Možda tražite i:
Nemogucnost uklanjanja virusa i crash mozile!
Komp zablokirao/izgleda od virusa
Komp pun virusa

MyCity » Ambulanta -> Arhiva Ambulante » Pomozite mi oko uklanjanja virusa sa kompa

Pomozite mi oko uklanjanja virusa sa kompa

Napisano na dan: 6.9.2008

Strana:
1
2

Pomozite mi oko uklanjanja virusa sa kompa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Djavolchich Poslao: 06 Sep 2008 12:21 Idi na vrh
offline Djavolchich Novi MyCity građanin Pridružio: 07 Jul 2008 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo. Igleda da mi je uslo nekoliko virusa u komp u roku od par dana. Jedan preko mreze (sa drugog kompa u kuci), drugi preko usb-a, nije pomoglo zaustavljanje auto run-a. Nod 32 ih samo stavi u karantin, i to je sve. Bila bih vam zahvalna kada biste mi pomogli da ih se recim. Unapred zahvalna, Nevena. PS Raspolazem internet konekcijom 512 kbps... Evo log file-a... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:22 PM, on 9/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Nevena\Desktop\Ciscenje\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - [Link mogu videti samo ulogovani korisnici]\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{731306EC-0D44-4FFE-8B0A-825604B2F6EF}: NameServer = 80.93.224.1,80.93.224.2 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 8582 bytes

Profil

dr_Bora Poslao: 06 Sep 2008 13:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... U logu nema tragova malware-a, no izvršićemo još jednu proveru. Privremeno treba isključiti zaštitni softver... TeaTimer: 1. Pokrenite Spybot S&D 2. Kliknite Mode stavku u meniju 3. Odaberite Advance Mode 4. Na traci levo kliknite na Tools 5. Kliknite na Resident 6. Destiklirajte Resident Tea-Timer 7. Zatvorite Spybot S&D 8. Restartujte kompjuter. - Zatim skinuti file sa ovog linka na Desktop. - Pokrenuti file dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Djavolchich Poslao: 06 Sep 2008 13:59 Idi na vrh
offline Djavolchich Novi MyCity građanin Pridružio: 07 Jul 2008 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga... ComboFix 08-09-05.02 - Nevena 2008-09-06 13:51:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1442 [GMT 2:00] Running from: C:\Documents and Settings\Nevena\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Nevena\Favorites\Download programs.url C:\Documents and Settings\Nevena\Favorites\Games.url C:\Documents and Settings\Nevena\Favorites\Translator.url C:\Documents and Settings\Nevena\Favorites\Videos.url C:\Documents and Settings\Nevena\Local Settings\Temporary Internet Files\SuggestedSites.dat C:\Documents and Settings\Nevena\Start Menu\Programs\Download programs.url C:\Documents and Settings\Nevena\Start Menu\Programs\Games.url C:\Documents and Settings\Nevena\Start Menu\Programs\Translator.url C:\Documents and Settings\Nevena\Start Menu\Programs\Videos.url . ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))) . 2008-09-06 01:53 . 2008-09-06 11:58 147 --a------ C:\WINDOWS\fcp5.cfg 2008-09-06 01:52 . 2008-09-06 01:52 <DIR> d-------- C:\Program Files\High-Logic 2008-09-06 01:52 . 2008-09-06 01:53 <DIR> d-------- C:\Documents and Settings\Nevena\Application Data\FontCreator 2008-09-02 21:36 . 2008-09-02 21:36 <DIR> d-------- C:\Documents and Settings\Nevena\Application Data\PCF-VLC 2008-08-29 04:45 . 2008-08-29 04:45 <DIR> d-------- C:\Documents and Settings\Nevena\Application Data\Participatory Culture Foundation 2008-08-29 04:44 . 2008-08-29 04:44 <DIR> d-------- C:\Program Files\Participatory Culture Foundation 2008-08-29 04:07 . 2008-08-29 04:07 <DIR> d--hs---- C:\Documents and Settings\Nevena\PrivacIE 2008-08-29 03:50 . 2008-08-29 03:51 <DIR> d--h-c--- C:\WINDOWS\ie8 2008-08-29 03:45 . 2008-08-29 03:45 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-08-29 03:45 . 2008-08-29 03:45 298,104 --a------ C:\WINDOWS\system32\imon.dll 2008-08-29 03:45 . 2008-08-29 03:45 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2008-08-29 03:11 . 2008-08-29 03:12 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-29 03:11 . 2008-08-29 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-08-29 03:04 . 2008-08-29 03:04 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-29 03:04 . 2008-08-29 03:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-08-29 03:03 . 2008-08-29 03:03 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll 2008-08-19 20:01 . 2008-08-19 20:54 <DIR> d-------- C:\Bogdan bzw 2008-08-19 18:30 . 2008-08-19 18:30 <DIR> d-------- C:\Program Files\Babylon 2008-08-19 18:30 . 2008-09-02 20:08 <DIR> d-------- C:\Documents and Settings\Nevena\Application Data\Babylon 2008-08-19 18:30 . 2008-09-02 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2008-08-19 12:11 . 2008-08-24 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-19 12:11 . 2008-08-19 12:11 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-19 01:06 . 2008-08-19 01:06 <DIR> d-------- C:\Program Files\Another Day 2008-08-12 03:01 . 2008-08-12 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-12 03:01 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-11 21:15 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-11 21:15 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-11 21:15 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-11 21:15 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-11 21:15 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-11 21:15 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-11 21:14 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-08-11 21:14 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-08-10 14:59 . 2008-08-10 18:44 3,783 --a------ C:\WINDOWS\MDVDP.Ini 2008-08-10 03:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-10 03:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-08-10 03:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 11:46 --------- d-----w C:\Program Files\Winamp Remote 2008-08-29 03:43 --------- d-----w C:\Program Files\ESET 2008-08-29 01:11 --------- d-----w C:\Program Files\Real 2008-08-29 01:11 --------- d-----w C:\Program Files\Common Files\Real 2008-08-29 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-29 01:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll 2008-08-22 01:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll 2008-08-22 01:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll 2008-08-22 01:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-08-14 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-11 19:15 --------- d-----w C:\Program Files\Nokia 2008-08-11 19:13 --------- d-----w C:\Program Files\Common Files\Nokia 2008-08-11 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-08-08 00:03 --------- d-----w C:\Documents and Settings\Nevena\Application Data\Nokia Multimedia Player 2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll 2008-08-03 20:00 --------- d-----w C:\Program Files\Decoshow 2008-07-27 20:04 --------- d-----w C:\Program Files\Google 2008-07-27 17:41 --------- d-----w C:\Program Files\EyesRelax 2008-07-26 01:50 --------- d-----w C:\Program Files\Java 2008-07-25 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-25 20:17 --------- d-----w C:\Program Files\Microsoft LifeCam 2008-07-25 20:10 --------- d-----w C:\Program Files\Windows Live 2008-07-25 20:09 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-07-25 20:08 --------- d-----w C:\Program Files\Windows Live Favorites 2008-07-25 20:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-24 08:21 --------- d-----w C:\Documents and Settings\Nevena\Application Data\uTorrent 2008-07-21 17:18 --------- d-----w C:\Program Files\Picture Merge Genius 2008-07-21 16:09 --------- d-----w C:\Program Files\PearlMountain Soft 2008-07-21 16:09 --------- d-----w C:\Program Files\Common Files\Bcgsoft 2008-07-21 16:07 --------- d-----w C:\Program Files\Photo Collage Maker 2008-07-21 16:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-21 16:02 --------- d-----w C:\Program Files\Wedding Album Maker Gold 2008-07-21 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Anvsoft 2008-07-21 15:31 --------- d-----w C:\Program Files\iFoxSoft 2008-07-21 15:11 --------- d-----w C:\Program Files\FlashGet 2008-07-21 15:10 --------- d-----w C:\Program Files\Auto Collage Studio 2008-07-12 00:04 --------- d-----w C:\Documents and Settings\Nevena\Application Data\Nokia 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-12 09:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe 2008-06-12 09:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll 2008-06-12 09:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll 2008-06-12 09:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll 2008-03-06 03:27 56 --sh--r C:\WINDOWS\system32\B2CE2D78DD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 507904] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 413696] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-08-29 949376] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] C:\Documents and Settings\Nevena\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-06 113664] OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-04-10 581632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL "VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll "VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll "msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm "msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm "VIDC.ACDV"= ACDV.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.AP41"= APmpg4v1.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-06-28 18:43 8466432 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-28 18:43 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2005-12-08 14:55 3096576 C:\Program Files\Yahoo!\Messenger\YPager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-TkBellExe - C:\Program Files\K-Lite Codec Pack\Real\Update_OB\evntsvc.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nevena\Application Data\Mozilla\Firefox\Profiles\yx0afgqr.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici] FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici] FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-06 13:53:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-06 13:54:16 ComboFix-quarantined-files.txt 2008-09-06 11:53:57 ComboFix2.txt 2008-07-27 15:04:21 Pre-Run: 32,708,538,368 bytes free Post-Run: 35,142,144,000 bytes free 230 --- E O F --- 2008-08-30 01:06:23

Profil

dr_Bora Poslao: 06 Sep 2008 14:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj sledeći file na proveru: C:\WINDOWS\system32\PrivacIE.dll korišćenjem ove forme: [Link mogu videti samo ulogovani korisnici]

Profil

Djavolchich Poslao: 06 Sep 2008 14:29 Idi na vrh
offline Djavolchich Novi MyCity građanin Pridružio: 07 Jul 2008 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovala sam...

Profil

dr_Bora Poslao: 06 Sep 2008 14:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Ovde nema aktivnog malware-a. Hajde da proverimo taj USB drive (ne izgleda kao da je ovde došlo do infekcije putem USB-a). Skini sledeci program - [Link mogu videti samo ulogovani korisnici] - startuj ga i odaberi opciju Auto block - ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi) - program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu) - gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick - dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa - ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni - zapamti kojim redom su ubacivani stickovi Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen. Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log. Automatski ce se otvoriti Notepad i u njemu izvestaj. Iskopiraj mi taj izvestaj ovde na forum.

Profil

Djavolchich Poslao: 06 Sep 2008 15:05 Idi na vrh
offline Djavolchich Novi MyCity građanin Pridružio: 07 Jul 2008 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga... USB_blocker by bobby Started at 9/6/2008 2:51:13 PM Scanning for connected USB Mass storage... ======================================== ======================================== Scanning for other storage... ======================================== D: b18dc4ef-ec03-11dc-88d2-001d7daaf5db E: b18dc4f1-ec03-11dc-88d2-001d7daaf5db C: dd16c853-eb12-11dc-8315-806d6172696f ======================================== New device connected at 9/6/2008 2:51:29 PM Scanning for connected USB Mass storage... ======================================== G: 9d40cd1d-ed49-11dc-8c3f-001d7daaf5db ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: 9d40cd1d-ed49-11dc-8c3f-001d7daaf5db ======================================== New device connected at 9/6/2008 2:53:09 PM Scanning for connected USB Mass storage... ======================================== ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... ======================================== Prvi je USB 4GB Drugi Mp3 player Treci Nokia (symbian) Prvi sam lepo zatvorila duplim klikom, a drugi i treci nije ni nudio particiju, bio je prazan prozorcic, pa sam ih iskljucila na onu ikonicu kod sata....

Profil

dr_Bora Poslao: 06 Sep 2008 15:52 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kao što rekoh, čist PC (kao i USB drive-ovi). Preostaje da odradiš sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

Djavolchich Poslao: 06 Sep 2008 16:01 Idi na vrh
offline Djavolchich Novi MyCity građanin Pridružio: 07 Jul 2008 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Dobro, zavrsicu to... Samo bih htela da pogledas sta je to ustvari bilo, i da li ga je nod ustvari ocistio... dodala sam screen shoot... [Link mogu videti samo ulogovani korisnici] [/img]

Profil

dr_Bora Poslao: 06 Sep 2008 16:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jeste, obrisano je (kad kaže da je nešto prebacio u karantin, to znači da je file uklonjen).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomozite mi oko uklanjanja virusa sa kompa

Ko je trenutno na forumu

Ukupno su 870 korisnika na forumu :: 43 registrovanih, 0 sakrivenih i 827 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, Adaminho1985, Asprilja, bigfoot, bokisha253, Boris90, Clouseau, DalmatinacMF, Django777, Dovla 1980, Georgius, iceburn, Insan, IvanMiletic, jalos, Jozo74, Kobrim, Lazarus, lcc, m0nstrum_, Marko Marković, mayorlany, milojkovstojko, MiroslavD, nesa1962, Nikolaa11, opt1, pein, Pekman, PrincipL, Romibrat, Rusmir, sabros, sekretar, shone34, stegonosa, Stija zmija, vensla, vukan0799, xanadu, yiyi, zastavnik, Zec

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by