MyCity » Ambulanta -> Arhiva Ambulante » y.exe problem

y.exe problem

Napisano na dan: 23.11.2008

y.exe problem

Sledeća strana

Pagination

Odgovori

opasniot Poslao: 23 Nov 2008 23:57 Idi na vrh
offline opasniot Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:41:25, on 23.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ljupco\Desktop\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2871 bytes Dopuna: 23 Nov 2008 23:57 Desava mi se sledece::: Imam NOD32 antivirus,i pocevsi od jucer javlja mi da ima neku verziju trojanca u system32,y.exe file,i i da obrisem to opet ga javlja,znaci dosad je skenirao i izbrisao 6 inficiranih fajlova i tome nema kraja za pola saata ce biti 20 pa 50 i tako dalje.kad izvucem kabel sa interneta i ocistim viruse nema problema a odmah cim uklucim kabel opet me napada taj "virus",,ako neko zna kako da se toga rjesim molim vas za pomoc!!!

Profil

dr_Bora Poslao: 24 Nov 2008 16:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Potrebno je privremeno isključiti TeaTimer: Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

opasniot Poslao: 24 Nov 2008 19:21 Idi na vrh
offline opasniot Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-22.02 - Ljupco 2008-11-24 19:15:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.706 [GMT 1:00] Running from: c:\documents and settings\Ljupco\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))))) . 2008-11-24 00:09 . 2008-11-24 00:30 56,026 --a------ C:\asd.exe 2008-11-23 23:23 . 2008-11-23 23:23 <DIR> d-------- c:\documents and settings\Ljupco\Contacts 2008-11-23 23:22 . 2008-11-23 23:22 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-23 23:21 . 2008-11-23 23:21 <DIR> d-------- c:\program files\MSN Messenger 2008-11-23 23:13 . 2008-11-24 00:38 <DIR> d-------- c:\documents and settings\Ljupco\Application Data\Skype 2008-11-23 23:10 . 2008-11-24 00:40 59 --a------ c:\windows\system32\i . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 22:18 --------- d-----w c:\documents and settings\Ljupco\Application Data\DMCache 2008-11-23 22:15 --------- d-----w c:\program files\ESET . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-25 949376] "CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784] "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2002-12-31 77312] S2 SVCHOSTS32;Windows Host Services ;"c:\windows\system\svchost.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01bc05d-c404-11da-9f13-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Ljupco\Application Data\Mozilla\Firefox\Profiles\fx5k2sk3.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-24 19:16:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\rsaenh.dll - - - - - - - > 'lsass.exe'(720) c:\windows\system32\msprivs.dll c:\windows\system32\rsaenh.dll c:\windows\system32\imon.dll . Completion time: 2008-11-24 19:17:22 ComboFix-quarantined-files.txt 2008-11-24 18:17:03 Pre-Run: 12.052.619.264 bytes free Post-Run: 12,043,317,248 bytes free 85

Profil

dr_Bora Poslao: 24 Nov 2008 19:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bilo je sasvim dovoljno jednom pokrenuti ComboFix. A vidim da ni TeaTimer nisi isključio. Poenta je ispratiti uputstvo. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\asd.exe Driver:: SVCHOSTS32` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

opasniot Poslao: 24 Nov 2008 21:09 Idi na vrh
offline opasniot Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-22.02 - Ljupco 2008-11-24 21:01:40.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.695 [GMT 1:00] Running from: c:\documents and settings\Ljupco\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ljupco\Desktop\CFScript.txt.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\asd.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\asd.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVCHOSTS32 -------\Service_SVCHOSTS32 ((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))))) . 2008-11-23 23:23 . 2008-11-24 19:23 <DIR> d-------- c:\documents and settings\Ljupco\Contacts 2008-11-23 23:22 . 2008-11-23 23:22 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-23 23:21 . 2008-11-23 23:21 <DIR> d-------- c:\program files\MSN Messenger 2008-11-23 23:13 . 2008-11-24 00:38 <DIR> d-------- c:\documents and settings\Ljupco\Application Data\Skype 2008-11-23 23:10 . 2008-11-24 00:40 59 --a------ c:\windows\system32\i . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 22:18 --------- d-----w c:\documents and settings\Ljupco\Application Data\DMCache 2008-11-23 22:15 --------- d-----w c:\program files\ESET . ((((((((((((((((((((((((((((( snapshot@2008-11-24_ 0.35.35.92 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-25 949376] "CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784] "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2002-12-31 77312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01bc05d-c404-11da-9f13-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-24 21:03:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\rsaenh.dll - - - - - - - > 'lsass.exe'(728-) c:\windows\system32\msprivs.dll c:\windows\system32\rsaenh.dll c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\ESET\nod32krn.exe c:\windows\system32\nvsvc32.exe . ************************************************************************ . Completion time: 2008-11-24 21:05:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-24 20:04:57 ComboFix2.txt 2008-11-24 18:17:24 Pre-Run: 12.019.339.264 bytes free Post-Run: 11,964,260,352 bytes free 102

Profil

dr_Bora Poslao: 24 Nov 2008 21:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Prijavljuje li NOD nešto?

Profil

opasniot Poslao: 24 Nov 2008 21:32 Idi na vrh
offline opasniot Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne nista sve je u normalu kako treba,komp.mi je odlican radi bas onako Normalno,brze startuje aplikacije nego prije itd.... Hvala najlepse brate!!!

Profil

dr_Bora Poslao: 24 Nov 2008 21:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Još samo ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore poz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » y.exe problem

Ko je trenutno na forumu

Ukupno su 927 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 924 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Avalon015, JanaH, Koridor

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by