Možda tražite i:
mbam i sas nasli viruse dali su to stvarno virusi?
virus,virusi ili....
Trebala bi mi mala pomoc oko virusa

MyCity » Ambulanta -> Arhiva Ambulante » Povracaj virusa

Povracaj virusa

Napisano na dan: 19.1.2009

Povracaj virusa

Sledeća strana

Pagination

Odgovori

v-djuric Poslao: 19 Jan 2009 22:30 Idi na vrh
offline v-djuric Ugledni građanin Pridružio: 01 Dec 2007 Poruke: 307	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 22:14:31, on 19.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files2\Pilot Group LLC\Hide Folder 3.0\HF30Service.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\Eset\nod32kui.exe C:\PROGRA~2\KEMailKb\KEMailKb.EXE C:\Program Files2\DU Meter\DUMeter.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Conexant\Adsl\dslstat.exe C:\Program Files\Conexant\Adsl\dslagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files2\NetLimiter 2 Pro\nlsvc.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\gigabyte\RCService\RCService.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files2\NetLimiter 2 Pro\NLClient.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\VLADA\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sezampro.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~2\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~2\KEMailKb\KEMailKb.EXE O4 - HKLM\..\Run: [DU Meter] C:\Program Files2\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files2\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files2\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files2\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Con.....3239742796 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA2854DC-D210-4115-ABE4-7FA41515BC90}: NameServer = 77.105.0.18 77.105.0.19 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HF30Service - Unknown owner - C:\Program Files2\Pilot Group LLC\Hide Folder 3.0\HF30Service.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files2\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: RCService - Unknown owner - C:\Program Files\gigabyte\RCService\RCService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Sto se tice nekog vidljivog problema nemam, ali desila mi se sledeca stvar. Pustio sam anti virus da mi pretrazi komp i nasao je par komada u: D:\System Volume Information\_restore{246F3069-6FC4-469F-A7A8-D425CCD4D4B8}\RP1\A0000003.exe probably a variant of Win32/Agent trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. Ovako je nasao i u C particiji, sledece sto sam uradio je da sam iskljucio system restore, restartovao komp i time bi sve trebalo da nestane odatle medjutim, posle toga monitor anti virusa mi je sam prijavio opet 2 komada u D particiji, jedan od njih je onaj gore. Znaci da napomenem ne vidim da mi se desava nesto sto ne bi trebalo ali sigurno nesto ima. Pozdrav!!!

Profil

dr_Bora Poslao: 19 Jan 2009 23:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Privremeno ćemo isključiti TeaTimer: Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. Zatim otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

v-djuric Poslao: 20 Jan 2009 00:23 Idi na vrh
offline v-djuric Ugledni građanin Pridružio: 01 Dec 2007 Poruke: 307	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam sve po uputstvu, samo da kazem da mi je system restore ostao iskljucen i sad je iskljucen pa dal to ima neke veze? vidim da je combofix obrisao jedan fajl, pa ako moze uktatko sta je obrisao. Da li sada da ukljucim tea timer i antivirus? Pozzz! ComboFix 09-01-19.03 - VLADA 2009-01-20 0:02:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.511.160 [GMT 1:00] Running from: c:\documents and settings\VLADA\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) FW: Kerio Personal Firewall disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))) . 2009-01-19 23:47 . 2009-01-19 23:47 501,063 --a------ C:\Povracaj virusa MyCity.mht 2009-01-19 02:25 . 2009-01-19 02:25 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-19 02:25 . 2009-01-19 02:25 1,409 --a------ c:\windows\QTFont.for 2009-01-02 17:55 . 2009-01-02 17:55 <DIR> d-------- c:\documents and settings\VLADA\Application Data\Microsoft Games 2009-01-02 17:55 . 2009-01-02 17:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Games 2008-12-29 21:00 . 2008-12-29 21:00 <DIR> d-------- c:\documents and settings\VLADA\Application Data\WeatherWatcher 2008-12-29 20:59 . 2008-12-29 21:04 <DIR> d-------- c:\documents and settings\VLADA\Application Data\WeatherWatcherLive 2008-12-25 00:02 . 2008-12-25 00:02 137,344 --a------ c:\windows\system32\drivers\hwpsgt.sys 2008-12-25 00:02 . 2008-12-25 00:02 9,472 --a------ c:\windows\system32\drivers\lemsgt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 22:41 --------- d-----w c:\program files\ESET 2009-01-19 22:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-17 15:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-17 00:25 --------- d-----w c:\program files\Google 2009-01-14 19:49 3,001 --sha-w c:\documents and settings\VLADA\ppUser.dat 2009-01-11 23:04 --------- d-----w c:\documents and settings\VLADA\Application Data\Skype 2009-01-11 23:02 --------- d-----w c:\documents and settings\VLADA\Application Data\skypePM 2009-01-11 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-11 18:06 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-08 20:07 --------- d-----w c:\documents and settings\VLADA\Application Data\uTorrent 2008-12-27 23:33 --------- d-----w c:\documents and settings\VLADA\Application Data\MyPhoneExplorer 2008-12-19 03:56 --------- d-----w c:\program files\uTorrent 2008-12-07 18:37 --------- d-----w c:\documents and settings\VLADA\Application Data\Cuttermaran 2008-12-04 18:15 --------- d-----w c:\program files\ATI Technologies 2008-11-30 02:59 --------- d-----w c:\program files\John Deere Drive Green 2008-11-12 19:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2008-08-04 22:36 6,144 --sha-w c:\windows\system32\ss.drv . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-04-18 151552] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-01 949376] "KEMailKb"="c:\progra~2\KEMailKb\KEMailKb.EXE" [2002-12-31 253952] "DU Meter"="c:\program files2\DU Meter\DUMeter.exe" [2003-06-22 1297920] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064] "DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax "msacm.l3codecp"= l3codecp.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-10-09 11:28 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2003-06-22 15:38 1297920 c:\program files2\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-08-11 17:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-10-19 20:16 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 c:\program files2\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a--c--- 2003-11-14 09:14 33792 c:\program files2\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Games\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-03-06 77056] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-09-26 286720] R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-09-26 81920] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-01 15424] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-03-22 826752] R3 HF30Kbd;HF30Kbd;c:\program files2\Pilot Group LLC\Hide Folder 3.0\HF30Kbd2K.sys [2008-03-06 9856] R4 HF30Sys;HF30Sys;c:\program files2\Pilot Group LLC\Hide Folder 3.0\HF30XP.sys [2008-03-06 48992] R4 RCService;RCService;c:\program files\gigabyte\RCService\RCService.exe [2006-04-26 538624] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] . Contents of the 'Scheduled Tasks' folder 2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-01-19 c:\windows\Tasks\User_Feed_Synchronization-{5324A6FB-7179-4BA0-979E-5C5A3A521FAC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sezampro.rs/ IE: Download All by FlashGet - c:\program files2\FlashGet\jc_all.htm IE: Download using FlashGet - c:\program files2\FlashGet\jc_link.htm LSP: imon.dll Trusted Zone: online.bancaintesabeograd.com TCP: {AA2854DC-D210-4115-ABE4-7FA41515BC90} = 77.105.0.18 77.105.0.19 FF - ProfilePath - c:\documents and settings\VLADA\Application Data\Mozilla\Firefox\Profiles\p6apwlsf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT180154&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - radiopink Customized Web Search FF - prefs.js: browser.startup.homepage - www.sezampro.rs FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT180154&SearchSource=2&q= FF - plugin: c:\program files2\Real Alternative\browser\plugins\nppl3260.dll FF - plugin: c:\program files2\Real Alternative\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 00:07:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(620) c:\windows\system32\imon.dll . Completion time: 2009-01-20 0:11:25 ComboFix-quarantined-files.txt 2009-01-19 23:11:19 Pre-Run: 2.887.684.096 bytes free Post-Run: 2,882,297,856 bytes free 161

Profil

dr_Bora Poslao: 20 Jan 2009 17:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ništa konkretno nije obrisano, samo otpadak od ranije infekcije. Log je čist i na tvom kompjuteru ne bi trebalo biti malware-a. Obavezno uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Možeš aktivirati zaštitni softver. To je sve.

Profil

v-djuric Poslao: 20 Jan 2009 23:05 Idi na vrh
offline v-djuric Ugledni građanin Pridružio: 01 Dec 2007 Poruke: 307	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala, uradio sam i ovo, ali imam samo jos koje pitanje ukratko da mi kazes. Da li je taj virus sto mi se vratio u D:\ system restore, ovim postupkom uklonjen ili nije imao veze sa ovim i kako je moguce da se pojavi u D particiji, zar nije logicnije u C posto je sistem u C, D mi je samo magacin? I npr. da sam prvo reinstalirao win pre nego sto sam konsultovao vas, da li bi mi se on pojavio ponovo, posto D particiju ne bi formatirao, nego sam C? Pozdrav i hvala jos jednom.

Profil

dr_Bora Poslao: 20 Jan 2009 23:26 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve što je bilo u SR-u je obrisano. Ništa se nije vratilo, već je bilo od ranije u System Restore-u. Malware može da se nalazi i na particijama koje nisu sistemske. Pošto se file nalazio u System Restore-u, bio bi obrisan pri instalaciji Windows-a (tačnije, Windows bi napravio novi SR a taj stari bi ''nestao'').

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Povracaj virusa

Ko je trenutno na forumu

Ukupno su 996 korisnika na forumu :: 37 registrovanih, 8 sakrivenih i 951 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 5rovic, avijacija, babaroga, banebeograd, bbogdan, bojankrstc, comi_pfc, Denaya, galijot, Haris, Istman, ivan1973, Koridor, Krusarac, kybonacci, lord sir giga, Marko Marković, MB120mm, mercedesamg, Mi lao shu, milenko crazy north, milos.cbr, MiroslavD, mkukoleca, opt1, Panter, Parker, Pohovani_00, S-lash, SlaKoj, stegonosa, trajkoni018, tubular, virked, voja64, wolf431, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by