Crv :)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozz svima,dakle imam nekog crva u kompijuteru,eset kada skenira komijuter nadjega ali ne moze da ga obrise... i kompijuter sam zatvara neke programe sto stoje u task menager-u.





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Zvezdan at 14:22:18 on 2013-05-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.101 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [VTTimer] VTTimer.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{16ECDEB1-306E-46D0-89F1-B09E57A1B6F0} : NameServer = 93.87.24.2 93.87.24.7
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zvezdan\application data\mozilla\firefox\profiles\yqfe7cq4.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
ShellExec: Audition.exe: Open="c:\program files\adobe\audition 1.5\Audition.exe"
.
=============== Created Last 30 ================
.
2013-05-07 12:12:19 -------- d-----w- c:\windows\system32\Adobe
2013-05-07 12:05:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 12:05:09 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 09:10:46 -------- d-----w- c:\documents and settings\zvezdan\application data\Mobile Action
2013-05-07 09:08:31 -------- d-----w- c:\program files\Mobile Action
2013-05-07 09:07:52 -------- d-----w- c:\windows\Application Data
2013-05-06 14:29:18 543712 ----a-w- c:\windows\system32\ar5211.sys
2013-05-06 14:28:52 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2013-05-06 14:28:52 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-05-06 14:28:52 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2013-05-06 14:28:52 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2013-05-06 14:28:51 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2013-05-06 14:28:51 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2013-05-06 14:28:51 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2013-05-06 14:28:51 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2013-05-04 14:43:55 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\Google
2013-05-03 14:42:01 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\Identities
2013-04-30 08:51:08 50449456 ----a-w- c:\windows\system32\dotnetfx4.exe
2013-04-30 08:50:31 1227048 ----a-w- c:\windows\system32\wic_x86_enu.exe
2013-04-30 08:49:17 2585872 ----a-w- c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe
2013-04-30 08:48:57 -------- d-----w- c:\windows\system32\X
2013-04-27 17:40:37 -------- d-----w- c:\windows\Downloaded Installations
2013-04-27 08:30:32 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2013-04-27 08:30:32 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2013-04-26 08:25:17 -------- d-----w- c:\documents and settings\all users\application data\IDM
2013-04-26 08:25:16 -------- d-----w- c:\documents and settings\zvezdan\application data\DMCache
2013-04-25 06:37:19 -------- d-sh--w- c:\documents and settings\zvezdan\IECompatCache
2013-04-25 06:36:30 -------- d-sh--w- c:\documents and settings\zvezdan\PrivacIE
2013-04-25 06:34:00 -------- d-sh--w- c:\documents and settings\zvezdan\IETldCache
2013-04-25 06:29:13 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-04-25 06:27:55 -------- dc-h--w- c:\windows\ie8
2013-04-25 06:16:59 -------- d-sh--w- c:\documents and settings\zvezdan\UserData
2013-04-23 18:19:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-04-23 18:19:22 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-04-23 18:19:21 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-04-23 18:19:21 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-04-23 15:34:33 -------- d-----w- c:\program files\ESET
2013-04-20 17:00:58 -------- d-----w- c:\windows\system32\appmgmt
2013-04-20 15:22:16 -------- d-----w- c:\program files\dumps
2013-04-20 15:21:19 -------- d-----w- c:\program files\common files\Steam
2013-04-19 18:10:42 18581400 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-04-18 11:30:24 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\Sun
2013-04-18 11:14:34 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-18 11:14:34 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-18 11:14:34 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-18 11:14:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 10:57:58 -------- d-----w- c:\windows\pss
2013-04-18 10:20:44 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\Adobe
2013-04-18 09:14:48 -------- d-----w- C:\NVIDIA
2013-04-18 09:03:52 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\PackageAware
2013-04-18 08:41:45 1897408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2013-04-18 08:41:45 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-04-18 08:41:44 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2013-04-18 08:41:44 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2013-04-15 18:41:38 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\ESET
2013-04-12 10:15:04 543712 ----a-w- c:\windows\system32\drivers\ar5211.sys
2013-04-10 08:12:34 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\Help
2013-04-09 19:28:49 -------- d-----w- c:\documents and settings\zvezdan\application data\ESET
2013-04-09 07:20:14 -------- d-----w- c:\documents and settings\zvezdan\local settings\application data\Mozilla
2013-04-09 07:20:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-04-09 07:19:29 -------- d-----w- c:\program files\The KMPlayer
2013-04-09 07:13:28 -------- d-----w- c:\documents and settings\all users\application data\TP-LINK
.
==================== Find3M ====================
.
.
============= FINISH: 14:24:38.06 ===============



[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, cokiss



Da li mozes da uslikas tu detekciju koju ti ESET prikazuje, pa da prikazis sliku ovde.

Kako napraviti ScreenShot i postaviti na forum --> [Link mogu videti samo ulogovani korisnici]




Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pre 10min sam skenirao kompijuter i nije nista naso,on sam izbaci da ima viruse(u donjem desnom uglu) Kada skeniram nista ne izbaci,samo ga prebaci u karantin. I onda ja to "Izbrisem" pa posle opet izbaci da imam(kada eset sam skenira)..........

Ewo i slike ali to je deamon tools,to je izbrisao i vise ne izbacuje. Za taj virus pise da se nalazi u C/windows/X.crv... Ono jos skenira kad bude sve gotovo izbacicu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kad si vec otvorio temu, nema potrebe da skeniras, to isuvise dugo traje u odnosu na alate koje mi ovde koristimo...

Dostavi mi GMER izvestaje...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E izvinite sko kasnim na odgovoru,podigo sam novi windows i virus se obrisao..... Hvala svima!