MyCity » Ambulanta -> Arhiva Ambulante » Virus Win32/Cryptor. Pomozite

Virus Win32/Cryptor. Pomozite

Napisano na dan: 26.8.2011

Virus Win32/Cryptor. Pomozite

Sledeća strana

Pagination

Odgovori

kikssi Poslao: 26 Avg 2011 14:42 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Avg 2011 12:47 Od juče mi računar radi sporo. Sporo prima naredbe,sporo otvara prozore, nekad pojavi i not respond, sporo se i gasi. Sada sam ušla u karantin za viruse i zabeležen je virus Win32/Cryptor, vreme pise 25.08.2011. u 19:49. Da li možete opet da mi pomognete da ga obrišem? Samo njega registruje program, mislim da drugi virus nema ili nisu pronađeni. Pozdrav Kristina Dopuna: 26 Avg 2011 14:42 Zaboravila sam da navedem da imam antivirusni program AVG 2011, ADSL 4mb Windows XP.

Profil

dr_Bora Poslao: 26 Avg 2011 15:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Ako je file u karantinu onda nije aktivan (prebačen je u karantin prilikom uklanjanja sa lokacije na kojoj je bio). Ukoliko smatraš da su opisani problemi prouzrokovani malicioznim programima, isprati ovo uputstvo: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html pa će neko da proveri da li je doista malware u pitanju.

Profil

kikssi Poslao: 26 Avg 2011 15:55 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 26 Avg 2011 15:34 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by kris at 14:51:34 on 2011-08-26 Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.512.107 [GMT 2:00] . AV: AVG Internet Security 2011 Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall Enabled . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Autorun Eater\oldmcdonald.exe C:\Program Files\AVG\AVG10\avgtray.exe svchost.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\Autorun Eater\billy.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Opera\opera.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2953735 uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll uURLSearchHooks: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll TB: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\kris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8CC2F0DC-81BF-46A0-A12B-AD3211653A78} : DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R2 avgfws;AVG zastitni zid;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] S2 gupdate;Google ажурирање услуга (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-23 1025352] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?] S3 gupdatem;Google ажурирање услуга (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176] . =============== Created Last 30 ================ . 2011-08-25 17:49:59 -------- d--h--w- C:\$AVG 2011-08-25 13:45:11 -------- d-----w- c:\documents and settings\kris\application data\AVG 2011-08-25 10:04:07 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2011-08-25 10:03:34 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2011-08-25 10:02:50 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2011-08-25 09:59:55 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-25 09:59:51 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-08-25 09:55:09 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-08-25 09:55:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-08-25 09:55:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-08-25 09:55:07 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-08-25 09:55:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-08-25 09:55:03 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-08-25 09:54:53 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-08-25 09:54:27 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-25 09:54:18 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2011-08-24 15:29:01 -------- d-----w- c:\documents and settings\kris\application data\MCShield 2011-08-24 14:46:17 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2011-08-24 14:46:16 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll 2011-08-24 14:46:14 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll 2011-08-24 14:43:18 966656 ----a-w- c:\program files\msn\msncorefiles\oobe\obemetal.dll 2011-08-24 14:42:50 1327320 ----a-w- c:\program files\msn\msncorefiles\install\msnsusii.exe 2011-08-24 14:40:56 77824 ----a-w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll 2011-08-24 14:40:17 86016 ----a-w- c:\program files\msn\msncorefiles\oobe\obepopc.dll 2011-08-24 14:39:29 229376 ----a-w- c:\program files\msn\msncorefiles\oobe\obelog.dll 2011-08-24 14:37:17 11053008 ----a-w- c:\program files\msn\msncorefiles\install\msn9components\Msncli.exe 2011-08-24 14:36:01 884712 ----a-w- c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe 2011-08-24 14:29:59 22271 ------w- c:\windows\system32\drivers\watv06nt.sys 2011-08-24 14:29:59 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys 2011-08-24 14:29:56 25471 ------w- c:\windows\system32\drivers\watv10nt.sys 2011-08-24 14:26:23 19569 ----a-w- c:\windows\003034_.tmp 2011-08-24 14:25:24 -------- d-----w- c:\documents and settings\kris\local settings\application data\Apple Computer 2011-08-24 13:00:36 -------- d-----w- c:\windows\system32\XPSViewer 2011-08-24 12:59:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-08-24 12:59:30 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-08-24 12:59:30 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-08-24 12:59:30 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-08-24 12:59:30 117760 ------w- c:\windows\system32\prntvpt.dll 2011-08-24 12:59:29 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-08-24 12:59:29 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-08-24 12:59:29 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2011-08-24 12:59:29 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-08-24 12:53:29 -------- d-----w- c:\program files\MSXML 6.0 2011-08-24 12:32:11 -------- d-sh--w- c:\documents and settings\kris\IETldCache 2011-08-24 12:28:33 -------- d-----w- c:\windows\ie8updates 2011-08-24 12:24:03 -------- dc-h--w- c:\windows\ie8 2011-08-23 16:52:10 -------- d-----w- c:\documents and settings\kris\local settings\application data\PCHealth 2011-08-23 13:33:19 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar 2011-08-23 13:29:14 -------- d-----w- c:\windows\system32\drivers\AVG 2011-08-23 13:29:14 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-08-23 08:00:28 -------- d-----w- c:\program files\AVG 2011-08-23 01:13:27 -------- d-----w- c:\documents and settings\kris\application data\Malwarebytes 2011-08-23 01:13:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-08-22 23:27:30 -------- d-----w- c:\program files\Conduit 2011-08-22 23:27:28 -------- d-----w- c:\documents and settings\kris\local settings\application data\CyberDefender-TB 2011-08-22 23:27:27 -------- d-----w- c:\documents and settings\kris\local settings\application data\Temp 2011-08-22 23:27:27 -------- d-----w- c:\documents and settings\kris\local settings\application data\Conduit 2011-08-22 23:27:25 -------- d-----w- c:\program files\CyberDefender-TB 2011-08-22 23:26:38 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys 2011-08-22 11:24:16 -------- d-----w- c:\windows\ServicePackFiles 2011-08-22 11:22:18 -------- d-----w- c:\program files\MSXML 4.0 2011-08-22 07:32:58 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-08-22 07:32:19 357888 -c----w- c:\windows\system32\dllcache\srv.sys 2011-08-22 07:31:24 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-08-22 07:31:17 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2011-08-22 07:30:51 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2011-08-22 07:26:30 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2011-08-22 07:19:45 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2011-08-22 07:18:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-08-22 07:18:06 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2011-08-22 07:10:42 -------- d-----w- c:\windows\system32\PreInstall 2011-08-22 07:10:41 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-08-22 07:10:39 -------- d--h--w- c:\windows\$hf_mig$ 2011-08-21 19:31:14 -------- d-sha-r- C:\cmdcons 2011-08-17 18:57:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-17 18:53:31 -------- d-----w- c:\documents and settings\kris\local settings\application data\Google 2011-08-17 18:37:22 -------- d-----w- c:\documents and settings\all users\application data\Autorun Eater 2011-08-17 18:37:13 -------- d-----w- c:\program files\Autorun Eater 2011-08-17 18:22:00 -------- d-----w- c:\program files\CCleaner 2011-08-17 18:12:46 -------- d-----w- c:\documents and settings\kris\local settings\application data\Opera 2011-08-17 18:10:53 -------- d-----w- c:\windows\system32\SoftwareDistribution . ==================== Find3M ==================== . 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 14:53:31,87 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 26 Avg 2011 15:35 ovo sam stavila prateći uputstvo kako otvoriti temu. Dopuna: 26 Avg 2011 15:55 skenirala sam računar Mallwarebytes Anti-Malware programom ful skan,nema nijedan virus.

Profil

dr_Bora Poslao: 26 Avg 2011 20:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda čisto. Vezano za brzinu rada: deinstaliraj nepotrebne programe i sa sistemske particije ( C: disk ) skloni sve što tamo ne mora da bude (muzika, filmovi, itd), obriši privremene file-ove (dole je uputstvo) i defragmentuj disk. Takođe, moguće je da AVG nije baš najoptimalniji izbor za tvoj kompjuter - probaj da ga deinstaliraš i zameniš nekim drugim antivirusom (probaš npr. avast!). Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. Ukoliko ništa od navedenoga ne pomogne ili imaš kakvih dodatnih pitanja, otvori temu u Windows forumu i tamo potraži savete.

Profil

kikssi Poslao: 26 Avg 2011 22:31 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala vam na strpljenju i savetu. Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus Win32/Cryptor. Pomozite

Ko je trenutno na forumu

Ukupno su 885 korisnika na forumu :: 11 registrovanih, 1 sakriven i 873 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: airsuba, bokisha253, brundo65, Dannyboy, havoc995, Rogan33, saputnik plavetnila, Vlad000, voja64, wolverined4, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by