MyCity » Ambulanta -> Arhiva Ambulante » Virusi - Pomozite još večeras, ako možete

Virusi - Pomozite još večeras, ako možete

Napisano na dan: 26.3.2010

Virusi - Pomozite još večeras, ako možete

Sledeća strana

Pagination

Odgovori

draganela Poslao: 26 Mar 2010 00:33 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 26 Mar 2010 0:28 Imam problema sa virusima, jedva sam se konektovao na net, a sutra mi je potreban laptop, ako neko može da mi pomogne što pre bio bih zahvalan. Nod mi javlja da je pronašao virus na C:/Windows/system32/wmimgr32dll win32/sality.NAF virus Comment: Event occurred during an attemp to run the file by the aplication: C:/Program Files/ MP4 Player/mp4Player.exe i još jedan virus u Documents&Setings Win32/Sality.NAE virus Kad upalim komp piše mi i da nedostaje komponenta framedyn.dll Komp je usporen, a izgleda da mi je pao i NOD. Sad ću okačiti ovo ostalo šta treba. Dopuna: 26 Mar 2010 0:33 DDS (Ver_10-03-17.01) - NTFSx86 Run by Sandra at 0:19:36,26 on pon 01.01.2001 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.480 [GMT 1:00] AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MP4 Player\mp4Player.exe C:\WINDOWS\winsa.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\mts mobilni internet\mts mobilni internet.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mWinlogon: Taskman=c:\documents and settings\sandra\application data\utlro.exe uWinlogon: Shell=c:\windows\system32\nss.exe,c:\documents and settings\sandra\application data\oula.exe,c:\documents and settings\sandra\application data\utlro.exe,c:\documents and settings\sandra\application data\mepg.exe,explorer.exe,c:\documents and settings\sandra\csrss.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh\iMeshIEHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: iMesh MediaBar: {b7d3e479-cc68-42b5-a338-938ece35f419} - c:\program files\imesh applications\imesh mediabar\iMeshMediaBar.dll TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [bind] c:\docume~1\sandra\locals~1\temp\mosc.exe mRun: [person] c:\windows\system32\into.exe mRun: [eng] c:\windows\system32\nss.exe mRun: [persons] c:\windows\system32\mine.exe mRun: [WINDOWS UPDATE] winsa.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {260D4581-E819-4305-B0FB-672FE8DA593E} = 195.178.38.3 195.178.38.8 TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll uASetup: {4175C5F3-D47F-143B-DD4D-E67A0EB4E773} - "c:\documents and settings\sandra\application data\winnt\winlogon.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sandra\applic~1\mozilla\firefox\profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.uns.ac.rs FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\sandra\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-1-1 100480] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 30192] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-2-26 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-2-26 476160] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\sandra\desktop\temeratura\WinRing0.sys [2009-9-17 14416] =============== Created Last 30 ================ 2010-03-05 18:53:55 140096 ----a-w- c:\windows\system32\comdlg32.ocx 2010-03-05 18:53:45 0 d-----w- c:\program files\Microsoft 2010-03-05 18:40:32 107008 --sh--r- c:\documents and settings\sandra\csrss.exe 2010-03-05 18:36:46 0 d-----w- c:\windows\system32\appmgmt 2010-03-05 18:25:43 0 d-sh--r- c:\windows\CIDD_P 2010-03-05 18:04:55 184320 --sh--r- c:\windows\winsa.exe 2010-03-05 18:04:13 184320 ----a-w- c:\windows\system32\mine.exe 2010-03-05 18:01:33 239104 --sh--r- c:\windows\system32\NSS.EXE 2010-03-05 18:01:33 218624 --sh--r- c:\docume~1\sandra\applic~1\mepg.exe 2010-03-05 17:59:55 245760 --sh--r- c:\docume~1\sandra\applic~1\utlro.exe 2010-03-05 17:59:53 219648 --sh--r- c:\docume~1\sandra\applic~1\oula.exe 2010-03-05 17:59:41 0 ----a-w- c:\documents and settings\sandra\Desktop.ini 2010-03-05 17:59:38 245760 --sha-r- c:\windows\system32\INTO.EXE 2010-03-05 17:51:01 0 d-----w- c:\docume~1\alluse~1\applic~1\11A5 2010-02-22 21:25:30 0 d-----w- C:\USBNoRisk 2010-02-16 13:17:36 0 d-----w- c:\docume~1\sandra\applic~1\Facebook 2010-02-05 14:59:11 0 d-----w- c:\program files\Winamp Detect 2010-02-03 17:18:02 0 d-----w- c:\program files\MSECache 2010-01-23 11:30:19 0 d-----w- c:\program files\MP4 Player 2010-01-18 17:15:53 0 d-----w- c:\program files\YouTube Downloader 2010-01-17 18:21:37 0 d-----w- c:\program files\Recnik20 2010-01-14 13:08:01 0 d-----w- C:\ALEKSA 2010-01-12 15:09:58 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-01-12 15:09:57 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-01 21:19:34 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2010-01-01 21:19:34 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2010-01-01 21:19:33 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2010-01-01 21:19:33 100480 ----a-w- c:\windows\system32\drivers\ewusbdev.sys 2010-01-01 21:18:57 0 d-----w- c:\program files\mts mobilni internet 2009-12-27 14:20:50 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys 2009-12-27 14:20:50 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys 2009-12-27 14:20:50 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys 2009-12-27 14:20:37 0 d-----w- c:\program files\MODEM Mobile Connection 2009-12-20 18:56:10 0 d-----w- c:\windows\system32\SupportAppXL 2009-12-16 18:21:20 0 d-----w- C:\Lud- zbunjen-normalan 2009-12-09 17:31:22 0 d-----w- c:\docume~1\alluse~1\applic~1\PEERNET 2009-12-09 17:31:18 0 d-----w- c:\docume~1\sandra\applic~1\PEERNET 2009-12-09 17:11:21 0 d-----w- c:\program files\PdfSvg 2009-12-09 16:42:46 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2009-12-09 16:42:22 0 d-----w- c:\program files\ImageConverter Plus 2009-12-06 22:48:39 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX 2009-11-22 16:23:25 0 d-----w- C:\10005521 2009-11-22 16:20:37 0 d-----w- C:\New Folder 2009-10-22 14:17:29 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-10-22 14:17:13 0 d-----w- c:\windows\Logs 2009-10-22 14:17:12 0 d-----w- c:\windows\system32\temp 2009-10-22 14:17:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PassMark 2009-10-22 14:17:02 0 d-----w- c:\program files\BurnInTest 2009-09-21 11:56:04 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-09-21 11:56:04 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-09-21 11:55:53 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-09-21 11:55:53 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-09-17 14:10:05 0 d-----w- c:\program files\Lavalys 2009-07-15 14:36:49 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys 2009-07-15 14:36:49 57344 ----a-w- c:\windows\system32\ImageDrive.cpl 2009-07-15 14:36:39 38912 ----a-w- c:\windows\system32\picn20.dll 2009-07-15 14:36:38 569344 ----a-w- c:\windows\system32\imagr5.dll 2009-07-15 14:36:38 544768 ----a-w- c:\windows\system32\imagx5.dll 2009-07-15 14:36:38 283920 ----a-w- c:\windows\system32\ImagXpr5.dll 2009-07-15 14:36:38 176128 ----a-w- c:\windows\system32\NEROCHECK.EXE 2009-07-15 14:28:07 0 d-----w- c:\program files\Webteh 2009-07-15 13:06:45 0 d-----w- c:\program files\Power off 2009-07-15 13:06:35 0 d-----w- c:\program files\PDF Creator 2009-07-15 13:06:30 0 d-----w- c:\program files\NODpravi 2009-07-15 13:06:24 0 d-----w- c:\program files\Nero Burning Rom 6.0.0.11 2009-07-15 13:05:40 0 d-----w- c:\program files\BSplayer 2009-07-15 13:05:23 0 d-----w- c:\program files\BS.Player ControlBar 2009-07-12 17:01:51 0 d-----w- c:\docume~1\alluse~1\applic~1\33203 2009-06-28 15:34:02 0 d-----w- c:\program files\ESET 2009-06-28 15:04:02 0 d-s---w- C:\ComboFix 2009-06-28 13:41:40 0 d-sha-r- C:\cmdcons 2009-06-28 13:18:14 0 dc----w- c:\windows\system32\dllcache\cache 2009-06-27 15:42:01 0 d-----w- c:\documents and settings\sandra\DoctorWeb 2009-06-25 21:36:27 2 ----a-w- c:\windows\010112010146118114.dat 2009-05-18 08:30:11 0 ----a-w- C:\testwma.raw 2009-05-17 10:50:40 0 d-sh--r- C:\Win 2009-05-15 18:30:26 483328 ----a-w- c:\windows\system32\actskn45.ocx 2009-05-15 18:30:23 0 d-----w- c:\program files\iMesh Applications 2009-05-03 10:52:11 0 d-----w- c:\program files\Easy MP3 Cutter 2009-05-01 18:30:36 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-03-24 13:56:03 7680 --sha-w- c:\windows\Thumbs.db 2009-03-23 21:50:17 32 ----a-w- c:\docume~1\alluse~1\applic~1\ezsid.dat 2009-03-07 16:28:04 38 ----a-w- c:\windows\avisplitter.INI 2009-02-26 21:55:52 73728 ----a-w- c:\windows\system32\exvmuvc.ax 2009-02-26 21:55:51 98304 ----a-w- c:\windows\system32\VMCtrl.ax 2009-02-26 21:55:51 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll 2009-02-26 21:55:51 516096 ----a-w- c:\windows\system32\VMUVC.ax 2009-02-26 21:55:51 476160 ----a-w- c:\windows\system32\drivers\vvftUVC.sys 2009-02-26 21:55:51 250240 ----a-w- c:\windows\system32\drivers\VMUVC.sys 2009-02-26 21:55:51 188416 ----a-w- c:\windows\system32\vvftUVC.ax 2009-02-26 21:55:51 11776 ----a-w- c:\windows\system32\VMUVC.dll 2009-02-26 21:55:21 0 d-----w- c:\program files\Vimicro Corporation 2009-02-26 18:55:12 0 d-----w- c:\windows\VMUVC 2009-02-26 18:55:04 0 d-----w- c:\windows\system32\ReinstallBackups 2009-02-26 18:51:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-02-26 18:42:39 0 d-----r- c:\program files\Skype 2009-02-26 18:23:02 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2009-02-26 18:23:02 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-02-25 16:57:17 3248 ----a-w- c:\windows\system32\wbem\Outlook_01c9976a1dc1c0e4.mof 2009-02-23 15:33:36 0 d-----w- c:\program files\common files\ODBC 2009-02-23 15:33:32 0 d-----w- c:\program files\common files\SpeechEngines 2009-02-23 15:33:05 0 d-----r- c:\documents and settings\all users\Documents 2009-02-23 15:28:18 0 d-----w- c:\program files\PC Wizard 2008 2009-02-23 15:25:25 0 d-----w- c:\program files\Microsoft ActiveSync 2009-02-23 15:21:57 0 d-----w- c:\program files\common files\CyberLink 2009-02-23 15:17:57 0 d-----w- c:\program files\CCleaner 2009-02-23 15:17:26 0 d-----w- c:\program files\Mv2Player 2009-02-23 15:16:17 0 d-----w- c:\docume~1\sandra\applic~1\Ashampoo 2009-02-23 15:15:54 0 d-----w- c:\docume~1\alluse~1\applic~1\ashampoo 2009-02-23 15:15:37 0 d-----w- c:\program files\Ashampoo 2009-02-23 15:14:31 0 d-----w- c:\program files\K-Lite Codec Pack 2009-02-23 14:45:55 0 d-sh--w- c:\documents and settings\all users\DRM 2009-02-23 14:45:38 0 d--h--w- c:\program files\WindowsUpdate 2009-02-23 14:45:22 0 d-----w- c:\program files\Windows Media Connect 2 2009-02-23 14:44:34 0 d-----w- c:\program files\common files\MSSoap 2009-02-23 14:42:37 0 d-----w- c:\program files\Online Services 2009-02-23 14:42:29 0 d-----w- c:\program files\Messenger 2009-02-23 14:42:24 0 d-----w- c:\program files\MSN Gaming Zone 2009-02-23 14:41:41 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2009-02-23 15:31:02 4096 ----a-w- c:\windows\d3dx.dat 2009-02-23 15:20:59 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-02-23 15:20:59 353576 ----a-w- c:\windows\system32\msvcr71.dll 2009-02-23 15:20:59 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-02-23 14:43:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2008-11-20 19:19:06 43872 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2008-08-24 02:33:46 3127 ----a-w- c:\windows\system32\presetup.cmd 2008-08-24 02:33:46 28672 ----a-w- c:\windows\system32\setupold.exe 2008-08-24 01:23:57 96792 ----a-w- c:\windows\system32\basecsp.dll 2008-07-04 03:18:16 84480 ----a-w- c:\windows\system32\pintool.exe 2008-07-04 03:18:16 133120 ----a-w- c:\windows\system32\axaltocm.dll 2008-07-04 03:18:15 25600 ----a-w- c:\windows\system32\bcsprsrc.dll 2008-07-04 03:18:15 151552 ----a-w- c:\windows\system32\ifxcardm.dll 2008-06-25 17:19:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2008-06-25 17:19:00 155648 ----a-w- c:\windows\system32\wscript.exe 2008-06-25 17:18:58 90112 ----a-w- c:\windows\system32\wshext.dll 2008-06-25 17:18:58 180224 ----a-w- c:\windows\system32\scrobj.dll 2008-06-25 17:18:58 172032 ----a-w- c:\windows\system32\scrrun.dll 2008-06-25 17:18:58 135168 ----a-w- c:\windows\system32\cscript.exe 2008-06-22 14:14:40 36864 ----a-w- c:\windows\system32\qfecheck.exe 2008-06-20 17:43:05 245248 ----a-w- c:\windows\system32\mswsock.dll 2008-06-20 11:59:02 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2008-06-20 11:48:03 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2008-06-20 11:16:44 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2008-06-16 14:15:01 383488 ----a-w- c:\windows\system32\wzcdlg.dll 2008-06-13 11:27:44 272128 ----a-w- c:\windows\system32\drivers\bthport.sys 2008-06-13 11:03:52 215552 ----a-w- c:\windows\system32\osk.exe 2008-06-06 11:10:04 195456 ----a-w- c:\windows\system32\drivers\rdpdr.sys 2008-06-05 13:53:44 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll 2008-06-05 13:53:42 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll 2008-06-05 13:53:41 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll 2008-06-05 13:53:41 507400 ----a-w- c:\windows\system32\XAudio2_1.dll 2008-06-05 13:53:41 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll 2008-06-05 13:53:41 238088 ----a-w- c:\windows\system32\xactengine3_1.dll 2008-06-05 13:53:40 467984 ----a-w- c:\windows\system32\d3dx10_38.dll 2008-06-05 13:50:59 299520 ----a-w- c:\windows\system32\kerberos.dll 2008-05-30 23:22:46 683520 ----a-w- c:\windows\system32\divx.dll 2008-05-30 11:42:06 1846016 ----a-w- c:\windows\system32\win32k.sys 2008-05-29 12:04:44 62848 ----a-w- c:\windows\system32\drivers\rspndr.sys 2008-05-29 12:04:42 10752 ----a-w- c:\windows\system32\rspndr.exe 2008-05-29 09:16:52 633344 ----a-w- c:\windows\system32\gpprefcl.dll 2008-05-27 17:29:24 285696 ----a-w- c:\windows\system32\atmfd.dll 2008-05-22 22:22:18 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2008-05-22 22:19:46 81920 ----a-w- c:\windows\system32\dpl100.dll 2008-05-19 04:33:20 4445184 ----a-w- c:\windows\system32\msi.dll 2008-05-19 04:33:20 332800 ----a-w- c:\windows\system32\msihnd.dll 2008-05-19 04:33:20 18944 ----a-w- c:\windows\system32\msisip.dll 2008-05-18 23:57:42 95744 ----a-w- c:\windows\system32\msiexec.exe 2008-05-15 15:39:22 343552 ----a-w- c:\windows\system32\localspl.dll 2008-05-15 15:28:14 985088 ----a-w- c:\windows\system32\setupapi.dll 2008-05-13 13:53:40 1689088 ----a-w- c:\windows\system32\d3d9.dll 2008-05-08 13:58:18 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys 2008-05-08 06:18:31 102400 ----a-w- c:\windows\system32\cscdll.dll 2008-05-07 11:49:02 455552 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-05-07 11:12:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2008-05-07 05:04:16 1288192 ----a-w- c:\windows\system32\quartz.dll 2008-05-05 11:06:02 132608 ----a-w- c:\windows\system32\msv1_0.dll 2008-05-05 09:16:22 706048 ----a-w- c:\windows\system32\ntdll.dll 2008-05-03 11:57:06 52736 ----a-w- c:\windows\system32\w32tm.exe 2008-05-02 13:25:20 465920 ----a-w- c:\windows\system32\imapi2fs.dll 2008-05-02 13:25:20 317952 ----a-w- c:\windows\system32\imapi2.dll 2008-05-02 10:49:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2008-05-01 09:48:24 1358336 ----a-w- c:\windows\system32\wbem\cimwin32.dll 2008-04-28 14:07:46 344064 ----a-w- c:\windows\system32\hnetcfg.dll 2008-04-28 14:07:46 330752 ----a-w- c:\windows\system32\ipnathlp.dll 2008-04-28 14:05:24 134144 ----a-w- c:\windows\system32\wkssvc.dll 2008-04-28 13:58:06 347136 ----a-w- c:\windows\system32\windowscodecsext.dll 2008-04-28 11:58:36 105344 ----a-w- c:\windows\system32\drivers\mup.sys 2008-04-25 11:36:54 91776 ----a-w- c:\windows\system32\drivers\ndiswan.sys 2008-04-25 11:36:52 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2008-04-24 13:55:34 997888 ----a-w- c:\windows\system32\msgina.dll 2008-04-24 13:55:34 423936 ----a-w- c:\windows\system32\licdll.dll 2008-04-24 13:33:54 507904 ----a-w- c:\windows\system32\winlogon.exe 2008-04-24 11:11:32 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys 2008-04-24 07:06:32 937984 ----a-w- c:\windows\system32\wmnetmgr.dll 2008-04-23 15:40:33 599040 ----a-w- c:\windows\system32\crypt32.dll 2008-04-23 14:21:06 150016 ----a-w- c:\windows\system32\rastls.dll 2008-04-23 11:49:34 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2008-04-23 03:35:36 827392 ----a-w- c:\windows\system32\wininet.dll 2008-04-22 17:00:18 293376 ----a-w- c:\windows\system32\winsrv.dll 2008-04-22 13:54:07 174848 ----a-w- c:\windows\system32\drivers\rdbss.sys 2008-04-22 13:45:52 576384 ----a-w- c:\windows\system32\drivers\ntfs.sys 2008-04-22 13:09:20 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2008-04-17 20:50:10 176128 ----a-w- c:\windows\system32\adsldp.dll 2008-04-17 14:33:26 4707328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2008-04-17 04:50:12 92672 ----a-w- c:\windows\system32\wbem\policman.dll 2008-04-17 04:50:12 728064 ----a-w- c:\windows\system32\lsasrv.dll 2008-04-17 04:50:12 68096 ----a-w- c:\windows\system32\ntdsapi.dll 2008-04-17 04:50:12 407040 ----a-w- c:\windows\system32\netlogon.dll 2008-04-17 04:50:12 175104 ----a-w- c:\windows\system32\w32time.dll 2008-04-17 04:50:10 68096 ----a-w- c:\windows\system32\adsmsext.dll 2008-04-17 04:50:10 199680 ----a-w- c:\windows\system32\gptext.dll 2008-04-17 04:50:10 113152 ----a-w- c:\windows\system32\dsuiext.dll 2008-04-16 23:43:24 2560 ----a-w- c:\windows\system32\msimsg.dll 2008-04-14 05:42:46 23552 ----a-w- c:\windows\system32\wdmaud.drv 2008-04-14 05:42:10 74240 ----a-w- c:\windows\system32\usbui.dll 2008-04-14 05:42:08 74752 ----a-w- c:\windows\system32\storprop.dll 2008-04-14 05:41:58 4096 ----a-w- c:\windows\system32\ksuser.dll 2008-04-14 04:43:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys 2008-04-14 04:42:46 294912 ----a-w- c:\windows\system32\msh263.drv ============= FINISH: 0:19:51,25 =============== mycity.rs/must-login.png

Profil

diarno Poslao: 26 Mar 2010 00:36 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Auuu.. Ti si se bas ljudski zarazio.. Pitanje je sta cemo ovde uspeti da uradimo, jer sem klasicnog virusa koji se kolko ja naslucujem iz tvoje price lepo rasirio, imas i gomilu ostalog malware-a Preuzmi Dr.Web CureIt (~24 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu. Zatim bootuj u normalni rezim rada i skeniraj odatle sa ovim programom : Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

Profil

draganela Poslao: 26 Mar 2010 11:15 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 26 Mar 2010 1:22 Evo i Gmerovi, sad ću uraditi i ovo što si rekao, skinuo sam Dr.Web CureIt, sad ću preći u Safe mode. mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 26 Mar 2010 11:10 Sinoć sam pokrenuo Dr.Web CureIt i skenirao je sve dok nije došao do C:/WINDOWS/system 32/drivers/acpi.sys onda je usporio i celu noć je skenirao nekih 100 fajlova, a do tad je za pola sata prešao nekih 6000. Jutros sam ga ponovo pokrenuo, samo sad za kompletno skeniranje i prešao je nekih 70000 fajlova, ali kad je bio pri kraju naišao je na C:/WINDOWS/system 32/drivers/acpi.sys i opet uspori kao sinoć, do tad je pronašao 164 virusa, stopirao sam ga i selektovao sve i išao na Move incurable, nisam primetio da je išta očistio, sačuvao sam log i evo šta je skenirao: ctfmon.exe C:\WINDOWS\system32 Win32.Sector.20480 hkcmd.exe C:\WINDOWS\system32 Win32.Sector.20480 igfxpers.exe C:\WINDOWS\system32 Win32.Sector.20480 igfxtray.exe C:\WINDOWS\system32 Win32.Sector.20480 INTO.EXE C:\WINDOWS\system32 Trojan.MulDrop.55658 mine.exe C:\WINDOWS\system32 Win32.Sector.20480 NEROCHECK.EXE C:\WINDOWS\system32 Win32.Sector.20480 NSS.EXE C:\WINDOWS\system32 Win32.Sector.20480 wmimgr32.dll C:\WINDOWS\system32 Win32.HLLP.Sector CF13345.exe C:\ComboFix Win32.Sector.20480 MoodEditor.exe C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2 Win32.Sector.20480 csrss.exe C:\Documents and Settings\Sandra Win32.Sector.20480 mepg.exe C:\Documents and Settings\Sandra\Application Data Win32.Sector.20480 oula.exe C:\Documents and Settings\Sandra\Application Data Trojan.MulDrop.55658 utlro.exe C:\Documents and Settings\Sandra\Application Data Trojan.MulDrop.55658 usbnorisk.exe C:\Documents and Settings\Sandra\Desktop Win32.Sector.20480 JDownloader.exe C:\Documents and Settings\Sandra\Desktop\JDownloader Win32.Sector.20480 shutdown.exe C:\Documents and Settings\Sandra\Desktop\JDownloader\plugins\jdshutdown\windows Win32.Sector.20480 unrar.exe C:\Documents and Settings\Sandra\Desktop\JDownloader\tools\Windows\unrarw32 Win32.Sector.20480 RealTemp.exe C:\Documents and Settings\Sandra\Desktop\Temeratura Win32.Sector.20480 nero.exe C:\Documents and Settings\Sandra\Local Settings\Application Data\Xenocode\XSandbox\Nero Burning ROM\9, 0, 9, 100\2009.01.02T09. Win32.Sector.20480 225.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.HLLW.Lime.18 406.exe C:\Documents and Settings\Sandra\Local Settings\temp Trojan.MulDrop.55658 547.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 86902.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 922854.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 9295.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 963.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 DataCard_Setup.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 MOSC.EXE C:\Documents and Settings\Sandra\Local Settings\temp Trojan.MulDrop.55658 ResetDevice.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 RtkBtMnt.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 vcxb.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480 samcc[1].exe C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\MM0ZF6CK Win32.Sector.20480 Acrobat.com.exe C:\Program Files\Adobe\Acrobat.com Win32.Sector.20480 LogTransport2.exe C:\Program Files\Adobe\Reader 9.0\Reader Win32.Sector.20480 amf_slv.exe C:\Program Files\Ashampoo\Ashampoo Burning Studio 8 Win32.Sector.20480 ash_updateMediator.exe C:\Program Files\Ashampoo\Ashampoo Burning Studio 8 Win32.Sector.20480 uninst.exe C:\Program Files\BS.Player ControlBar Win32.Sector.20480 MemTest.exe C:\Program Files\BurnInTest Win32.Sector.20480 rebooter.exe C:\Program Files\BurnInTest Win32.Sector.20480 template.exe C:\Program Files\Common Files\Adobe AIR\Versions\1.0 Win32.Sector.20480 msinfo32.exe C:\Program Files\Common Files\Microsoft Shared\MSInfo Win32.Sector.20480 sapisvr.exe C:\Program Files\Common Files\Microsoft Shared\Speech Win32.Sector.20480 Eset Login Viewer v1.3.exe C:\Program Files\ESET\NOD (zabranjeno) Win32.Sector.20480 pdftotext.exe C:\Program Files\Google\Google Desktop Search Win32.Sector.20480 ih.exe C:\Program Files\ImageConverter Plus Win32.Sector.20480 FFPage.exe C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480 Launcher.exe C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480 UNWISE.EXE C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480 UpdateInst.exe C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480 setup.exe C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D} Win32.Sector.20480 iedw.exe C:\Program Files\Internet Explorer Win32.Sector.20480 IEXPLORE.EXE C:\Program Files\Internet Explorer Win32.Sector.20480 icwconn1.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480 icwconn2.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480 icwrmind.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480 icwtutor.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480 inetwiz.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480 isignup.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480 ac3config.exe C:\Program Files\K-Lite Codec Pack\Filters Win32.Sector.20480 gdsmux.exe C:\Program Files\K-Lite Codec Pack\Filters\Haali Win32.Sector.20480 mplayerc.exe C:\Program Files\K-Lite Codec Pack\Media Player Classic Win32.Sector.20480 dsconfig.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480 graphedit.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480 mediainfo.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480 StatsReader.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480 VobSubStrip.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480 gspot.exe C:\Program Files\K-Lite Codec Pack\Tools\gspot Win32.Sector.20480 msmsgs.exe C:\Program Files\Messenger Win32.Sector.20480 ejectdisk.exe C:\Program Files\MODEM Mobile Connection Win32.Sector.20480 MODEM Mobile Connection.exe C:\Program Files\MODEM Mobile Connection Win32.Sector.20480 USBDriverInstaller_x86.exe C:\Program Files\MODEM Mobile Connection Win32.Sector.20480 Mp4Player.exe C:\Program Files\MP4 Player Win32.Sector.20480 VMonitor.exe C:\Program Files\Vimicro Corporation\VMUVC Win32.Sector.20480 A0143750.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143764.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143857.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143858.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143859.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0143860.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0143870.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143887.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143888.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143896.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0143901.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLW.Lime.18 A0143928.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143939.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143944.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0143948.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0143949.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144001.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144004.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144041.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0144045.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144048.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144062.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144067.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0144071.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144074.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144084.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144089.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0144093.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144140.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0144150.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145146.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0145148.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145150.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145154.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145155.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145339.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector A0145340.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145344.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145351.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145355.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145356.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145361.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145383.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145387.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658 A0145388.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145390.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145391.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145393.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145395.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145396.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145397.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145398.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145401.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145409.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145415.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145417.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145422.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145428.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145429.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145439.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145461.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145466.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145479.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145480.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145482.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145487.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145489.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145493.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145526.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145527.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145528.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145530.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145531.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145532.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145533.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145534.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145535.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145560.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145561.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 A0145563.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480 ctfmon.exe C:\WINDOWS\system32 Win32.Sector.20480 hkcmd.exe C:\WINDOWS\system32 Win32.Sector.20480 igfxpers.exe C:\WINDOWS\system32 Win32.Sector.20480 igfxtray.exe C:\WINDOWS\system32 Win32.Sector.20480 INTO.EXE C:\WINDOWS\system32 Trojan.MulDrop.55658 mine.exe C:\WINDOWS\system32 Win32.Sector.20480 NEROCHECK.EXE C:\WINDOWS\system32 Win32.Sector.20480 NSS.EXE C:\WINDOWS\system32 Win32.Sector.20480 wmimgr32.dll C:\WINDOWS\system32 Win32.HLLP.Sector Dopuna: 26 Mar 2010 11:15 Skenirao sam i sa Malwarebytes Anti-Malware, pa pošto sam restartovao komp nisam mogao da nađem log, pa sam ponovio još jednom, ali je drugi put pronašao samo dva malware-a, a pronašao sam i log-fajlove i evo tu je i prvi i drugi log: Malwarebytes' Anti-Malware 1.44 Database version: 3915 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1.1.2001 9:51:53 mbam-log-2001-01-01 (09-51-53).txt Scan type: Quick Scan Objects scanned: 115491 Time elapsed: 6 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 10 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\person (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot. C:\Documents and Settings\Sandra\Local Settings\temp\MOSC.EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\INTO.EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.Softomate) -> Quarantined and deleted successfully. C:\Documents and Settings\Sandra\Application Data\oula.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Documents and Settings\Sandra\Application Data\utlro.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Documents and Settings\Sandra\Local Settings\temp\406.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Win\names.txt (Worm.AutoIT) -> Quarantined and deleted successfully. C:\Documents and Settings\Sandra\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\winsa.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Sandra\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully. i drugi Malwarebytes' Anti-Malware 1.44 Database version: 3915 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1.1.2001 10:32:55 mbam-log-2001-01-01 (10-32-55).txt Scan type: Quick Scan Objects scanned: 115393 Time elapsed: 6 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot.

Profil

diarno Poslao: 27 Mar 2010 16:37 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Stanje je veoma lose..Bas se rasirio.. Kazi mi jel si isao cure? Jel bila dostupna ta opcija. Uploaduj mi C:\WINDOWS\system32\ctfmon.exe Preko sledece forme. http://www.mycity.rs/ambulanta-upload.php Jel mozes da startuje windows u normal modu. Jel malo bolje radi? Ako ne uspemo bilo bi dobro da odradis sad backup dokumenata kao sto su slike, word fajlovi i sl... Programe i igrice ili bilo sta drugo sto se instalira il je aplikacija nemoj prebacivati na drugu particiju.

Profil

draganela Poslao: 28 Mar 2010 16:08 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 27 Mar 2010 17:02 Uploadovao sam ti ovaj fajl, komp je radio bolje, pošto mi je NOD bio blokiranpa ništa ga nije kočilo. Danas sam na svoju ruku uradio kompletno skeniranje sa Malwarebytes Anti-Malware, pa je on pronašao nekih 50 zaraženih fajlova, išao sam remove selected i onda mi je NOD ponovo proradio, sad on prijavljuje da ima negde virusa i blokira ih. Bila je opcija Cure, ja sam išao na Move incurable i sačekao nekih 2-3 minuta, al nisam video da je išta uradio. Dopuna: 27 Mar 2010 18:02 Sad sam skenirao komp sa NOD-om i pronašao je 420 zaraženih fajlova i sve ih očistio, ako treba mogu da ti pošaljem ili kopiram taj logfile. Svi su uglavnom bili zaraženi virusom: Win32/Sality.NAE virus. Sad komp radi solidno, šta misliš šta sad da uradim? Dopuna: 28 Mar 2010 16:08 Juče sam skenirao još jednom sa NOD-om i pronašao je 140 zaraženih fajlova i očistio ih, a jutros kad sam skenirao nije pronašao ni jedan, šta misliš da skeniram još jednom sa Dr.Web CureIt? Uglavnom sad radi normalno i ništa ne prijavljuje.

Profil

diarno Poslao: 28 Mar 2010 18:40 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok .to bi bilo to.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virusi - Pomozite još večeras, ako možete

Ko je trenutno na forumu

Ukupno su 858 korisnika na forumu :: 15 registrovanih, 0 sakrivenih i 843 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Belac91, Bo96, Bobrock1, esx66, Istman, Japidson, Milometer, Milos82, ruger357, samsung, SlaKoj, TBF1D, uruk, voja64, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by