MyCity » Ambulanta -> Arhiva Ambulante » C:windows/sistem32/cvo0.dll TR/Vundo.gen

C:windows/sistem32/cvo0.dll TR/Vundo.gen

Napisano na dan: 9.11.2008

Strana:
1
2

C:windows/sistem32/cvo0.dll TR/Vundo.gen

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Ričard Poslao: 09 Nov 2008 09:21 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdarv. Po svakom ukljucenju racunara Avira izbaci upozorenje o Virusu: C:Windows/sistem32/cvo0.dll TR/Vndo.gen. Obrisem ga i sve lepo radi do ponovnog ukljucelja racunara, kada ga avira ponovo pronadje. Nakon brisanja tog virusa odradim scan Avirom i ona ne nadje nista. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:13:05, on 9.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Siemens\Common\S7ubtoox\s7ubtstx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe C:\Siemens\Common\Sqlany\dbsrv50.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Documents and Settings\Novum\Desktop\New Folder (2)\kraj.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD91C86-B41C-4745-8A3A-08819DC6A155}: NameServer = 80.93.224.1,80.93.224.2 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5963 bytes

Profil

Piksi Poslao: 09 Nov 2008 13:00 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Ričard Poslao: 09 Nov 2008 13:37 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne znam da li ovo nesto znaci, ali cu napisati. Nakon sto je ComboFix zavrsio skeniranje nestale su sve precice i folderi sa desktopa, start linija se ne pojavljulje ni sa misom, ni uz pomoc tastera, windows logo. IE sam pokrenuo iz Task Managera, to radi, mislim Task Manager. ComboFix 08-11-07.01 - Novum 2008-11-09 13:22:14.8 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.204 [GMT 1:00] Running from: c:\documents and settings\Novum\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\system32\ckvo.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-09 08:45 . 2008-11-09 08:45 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE 2008-11-09 08:15 . 2008-11-09 08:16 110,013 -r-hs---- C:\sq.com 2008-11-07 17:14 . 2008-11-07 17:15 <DIR> d-------- c:\documents and settings\Novum\.dvdcss 2008-11-07 16:56 . 2008-11-07 16:57 <DIR> d-------- c:\program files\FormatFactory 2008-11-07 08:00 . 1980-01-01 00:00 149,000 --a------ C:\grldr 2008-11-07 08:00 . 2008-11-05 21:52 829 -ra------ C:\menu.lst 2008-11-07 07:59 . 2008-11-09 08:38 <DIR> d-------- C:\boot1 2008-11-04 17:36 . 2008-11-04 17:36 <DIR> d-------- c:\documents and settings\Novum\Application Data\XBMC 2008-11-04 17:35 . 2008-11-05 08:28 <DIR> d-------- c:\program files\XBMC 2008-11-03 08:42 . 2008-11-03 08:42 <DIR> d-------- c:\documents and settings\Novum\Application Data\Thinstall 2008-10-27 21:40 . 2008-10-27 21:40 <DIR> d-------- c:\program files\QuickTime 2008-10-25 06:13 . 2008-10-25 06:13 98,934 ---h----- C:\TREEINFO.WC 2008-10-25 06:10 . 2008-10-25 06:10 <DIR> d-------- C:\wincmd 2008-10-25 06:10 . 2008-11-03 10:52 952 --a------ c:\windows\wincmd.ini 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\UC.PIF 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\RAR.PIF 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\PKZIP.PIF 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\PKUNZIP.PIF 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\NOCLOSE.PIF 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\LHA.PIF 2008-10-25 06:10 . 2002-01-21 04:00 545 --a------ c:\windows\ARJ.PIF 2008-10-24 07:40 . 2008-10-24 07:40 0 --a------ c:\windows\CDMIMPRT.INI 2008-10-14 07:13 . 2008-10-17 09:52 65,536 --a------ c:\windows\IFinst27.exe 2008-10-13 07:17 . 2008-11-08 10:51 <DIR> d-------- c:\program files\AIMP2 2008-10-11 13:06 . 2008-10-11 13:44 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-10-11 13:05 . 2008-10-11 13:44 <DIR> d-------- c:\program files\SpywareBlaster 2008-10-09 16:25 . 2008-10-09 16:30 <DIR> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 12:26 --------- d-----w c:\documents and settings\Novum\Application Data\Free Download Manager 2008-11-08 13:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-06 07:49 --------- d-----w c:\documents and settings\Novum\Application Data\OpenOffice.org2 2008-10-19 18:33 --------- d-----w c:\documents and settings\Novum\Application Data\uTorrent 2008-10-16 19:54 --------- d-----w c:\program files\OMRON 2008-10-13 06:58 --------- d-----w c:\documents and settings\Novum\Application Data\XnView 2008-10-11 09:24 --------- d-----w c:\program files\Opera 2008-10-07 10:35 --------- d-----w c:\program files\Free Download Manager 2008-10-07 10:34 --------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG 2008-10-07 10:18 --------- d-----w c:\documents and settings\Novum\Application Data\Uniblue 2008-10-07 10:18 --------- d-----w c:\documents and settings\Novum\Application Data\Sony 2008-10-07 10:18 --------- d-----w c:\documents and settings\Novum\Application Data\BSplayer 2008-10-07 10:18 --------- d-----w c:\documents and settings\Novum\Application Data\Autodesk 2008-10-07 10:18 --------- d-----w c:\documents and settings\Novum\Application Data\ACD Systems 2008-10-07 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2008-10-07 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2008-10-07 10:12 --------- d-----w c:\documents and settings\Novum\Application Data\AdobeUM 2008-09-29 05:44 --------- d-----w c:\program files\CCleaner 2008-09-28 18:36 --------- d-----w c:\program files\Common Files\Stardock 2008-09-16 17:45 --------- d-----w c:\program files\COMODO 2008-09-15 06:30 45,696 ----a-w c:\documents and settings\Novum\Application Data\GDIPFONTCACHEV1.DAT 2008-09-13 08:32 --------- d-----w c:\program files\AML Products 2008-09-12 13:06 --------- d-----w c:\program files\uTorrent 2008-09-11 13:03 --------- d-----w c:\program files\Windows Live 2008-09-11 12:59 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-09-11 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-09-11 12:26 --------- d-----w c:\program files\Microsoft VM 2008-09-10 21:23 10,488 ----a-w c:\windows\system32\crcnat.exe 2008-09-04 12:34 155,995 ----a-w c:\windows\java\Packages\WAXJNRJ1.ZIP 2008-08-22 01:08 878,592 ----a-w c:\windows\system32\wininet.dll 2008-08-22 01:08 43,008 ----a-w c:\windows\system32\licmgr10.dll 2008-08-22 01:07 18,944 ----a-w c:\windows\system32\corpol.dll 2008-08-22 01:06 72,704 ----a-w c:\windows\system32\admparse.dll 2008-08-22 01:06 71,680 ----a-w c:\windows\system32\iesetup.dll 2008-08-22 01:06 434,176 ----a-w c:\windows\system32\vbscript.dll 2008-08-22 01:05 48,640 ------w c:\windows\system32\PrivacIE.dll 2008-08-22 01:05 48,128 ----a-w c:\windows\system32\mshtmler.dll 2008-08-22 01:05 35,840 ----a-w c:\windows\system32\imgutil.dll 2008-08-22 01:04 45,568 ----a-w c:\windows\system32\mshta.exe 2008-08-22 00:57 156,160 ----a-w c:\windows\system32\msls31.dll 2007-03-20 12:26 106 ----a-w c:\documents and settings\Novum\Application Data\wklnhst.dat 1998-04-27 19:15 570,128 ------w c:\program files\Common Files\dao350.dll 1998-04-26 23:00 570,128 ----a-w c:\program files\DAO350.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "S7UB Start"="c:\siemens\Common\S7ubtoox\s7ubtstx.exe" [2000-10-25 102400] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 180269] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-27 413696] "SoundMan"="SOUNDMAN.EXE" [2005-08-01 c:\windows\SOUNDMAN.EXE] "SMSERIAL"="sm56hlpr.exe" [2005-07-06 c:\windows\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Novum\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - d:\programi\ObjectDock\ObjectDock\ObjectDock.exe [2006-03-12 1802309] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Messenger\\Msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\launch4j-tmp\\JDownloader.exe"= R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\DRIVERS\dpmtrcdd.sys [2001-06-27 30080] R2 s7osmcax;s7osmcax;c:\windows\system32\Drivers\s7osmcax.sys [2004-12-23 175159] R2 s7otranx;s7otranx;c:\windows\system32\Drivers\S7otranx.sys [2004-12-23 494647] R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\DRIVERS\EKBfltr.sys [2005-08-01 5504] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2000-03-28 30704] S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;c:\windows\system32\DRIVERS\s7oupc2x.sys [2005-01-14 21536] S3 usbprint;Microsoft USB PRINTER Class;c:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{726d49bf-ded5-11dc-9aab-0002e34a0ee9}] \shell\Setup\command - setup.exe . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O8 -: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 -: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm O8 -: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm O8 -: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm O17 -: HKLM\CCS\Interface\{ECD91C86-B41C-4745-8A3A-08819DC6A155}: NameServer = 80.93.224.1,80.93.224.2 O16 -: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici] c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-11-09 13:26:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-09 13:28:10 ComboFix-quarantined-files.txt 2008-11-09 12:27:48 Pre-Run: 13.346.938.880 bytes free Post-Run: 13,607,448,576 bytes free 159

Profil

Piksi Poslao: 09 Nov 2008 14:32 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih fajlova, i uploaduj mi na proveru sledeće fajlove: C:\sq.com c:\windows\java\Packages\WAXJNRJ1.ZIP Upload ćeš izvršiti preko sledeće forme -> [Link mogu videti samo ulogovani korisnici]

Profil

Ričard Poslao: 09 Nov 2008 14:50 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fajlovi su uploudovani.

Profil

Piksi Poslao: 09 Nov 2008 21:43 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih fajlova i obriši sledeći fajl -> C:\sq.com PS: Javi da li si uspeo da ga obrišeš...

Profil

Ričard Poslao: 10 Nov 2008 07:44 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fajl je uspesno obrisan. Nakkon jucerasnjeg skena sa ComboFix-om doticno upozorenje se vise nije pojavljivalo.

Profil

Piksi Poslao: 10 Nov 2008 08:12 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ostaje nam još da deinstliramo ComboFix -> Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

Ričard Poslao: 11 Nov 2008 14:24 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zahvaljujem puno. Pozdarv. Dopuna: 11 Nov 2008 14:24 Izgleda da problem nije resen. Naime sada se doticni TR\Vundo.gen poceo pojavljivati u Sistem volume information\_restore Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:20:28, on 11.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Siemens\Common\S7ubtoox\s7ubtstx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe C:\Siemens\Common\Sqlany\dbsrv50.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Novum\Desktop\New Folder (2)\kraj.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD91C86-B41C-4745-8A3A-08819DC6A155}: NameServer = 80.93.224.1,80.93.224.2 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5929 bytes

Profil

Piksi Poslao: 11 Nov 2008 19:49 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je čist. Nisi ispratio uputstvo koje sam ti dao za deinstalaciju ComboFix-a? Da si ispratio gore opisanu proceduru, resetovao bi ti se System Restore.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » C:windows/sistem32/cvo0.dll TR/Vundo.gen

Ko je trenutno na forumu

Ukupno su 2358 korisnika na forumu :: 123 registrovanih, 12 sakrivenih i 2223 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, 357magnum, acov34, airliners, ArchaBasha, Asparagus, avijacija, babaroga, Bane san, Bbbggg1979, Betty25, blejač, Bo96, bojan313, bojank, boskelazo, Botovac, BrcakRS, Bubimir, casual03, celik, Cicumile, cifra, Citalac, CLIPPER, cole77, DalmatinacMF, Denaya, DezurniOperativni, Dimitrise93, dj.ape, Djota1, Dogma21, DonRumataEstorski, Dorcolac, Draganeli, dulleo, Electron, ElvisP, Ercomero, Ezbuck, FOX, Futog 74, Giskard, gripen, grunff2, Halabit, Jaxupa, Jerry Drake, jimi_agf, joca83, Jovan1983, karevski, knutveliki, Koja79, Kole1975, kolle.the.kid, komenski, koneks, Korle, Kosmos Banja Luka, Kozi-RS, Krusarac, Lepi Jova, loon123, LUDI, Macalone, Marko Marković, Marko00, markolopin, metallac777, MiGac, Milan A. Nikolic, milanovic, Milos ZA, Misterrno, mkukoleca, museum, mxzzz, N.e.m.a.nj.a., Naj-Turs, nebidrag, Neutral-M, Nobunaga, opt1, Oscar2, Osmatrač, Paklenica, Perudin_92, precan, Pururin, raketaš, RAKITNICA, raptorsi, raster12, renvoi, RJ, rovac, ruma, Sančo, SOVO515, Sretko, Srki98, Srle993, starlights, suton, Tandrkalo, Tandrčak, tomigun, Trpe Grozni, TTN, tubular, uruk, vaci, vensla, VJ, vrag81, Weteran, XRF_dd, ziggy76, ZlatniRez, Zoran1959, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by