vimicro Corporation 2009-01-09 20:39 . 2009-01-09 20:39 <DIR> d-------- c:\documents and settings\xp\Application Data\InstallShield 2009-01-05 17:39 . 2009-01-05 17:39 <DIR> d-------- c:\program files\Common Files\PocketSoft 2009-01-05 17:39 . 2001-04-12 18:00 182,272 --a------ c:\windows\patchw32.dll 2009-01-05 17:38 . 2009-01-05 17:39 <DIR> d-------- c:\program files\ubi.com 2009-01-02 23:20 . 2009-01-02 23:22 <DIR> d-------- c:\program files\WinZip32 2009-01-02 23:17 . 2009-01-02 23:17 <DIR> d-------- c:\documents and settings\xp\Application Data\PEERNET 2009-01-02 23:17 . 2009-01-02 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\PEERNET 2009-01-02 23:15 . 2009-01-02 23:15 <DIR> d-------- c:\program files\Microsoft 2009-01-02 23:14 . 2009-01-02 23:14 <DIR> d-------- c:\program files\za lako prebacivanje iz latinice u cirilicu i obrnuto za offis 2009-01-02 23:09 . 2009-01-02 23:14 <DIR> d-------- c:\program files\SCH Recnik 2009-01-02 23:09 . 2009-01-05 12:31 103 --a------ c:\windows\recnik.ini 2009-01-02 23:08 . 2009-01-02 23:11 <DIR> d-------- C:\YuRecnik 2009-01-02 23:06 . 2009-01-02 23:06 <DIR> d-------- c:\program files\Sr-En Recnik 2009-01-02 23:05 . 2009-01-02 23:05 <DIR> d-------- c:\program files\PdfToDoc 2009-01-02 23:05 . 2009-01-02 23:05 <DIR> d-------- c:\program files\PDF2Word v1.6 2009-01-02 23:02 . 2009-01-02 23:02 <DIR> d-------- c:\program files\PDF Creator Plus 4.0 2009-01-02 23:01 . 2009-01-02 23:01 <DIR> d-------- c:\program files\PDF Creator 2009-01-02 23:01 . 2009-01-02 23:01 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-02 22:59 . 2009-01-02 23:00 <DIR> d-------- c:\program files\FLV Player 2009-01-02 22:59 . 2009-01-02 22:59 <DIR> d-------- c:\program files\Cirilicni fontovi 2009-01-01 16:50 . 2009-01-01 16:50 <DIR> d-------- c:\windows\Sun 2008-12-31 14:56 . 2007-04-10 22:46 1,966,312 --a------ c:\windows\system32\drivers\VX1000.sys 2008-12-31 14:56 . 2007-04-10 22:46 709,992 --a------ c:\windows\vVX1000.exe 2008-12-31 14:56 . 2007-04-10 22:46 476,520 --a------ c:\windows\vVX1000.dll 2008-12-31 14:56 . 2007-04-10 22:46 202,088 --a------ c:\windows\system32\LCCoin14.dll 2008-12-31 14:56 . 2007-04-10 22:46 185,704 --a------ c:\windows\system32\cVX1000.dll 2008-12-31 14:56 . 2007-04-10 22:46 111,976 --a------ c:\windows\VX1000.dll 2008-12-31 14:56 . 2007-04-10 22:46 15,498 --a------ c:\windows\VX1000.ini 2008-12-31 14:56 . 2007-04-10 22:46 13,023 --a------ c:\windows\VX1000.src 2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d-------- c:\windows\system32\drivers\umdf 2008-12-31 14:29 . 2006-08-11 20:14 22,752 --a------ c:\windows\system32\spupdsvc.exe 2008-12-31 14:28 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll 2008-12-31 14:28 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll 2008-12-31 14:28 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll 2008-12-31 14:28 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll 2008-12-31 14:28 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll 2008-12-31 14:28 . 2006-09-28 16:03 15,128 --a------ c:\windows\system32\x3daudio1_1.dll 2008-12-31 12:15 . 2008-12-31 12:15 <DIR> d-------- c:\program files\Google 2008-12-31 00:25 . 2008-12-31 00:25 <DIR> d-------- c:\program files\Java 2008-12-31 00:25 . 2008-12-31 00:25 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-31 00:25 . 2008-12-31 00:25 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-30 23:25 . 2009-01-25 12:42 <DIR> d-------- c:\documents and settings\xp\Application Data\skypePM 2008-12-30 23:25 . 2008-12-30 23:25 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-30 23:09 . 2009-01-25 13:08 <DIR> d-------- c:\documents and settings\xp\Application Data\Skype 2008-12-30 23:08 . 2008-12-30 23:08 <DIR> d-------- c:\program files\Skype 2008-12-30 23:08 . 2008-12-30 23:08 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-30 23:08 . 2008-12-30 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-12-30 20:27 . 2008-12-30 20:27 <DIR> d---s---- c:\documents and settings\xp\UserData 2008-12-29 20:13 . 2008-12-29 20:13 <DIR> d-------- c:\documents and settings\Administrator 2008-12-27 15:34 . 2005-06-16 20:18 31,744 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-12-27 15:34 . 2005-06-16 20:18 31,744 --a--c--- c:\windows\system32\dllcache\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 17:03 --------- d-----w c:\program files\Common Files\Adobe 2009-01-09 19:42 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-07 15:32 --------- d-----w c:\documents and settings\xp\Application Data\U3 2009-01-05 16:38 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-01 13:40 --------- d-----w c:\program files\Eset 2008-12-20 21:13 --------- d-----w c:\documents and settings\xp\Application Data\Kingston 2008-12-19 12:39 --------- d-----w c:\program files\OpenOffice.org 3 2008-12-18 17:03 --------- d-----w c:\documents and settings\xp\Application Data\Media Player Classic 2008-12-16 15:48 --------- d-----w c:\documents and settings\xp\Application Data\CyberLink 2008-12-31 11:16 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-07 950664] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-31 30192] "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992] "Mini-YuRecnik"="c:\yurecnik\MiniYuRecnik.exe" [1999-08-02 219648] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip32\WZQKPICK.EXE [2009-01-02 106560] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-11-07 15424] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-01-09 250240] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-01-09 476160] R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-31 30192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eeb0c45-cd50-11dd-9b7e-001b385469e0}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dc3c1c1-ce06-11dd-9b84-001b385469e0}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7e2624-cdbf-11dd-9b80-001b385469e0}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c01c1b09-d41f-11dd-9b97-001b385469e0}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c01c1b0a-d41f-11dd-9b97-001b385469e0}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . - - - - ORPHANS REMOVED - - - - BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\ljJBurss.dll BHO-{DAB57C3F-F1F4-450C-8ABA-B945873E26B4} - c:\windows\system32\urqRJApm.dll ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\ljJBurss.dll . ------- Supplementary Scan ------- . uStart Page = uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\xp\Application Data\Mozilla\Firefox\Profiles\ijr55w6y.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-25 13:08:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(748-) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\igfxsrvc.exe c:\windows\system32\ntvdm.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Eset\nod32krn.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\docume~1\xp\LOCALS~1\temp\RtkBtMnt.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-01-25 13:09:42 - machine was rebooted [xp] ComboFix-quarantined-files.txt 2009-01-25 12:09:39 Pre-Run: 31,350,087,680 bytes free Post-Run: 32,224,301,056 bytes free 234

Profil

bobby Poslao: 25 Jan 2009 13:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Greske su se najverovatnije desavale zato sto nije iskljucen antivirus (NOD) onako kako sam napisao. Hajde sada iskljuci antivirus prema onom uputstvu koje sam ti napisao gore, pa uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\cmxuwqj.exe C:\wdueh.exe C:\ndcnlcdr.exe C:\1357259504 C:\sknyrb.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dc3c1c1-ce06-11dd-9b84-001b385469e0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7e2624-cdbf-11dd-9b80-001b385469e0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c01c1b09-d41f-11dd-9b97-001b385469e0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c01c1b0a-d41f-11dd-9b97-001b385469e0}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Sledeci fajl ces mi poslati na proveru: c:\windows\web_update.exe Uploaduj ga preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

cicabroj1 Poslao: 25 Jan 2009 13:50 Idi na vrh
offline cicabroj1 Novi MyCity građanin Pridružio: 24 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljucivala sam i pre NOD, ali kada se sam restartovao, on se ponovo sam ukljucivao. ComboFix 09-01-21.04 - xp 2009-01-25 13:39:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.557 [GMT 1:00] Running from: c:\documents and settings\xp\Desktop\C-F.exe Command switches used :: c:\documents and settings\xp\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\1357259504 C:\cmxuwqj.exe C:\ndcnlcdr.exe C:\sknyrb.exe C:\wdueh.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1357259504 C:\cmxuwqj.exe C:\ndcnlcdr.exe C:\sknyrb.exe C:\wdueh.exe . ((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))) . 2009-01-24 15:25 . 2009-01-24 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-21 22:44 . 2009-01-25 12:44 <DIR> d--hs---- c:\windows\system32\twain32 2009-01-21 18:39 . 2009-01-21 18:39 664 --a------ c:\windows\system32\d3d9caps.dat 2009-01-21 18:02 . 2009-01-21 18:15 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-10 15:45 . 2009-01-10 15:45 1,025 --a------ c:\windows\web_update.exe 2009-01-09 20:44 . 2009-01-09 20:44 <DIR> d-------- c:\windows\VMUVC 2009-01-09 20:43 . 2007-09-05 17:00 516,096 --a------ c:\windows\system32\VMUVC.ax 2009-01-09 20:43 . 2007-11-14 18:08 476,160 --a------ c:\windows\system32\drivers\vvftUVC.sys 2009-01-09 20:43 . 2008-04-03 14:35 250,240 --a------ c:\windows\system32\drivers\VMUVC.sys 2009-01-09 20:43 . 2007-10-11 13:51 188,416 --a------ c:\windows\system32\vvftUVC.ax 2009-01-09 20:43 . 2007-04-16 15:12 98,304 --a------ c:\windows\system32\VMCtrl.ax 2009-01-09 20:43 . 2007-04-12 23:00 94,208 --a------ c:\windows\system32\VvFtCtrl.dll 2009-01-09 20:43 . 2007-04-12 22:59 73,728 --a------ c:\windows\system32\exvmuvc.ax 2009-01-09 20:43 . 2008-02-29 10:11 11,776 --a------ c:\windows\system32\VMUVC.dll 2009-01-09 20:42 . 2009-01-09 20:42 <DIR> d-------- c:\program files\Vimicro Corporation 2009-01-09 20:39 . 2009-01-09 20:39 <DIR> d-------- c:\documents and settings\xp\Application Data\InstallShield 2009-01-05 17:39 . 2009-01-05 17:39 <DIR> d-------- c:\program files\Common Files\PocketSoft 2009-01-05 17:39 . 2001-04-12 18:00 182,272 --a------ c:\windows\patchw32.dll 2009-01-05 17:38 . 2009-01-05 17:39 <DIR> d-------- c:\program files\ubi.com 2009-01-02 23:20 . 2009-01-02 23:22 <DIR> d-------- c:\program files\WinZip32 2009-01-02 23:17 . 2009-01-02 23:17 <DIR> d-------- c:\documents and settings\xp\Application Data\PEERNET 2009-01-02 23:17 . 2009-01-02 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\PEERNET 2009-01-02 23:15 . 2009-01-02 23:15 <DIR> d-------- c:\program files\Microsoft 2009-01-02 23:14 . 2009-01-02 23:14 <DIR> d-------- c:\program files\za lako prebacivanje iz latinice u cirilicu i obrnuto za offis 2009-01-02 23:09 . 2009-01-02 23:14 <DIR> d-------- c:\program files\SCH Recnik 2009-01-02 23:09 . 2009-01-05 12:31 103 --a------ c:\windows\recnik.ini 2009-01-02 23:08 . 2009-01-02 23:11 <DIR> d-------- C:\YuRecnik 2009-01-02 23:06 . 2009-01-02 23:06 <DIR> d-------- c:\program files\Sr-En Recnik 2009-01-02 23:05 . 2009-01-02 23:05 <DIR> d-------- c:\program files\PdfToDoc 2009-01-02 23:05 . 2009-01-02 23:05 <DIR> d-------- c:\program files\PDF2Word v1.6 2009-01-02 23:02 . 2009-01-02 23:02 <DIR> d-------- c:\program files\PDF Creator Plus 4.0 2009-01-02 23:01 . 2009-01-02 23:01 <DIR> d-------- c:\program files\PDF Creator 2009-01-02 23:01 . 2009-01-02 23:01 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-02 22:59 . 2009-01-02 23:00 <DIR> d-------- c:\program files\FLV Player 2009-01-02 22:59 . 2009-01-02 22:59 <DIR> d-------- c:\program files\Cirilicni fontovi 2009-01-01 16:50 . 2009-01-01 16:50 <DIR> d-------- c:\windows\Sun 2008-12-31 14:56 . 2007-04-10 22:46 1,966,312 --a------ c:\windows\system32\drivers\VX1000.sys 2008-12-31 14:56 . 2007-04-10 22:46 709,992 --a------ c:\windows\vVX1000.exe 2008-12-31 14:56 . 2007-04-10 22:46 476,520 --a------ c:\windows\vVX1000.dll 2008-12-31 14:56 . 2007-04-10 22:46 202,088 --a------ c:\windows\system32\LCCoin14.dll 2008-12-31 14:56 . 2007-04-10 22:46 185,704 --a------ c:\windows\system32\cVX1000.dll 2008-12-31 14:56 . 2007-04-10 22:46 111,976 --a------ c:\windows\VX1000.dll 2008-12-31 14:56 . 2007-04-10 22:46 15,498 --a------ c:\windows\VX1000.ini 2008-12-31 14:56 . 2007-04-10 22:46 13,023 --a------ c:\windows\VX1000.src 2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d-------- c:\windows\system32\drivers\umdf 2008-12-31 14:29 . 2006-08-11 20:14 22,752 --a------ c:\windows\system32\spupdsvc.exe 2008-12-31 14:28 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll 2008-12-31 14:28 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll 2008-12-31 14:28 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll 2008-12-31 14:28 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll 2008-12-31 14:28 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll 2008-12-31 14:28 . 2006-09-28 16:03 15,128 --a------ c:\windows\system32\x3daudio1_1.dll 2008-12-31 12:15 . 2008-12-31 12:15 <DIR> d-------- c:\program files\Google 2008-12-31 00:25 . 2008-12-31 00:25 <DIR> d-------- c:\program files\Java 2008-12-31 00:25 . 2008-12-31 00:25 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-31 00:25 . 2008-12-31 00:25 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-30 23:25 . 2009-01-25 12:42 <DIR> d-------- c:\documents and settings\xp\Application Data\skypePM 2008-12-30 23:25 . 2008-12-30 23:25 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-30 23:09 . 2009-01-25 13:21 <DIR> d-------- c:\documents and settings\xp\Application Data\Skype 2008-12-30 23:08 . 2008-12-30 23:08 <DIR> d-------- c:\program files\Skype 2008-12-30 23:08 . 2008-12-30 23:08 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-30 23:08 . 2008-12-30 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-12-30 20:27 . 2008-12-30 20:27 <DIR> d---s---- c:\documents and settings\xp\UserData 2008-12-29 20:13 . 2008-12-29 20:13 <DIR> d-------- c:\documents and settings\Administrator 2008-12-27 15:34 . 2005-06-16 20:18 31,744 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-12-27 15:34 . 2005-06-16 20:18 31,744 --a--c--- c:\windows\system32\dllcache\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 17:03 --------- d-----w c:\program files\Common Files\Adobe 2009-01-09 19:42 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-07 15:32 --------- d-----w c:\documents and settings\xp\Application Data\U3 2009-01-05 16:38 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-01 13:40 --------- d-----w c:\program files\Eset 2008-12-20 21:13 --------- d-----w c:\documents and settings\xp\Application Data\Kingston 2008-12-19 12:39 --------- d-----w c:\program files\OpenOffice.org 3 2008-12-18 17:03 --------- d-----w c:\documents and settings\xp\Application Data\Media Player Classic 2008-12-16 15:48 --------- d-----w c:\documents and settings\xp\Application Data\CyberLink 2008-12-31 11:16 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-25_13.09.03.04 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-25 12:05:44 40,394 ----a-w c:\windows\system32\perfc009.dat + 2009-01-25 12:12:04 40,394 ----a-w c:\windows\system32\perfc009.dat - 2009-01-25 12:05:44 312,172 ----a-w c:\windows\system32\perfh009.dat + 2009-01-25 12:12:04 312,172 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-11-07 950664] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-31 30192] "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992] "Mini-YuRecnik"="c:\yurecnik\MiniYuRecnik.exe" [1999-08-02 219648] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip32\WZQKPICK.EXE [2009-01-02 106560] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-11-07 15424] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-01-09 250240] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-01-09 476160] R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-31 30192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eeb0c45-cd50-11dd-9b7e-001b385469e0}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- Supplementary Scan ------- . uStart Page = uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\xp\Application Data\Mozilla\Firefox\Profiles\ijr55w6y.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-25 13:40:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(748-) c:\windows\system32\imon.dll . Completion time: 2009-01-25 13:40:55 ComboFix-quarantined-files.txt 2009-01-25 12:40:53 ComboFix2.txt 2009-01-25 12:09:43 Pre-Run: 32.211.992.576 bytes free Post-Run: 32,200,237,056 bytes free 190 Dopuna: 25 Jan 2009 13:50 Poslala sam vam i web_update.exe

Profil

bobby Poslao: 25 Jan 2009 13:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi i web_update.exe sa diska, i on je deo neke infekcije. Kako se sada komp ponasa? Ima li jos neki simptoma?

Profil

cicabroj1 Poslao: 25 Jan 2009 14:14 Idi na vrh
offline cicabroj1 Novi MyCity građanin Pridružio: 24 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve je u redu, samo jos se pojavljuje na ovom windows security alerts-u sledece Your computer might be at risk-No firewall is turned on. I pise da kliknem na taj prozorcic da bi popravio problem.

Profil

bobby Poslao: 25 Jan 2009 14:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je zato sto nemas instaliran ni jedan Firewall program. Ili instaliraj neki, ili iskljuci da ti vise ne prijavljuje tu poruku. To bi bila tema za sledeci forum: http://www.mycity.rs/phpbb/viewforum.php?f=220 Sto se nasih virusa ovde tice, uradi jos sledece: Meni bi trebali primerci tih virusa koje smo upravo pocistili. Ako ti nije tesko, spakuj mi u jedan ZIP sledeci folder: C:\QooBox\Quarantine i uploaduj mi taj ZIP preko onog linka od malopre: http://www.mycity.rs/ambulanta-upload.php Nakon toga idemo na praznjenje karantina ComboFixa i na njegovu deinstalaciju: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Komp zablokirao/izgleda od virusa

Ko je trenutno na forumu

Ukupno su 765 korisnika na forumu :: 6 registrovanih, 1 sakriven i 758 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, darkojbn, doloress, ILGromovnik, Japidson, LUDI

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by