MyCity » Ambulanta -> Arhiva Ambulante » Tenga.gen (virus)

Tenga.gen (virus)

Napisano na dan: 17.2.2009

Tenga.gen (virus)

Sledeća strana

Pagination

Odgovori

Mare Poslao: 17 Feb 2009 17:16 Idi na vrh
offline Mare Elitni građanin Pridružio: 20 Feb 2005 Poruke: 2342 Gde živiš: Beč / Svilajnac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sam zapatio pa bih vas zamolio za pomoć. ComboFix 09-02-15.01 - Zeljka 2009-02-17 16:55:37.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1023.276 [GMT 1:00] ausgeführt von:: c:\servis (mare)\Skeneri za sistem\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\DAO3032.dll c:\windows\system32\MSJINT35.dll c:\windows\system32\tmp.reg . ((((((((((((((((((((((( Dateien erstellt von 2009-01-17 bis 2009-02-17 )))))))))))))))))))))))))))))) . 2009-02-17 15:52 . 2009-02-17 15:52 268 --ah----- C:\sqmdata10.sqm 2009-02-17 15:52 . 2009-02-17 15:52 244 --ah----- C:\sqmnoopt10.sqm 2009-02-15 20:25 . 2009-02-15 20:25 <DIR> d-------- c:\windows\Logs 2009-02-15 20:25 . 2009-02-15 20:27 <DIR> d-------- c:\windows\LastGood 2009-02-15 20:25 . 2009-02-15 20:25 <DIR> d-------- c:\programme\SiSoftware 2009-02-15 11:08 . 2009-02-15 11:13 <DIR> d-------- c:\programme\uTorrent 2009-02-15 11:08 . 2009-02-15 21:50 <DIR> d-------- c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\uTorrent 2009-02-15 10:32 . 2009-02-15 10:32 <DIR> d-------- c:\programme\Lavalys 2009-01-28 20:56 . 1998-03-11 21:01 291,872 --a------ c:\windows\system32\SSTREE.ocx 2009-01-28 20:56 . 1998-12-03 21:16 262,656 --a------ c:\windows\system32\TX4OLE.OCX 2009-01-28 20:56 . 1998-06-23 20:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX 2009-01-28 20:56 . 1995-07-25 20:00 200,704 --a------ c:\windows\system32\THREED32.ocx 2009-01-28 20:56 . 1998-06-23 20:00 198,456 --a------ c:\windows\system32\MCI32.OCX 2009-01-28 20:56 . 1998-04-23 09:53 148,480 --a------ c:\windows\system32\MHLIST32.ocx 2009-01-28 20:56 . 2000-08-08 08:59 123,224 --a------ c:\windows\system32\SkyLt3Pr.dll 2009-01-28 20:56 . 1996-12-10 20:00 46,080 --a------ c:\windows\system32\MCIWNDX.ocx 2009-01-28 20:56 . 2009-01-28 20:56 19 --a------ c:\windows\GKmensch.ini 2009-01-28 20:18 . 2009-01-28 20:18 <DIR> d-------- c:\programme\ContMedia 2009-01-28 20:18 . 1998-04-23 20:00 1,045,776 --a------ c:\windows\system32\MSJET35.dll 2009-01-28 20:18 . 1997-10-09 20:00 938,256 --a------ c:\windows\system32\MSJT3032.dll 2009-01-28 20:18 . 1999-03-09 14:50 557,328 --a------ c:\windows\system32\DAO360.DLL 2009-01-28 20:18 . 1998-04-23 20:00 407,312 --a------ c:\windows\system32\MSREPL35.dll 2009-01-28 20:18 . 1995-08-14 20:00 302,352 --a------ c:\windows\system32\MSWNG300.dll 2009-01-28 20:18 . 1998-04-23 20:00 252,176 --a------ c:\windows\system32\MSRD2X35.dll 2009-01-28 20:18 . 1997-10-09 20:00 245,520 --a------ c:\windows\system32\MSRD2X32.dll 2009-01-28 20:18 . 1997-10-09 20:00 244,496 --a------ c:\windows\system32\VBAR2232.dll 2009-01-28 20:18 . 1997-10-09 20:00 98,356 --a------ c:\windows\system32\MSJTER32.dll 2009-01-28 20:18 . 1998-06-17 20:00 89,360 --a------ c:\windows\system32\VB5DB.dll 2009-01-28 20:18 . 1998-05-30 20:00 72,704 --a------ c:\windows\system32\ODBCTL32.dll 2009-01-28 20:18 . 1997-10-09 20:00 41,744 --a------ c:\windows\system32\MSJINT32.dll 2009-01-28 20:18 . 1998-04-23 20:00 24,848 --a------ c:\windows\system32\MSJTER35.dll 2009-01-24 08:17 . 2009-01-24 08:17 268 --ah----- C:\sqmdata08.sqm 2009-01-24 08:17 . 2009-01-24 08:17 244 --ah----- C:\sqmnoopt09.sqm 2009-01-24 08:17 . 2009-01-24 08:17 244 --ah----- C:\sqmnoopt08.sqm 2009-01-24 08:17 . 2009-01-24 08:17 232 --ah----- C:\sqmdata09.sqm 2009-01-22 16:47 . 2009-01-22 16:47 <DIR> d-------- c:\programme\Nitro PDF 2009-01-22 16:47 . 2009-01-22 16:47 <DIR> d-------- c:\programme\Gemeinsame Dateien\Nitro PDF 2009-01-22 16:47 . 2009-01-22 16:47 <DIR> d-------- c:\programme\Gemeinsame Dateien\BCL Technologies 2009-01-22 13:59 . 2009-01-22 13:59 268 --ah----- C:\sqmdata07.sqm 2009-01-22 13:59 . 2009-01-22 13:59 244 --ah----- C:\sqmnoopt07.sqm 2009-01-18 18:08 . 2009-01-18 18:08 <DIR> d-------- c:\windows\Downloaded Installations . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-17 15:55 --------- d-----w c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\Azureus 2009-02-17 11:25 --------- d-----w c:\programme\DivX 2009-02-15 20:58 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-02-15 09:35 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-02-14 09:31 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\RFA_Backups 2009-02-14 09:20 --------- d-----w c:\programme\Spybot - Search & Destroy 2009-02-12 06:37 --------- d-----w c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\Media Player Classic 2009-02-08 21:46 --------- d-----w c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\Skype 2009-02-08 17:20 --------- d-----w c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\skypePM 2009-01-28 19:55 --------- d--h--w c:\programme\InstallShield Installation Information 2009-01-28 19:45 --------- d-----w c:\programme\QuickTime Alternative 2009-01-10 11:39 --------- d-----w c:\programme\iauSoft 2009-01-04 08:10 --------- d-----w c:\programme\Vortex Prestige 2009-01-03 10:12 --------- d-----w c:\programme\IrfanView 2008-12-31 17:42 603,904 ----a-w c:\windows\system32\TUProgSt.exe 2008-12-31 17:42 362,240 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-12-31 17:42 --------- d-----w c:\programme\TuneUp Utilities 2009 2008-12-28 07:50 --------- d-----w c:\programme\Gemeinsame Dateien\Logitech 2008-12-28 06:43 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-12-26 17:56 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2008-12-26 17:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2008-12-26 17:40 22,368 ----a-w c:\windows\system32\drivers\ggsemc.sys 2008-12-26 17:40 10,976 ----a-w c:\windows\system32\drivers\ggflt.sys 2008-12-26 17:40 1,107,296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll 2008-12-26 17:40 --------- d-----w c:\programme\Sony Ericsson 2008-12-24 18:22 --------- d-----w c:\programme\CCleaner 2008-12-22 17:44 --------- d-----w c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\Flo & Seb Engineering 2008-12-20 18:55 --------- d-----w c:\programme\SereneScreen 2008-12-20 08:50 --------- d-----w c:\programme\CDBurnerXP 2008-12-19 15:33 --------- d-----w c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\DivX 2008-12-14 07:35 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll 2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll 2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe 2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-08-06 17:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008080620080807\index.dat 2008-08-07 07:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008080720080808\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-14 136600] "srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2007-10-04 35840] "nod32kui"="c:\programme\Eset\nod32kui.exe" [2008-08-08 949376] "VC9Player"="c:\programme\Virtual CD v9\System\VC9Play.exe" [2007-12-03 202048] "Nitro PDF Printer Monitor"="c:\programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-04-04 210224] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\Zeljka\Startmen�\Programme\Autostart\ TClock2.lnk - c:\servis (mare)\Clock (tclock2)\tclock2.exe [2008-08-05 90624] c:\dokumente und einstellungen\Zeljka\Startmen�\Programme\Autostart\ TClock2.lnk - c:\servis (mare)\Clock (tclock2)\tclock2.exe [2008-08-05 90624] c:\dokumente und einstellungen\Zeljka\Startmen�\Programme\Autostart\ TClock2.lnk - c:\servis (mare)\Clock (tclock2)\tclock2.exe [2008-08-05 90624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Vuze\\Azureus.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\uTorrent\\uTorrent.exe"= "c:\\Programme\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"= "c:\\Programme\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-08-08 15424] R1 vdrv9000;vdrv9000;c:\windows\system32\drivers\vdrv9000.sys [2008-08-10 113168] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-11-22 603904] R2 VC9SecS;Virtual CD v9 Management Service;c:\programme\Virtual CD v9\System\vc9secs.exe [2008-08-10 132416] R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2008-08-04 472644] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [2009-02-15 98488] S3 bepldr;BCL easyPDF SDK 5 Loader;c:\programme\Gemeinsame Dateien\BCL Technologies\NitroPDF5\bepldr.exe [2008-02-11 151552] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-26 10976] S3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2008-08-10 11392] --- Andere Dienste/Treiber im Speicher --- NewlyCreated* - SANDRA NewlyCreated - SANDRAAGENTSRV Deregistered - PROCEXP111 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2009-02-17 c:\windows\Tasks\1-Click Maintenance.job - c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28] . . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uStart Page = [Link mogu videti samo ulogovani korisnici] mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll FF - ProfilePath - c:\dokumente und einstellungen\Zeljka\Anwendungsdaten\Mozilla\Firefox\Profiles\o3yuv696.default\ FF - prefs.js: browser.search.selectedEngine - FireSearch FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-02-17 16:56:29 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************ . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="C2AE2D3113A1AF0B06CCFBBBD106E9DB02570888AB094 1FBE920293D25316D59337CB2DC444DE3F7AC8C2D170E7A3AC85F0AE1B55741D79EC6ACAA8C5ABD73ABD21EA584A 85E630C3BFAA5AFE5A9C0E82AE27DF1529AD6A5A91F19B32D8D651CE9D4E42E56352CEE594107BA59ACCEE50695E5C12D 8885D9515483A8D68B20B778C1255ED6D74E8F626B4AEFDFC1C92C4BB8762E69A13F48B5894BE58B48134D AFEFEAA2266F711AE4ECBA8CE2CA2DEB87C5E046002271458063A46AEB77C26EF7CB130B35C64D86269978F EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC 9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794FEBC9E127BECC74CCF50D51 7DB3D0348EF9872200F8AD8A8516D0A985D2C5CD2F278236FF6FA2AF5335DA6F440D69E1152A19E2D55F55B688BEF7F6BAF8FD 4D33BA00044544CF8CF121788D10D0DE06C62EC2A3EBBFC8F806EEF2928B8F7C93754F099533FC0F5E38 4D90929ECFD0FAD4721B703CE9A24884F826355845F7278680A2598676C7FB2A5F5560A507DCFFBAD5E 8F42607F2B6B8E31B10DE370E76A25857EA0BE1A589112AF461BE812B1524432A0D4030E18690AFA387 CEC0D2A303B6C238FF947282CEDBDCF932FF324FDBF24FAA68EDDC51727D1C26877491A4360BF379E 9526FAFE5FCD8D3FDD147BA356AC53 3C20BBF0DB4F9A3EA4A1ED7FF0507102964D1A3FDB11FEC1FEF31470B8C4 B882A71726BB736EB03C1DCB7603D7C5676E59253F49E932654F47B4C920884B29061419502AEC75E1724 F1C15B4EF05FD895762E0CF2074883E9FA6C109322C52FE3E0CA2A7ACD86F3CCD7B2D867F520587990F026F4F8E653AA4163810A6AFFDB0771E38806A110F 16BD9657CE2476BD3F3A79D7A5173CEB138711227FAF21E90525BEDFE5B29BECA2DA5E61C74FC0DFAC6AB44BD66 FBB80BC0BEBA281E55146093F211EED64F825A8F289C98F4403976C6B167A4B9FCEF94F883C9727B812B76ED 43FAA11B2ACCA10680F46299D910242953737ACC6BDA407EB5F8E66EA3C58088654702DA7 BF6267B12E3EFA46C633965477060CD551C0C3B4F14816922CB4D00A608F831CBFE7E0D86650CE8000B27 2A6F7A1DB94598288F8D8BD711CBFCCE428A65B3A423DC8537B7DCB53601F7A069E9FF6F29A29127D5FBA979BC4DA18833D325A599C4BE5B6 CC7C341B4F8979A36619A68E56950B6F258236972067FC943DCBC8D0820596AA13B1441D88291442B6D087CC8A F9FD4D1A602B4E944ED99F2A0596EEA085A4EF28AC67B21E6C207B5FF82331CB366EAB23C63C0 BDD01FED09F33676BF76D4D6DF9433E1AF543E890C489362384AA5442376C65FE887233F9496D91DDD961C32C0C8E9CF7C5252DE2DBBB33EDF1C09C6C63CB" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(716) c:\windows\system32\imon.dll c:\programme\Eset\pr_imon.dll . Zeit der Fertigstellung: 2009-02-17 16:57:51 ComboFix-quarantined-files.txt 2009-02-17 15:57:33 ComboFix2.txt 2008-12-08 07:08:33 Vor Suchlauf: 5,439,168,512 Bytes frei Nach Suchlauf: 5,683,949,568 Bytes frei 226 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08, on 2009-02-17 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\Virtual CD v9\System\vc9secs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\Programme\Eset\nod32kui.exe C:\Programme\Virtual CD v9\System\VC9Play.exe C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Servis (Mare)\Clock (tclock2)\tclock2.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Vuze\Azureus.exe C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Servis (Mare)\Skeneri za sistem\HThis2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]* R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [VC9Player] C:\Programme\Virtual CD v9\System\VC9Play.exe O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: TClock2.lnk = C:\Servis (Mare)\Clock (tclock2)\tclock2.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TClock2.lnk = C:\Servis (Mare)\Clock (tclock2)\tclock2.exe (User 'Default user') O4 - Startup: TClock2.lnk = C:\Servis (Mare)\Clock (tclock2)\tclock2.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Programme\Gemeinsame Dateien\BCL Technologies\NitroPDF5\bepldr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Programme\Virtual CD v9\System\vc9secs.exe -- End of file - 8046 bytes Evo sličnih tema koje sam pronašao na forumu ali mi nisu pomogle da dođem do rešenja Tema 1 Tema 2

Profil

diarno Poslao: 17 Feb 2009 20:12 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kao prvo... nikad se ne oslanjaj na teme u ambulanti... Svaki virus ili druga vrsta malware-a moze imati gomilu svojih modifikovanih verzija i samim tim procedura za njihovo ciscenje nije uvek ista... Ovde treba(lo) samo da postavis HJT log... Combofix se ne navodi u uputstvu za otvaranje ambulante, zar ne ? Uradi sledece : Preuzmi Dr.Web CureIt (~12 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

Mare Poslao: 18 Feb 2009 18:10 Idi na vrh
offline Mare Elitni građanin Pridružio: 20 Feb 2005 Poruke: 2342 Gde živiš: Beč / Svilajnac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! KIPD3LBA.NQF;C:\Programme\ESET\infected;Tool.Prockill;Incurable.Moved.; q2aud02us13.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\ADI SoundMAX audio driver for Windows 2000 and XP (signed);Win32.Gael.3666;Cured.; q3aud03us13.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\ADI SoundMAX audio driver for Windows 2000 and XP (signed)\ADI SoundMAX audio driver wit;Win32.Gael.3666;Cured.; q1vdo30us13.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\ATI Radeon video driver;Win32.Gael.3666;Cured.; q3etn12us13.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\Broadcom Ethernet driver and software;Win32.Gael.3666;Cured.; q1chp01us13.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\Intel chipset software installation (INF) utility;Win32.Gael.3666;Cured.; q2vdo09us13.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\Intel Extreme onboard video driver;Win32.Gael.3666;Cured.; e7az40us.exe;D:\ Mare\ IBM ThinkCentre S51 8172-CTO\NVIDIA video driver;Win32.Gael.3666;Cured.;

Profil

diarno Poslao: 18 Feb 2009 19:27 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje.... ?

Profil

Mare Poslao: 01 Mar 2009 17:01 Idi na vrh
offline Mare Elitni građanin Pridružio: 20 Feb 2005 Poruke: 2342 Gde živiš: Beč / Svilajnac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Primetio sam da se ova gamad aktivira s vremena na vreme. U početku sam mislio da mi je AV poludeo ali je ipak, nisam bio u pravu. Za sada mi komp deluje ok, a ako bude promena, javljam. Zahvaljujem na pomoći. Dopuna: 01 Mar 2009 13:11 Malo pre je Nod32 prijavio oped istu gamad. Uradiću scan sa HiJack-om i Dr.Web-om i okačiti logove. Dopuna: 01 Mar 2009 17:01 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:45, on 2009-03-01 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Canon\IJPLM\IJPLMSVC.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\Virtual CD v9\System\vc9secs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\Programme\Eset\nod32kui.exe C:\Programme\Virtual CD v9\System\VC9Play.exe C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe C:\WINDOWS\StartupMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Servis (Mare)\Clock (tclock2)\tclock2.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Vuze\Azureus.exe C:\Servis (Mare)\Skeneri za sistem\HThis2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [VC9Player] C:\Programme\Virtual CD v9\System\VC9Play.exe O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: TClock2.lnk = C:\Servis (Mare)\Clock (tclock2)\tclock2.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TClock2.lnk = C:\Servis (Mare)\Clock (tclock2)\tclock2.exe (User 'Default user') O4 - Startup: TClock2.lnk = C:\Servis (Mare)\Clock (tclock2)\tclock2.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Programme\Gemeinsame Dateien\BCL Technologies\NitroPDF5\bepldr.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Programme\Virtual CD v9\System\vc9secs.exe -- End of file - 8210 bytes Dr.Web log 4PMJZXBA.NQF C:\Programme\ESET\infected Win32.Gael.3666 Cured. BHI51IDA.NQF C:\Programme\ESET\infected Win32.Gael.3666 Cured. C2WLBBAA.NQF C:\Programme\ESET\infected Win32.Gael.3666 Cured. JHQSBIDB.NQF C:\Programme\ESET\infected Win32.Gael.3666 Cured. LAIOTUBA.NQF C:\Programme\ESET\infected Win32.Gael.3666 Cured.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Tenga.gen (virus)

Ko je trenutno na forumu

Ukupno su 1195 korisnika na forumu :: 112 registrovanih, 9 sakrivenih i 1074 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Ageofloneliness, Aleksej, ALEKSICMILE, ALFASPORTIVO, alternator, annon, aramis s, avijacija, awathorn, babaroga, Bacac, blackjack, boj.an, bojcistv, Boroš, boxbole, brundo65, Chainsaw, d.arsenal321, Dare, DejanSt, dendrit86, Dimitrise93, Dioniss, Djota1, DonRumataEstorski, drgrozozo, eagle.rs, Egzekutor13, elenemste, Flotikius, gasazem, GORDI, gregorxix, Insan, Ivan Campo, ivan1973, janezek67, Jeremiah, JK, jmsk, Jose, Jozo74, Kanader, koliko, Koridor 11, Kubovac, lacko, ljuba, M74AB3, magna86, Manjane, Mare_cepare, Marko Marković, MB120mm, Metanoja, Mi lao shu, Miki01, mikrimaus, milanstankovic087, mile33, milenko crazy north, milimoj, MiloradKomadic, mir, Mićko, Mskok, mux, nedeljkovici, Nemanja.M, nenad81, neutrino, nisamBot, oldtimer, omen, opt1, Pale2025, panzermilan45, Pavle29L, Povratak1912, precan, PrincipL, proka89, promajauglavi, raketaš, Recce, Romibrat, S-lash, SamostalniReferent, saputnik plavetnila, scout81, sombrero, Srna, stalja, Steeeefan, Titan, Tribal, TRZH92, tubular, Tunguska55, Username1000, varda, Velizar Laro, vensla, vladas87, VNVK, voja64, Vzor50, wolverined4, XBMC, yrraf, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by