MyCity » Ambulanta -> Arhiva Ambulante » 76 virusa

76 virusa

Napisano na dan: 8.10.2010

Strana:
1
2
3
4

76 virusa

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

ramzesV Poslao: 13 Okt 2010 00:13 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 12 Okt 2010 23:32 MOVE.bat C:\w1.exe >>> c:\windows\system32\dllcache\winlogon.exe on next reboot. C:\w2.exe >>> c:\windows\system32\winlogon.exe on next reboot. C:\e1.exe >>> c:\windows\system32\dllcache\explorer.exe on next reboot. C:\e2.exe >>> c:\windows\explorer.exe on next reboot. Dopuna: 13 Okt 2010 0:13 ComboFix 10-10-11.05 - Violeta 10.2010 г. 0:53.9.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1251.359.1033.18.382.159 [GMT 3:00] Running from: c:\documents and settings\Violeta\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 ))))))))))))))))))))))))))))))) . 2010-10-09 21:39 . 2010-10-09 21:39 182656 ----a-w- C:\ndis_dllcache(2).bak 2010-10-09 21:39 . 2010-10-09 21:39 182656 ----a-w- C:\ndis_drivers(2).bak 2010-10-09 21:28 . 2010-10-09 21:28 182656 ----a-w- C:\ndis_dllcache(1).bak 2010-10-09 21:28 . 2010-10-09 21:28 182656 ----a-w- C:\ndis_drivers(1).bak 2010-10-09 21:27 . 2010-10-09 21:27 211072 ----a-w- C:\ndis_dllcache.bak 2010-10-09 21:27 . 2010-10-09 21:27 211072 ----a-w- C:\ndis_drivers.bak 2010-10-09 21:15 . 2010-10-09 21:14 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-10-08 19:23 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-08 19:23 . 2010-10-08 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-08 19:23 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-08 18:01 . 2010-10-08 18:01 -------- d-----w- c:\documents and settings\Violeta\Local Settings\Application Data\Mozilla 2010-10-06 17:33 . 2010-10-06 17:33 -------- d-----w- c:\documents and settings\Violeta\Application Data\Malwarebytes 2010-10-06 17:33 . 2010-10-06 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-28 08:47 . 2010-09-28 08:47 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2010-10-09 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2010-10-09 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys [-] 2010-10-11 . 51AD0455B7C2A6E50C35DCF5BD798B50 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2010-10-11 . 015CD27FE4C955A6638CBA2F27D72B15 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-10-09_20.23.37 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-12 21:45 . 2010-10-12 21:45 16384 c:\windows\Temp\Perflib_Perfdata_608.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="e:\bitcomet\BitComet.exe" [2009-07-31 2674488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-08-31 16248320] "SkyTel"="SkyTel.EXE" [2009-08-31 2879488] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-31 761946] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-20 149280] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 22:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-08-03 22:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nakido\\nakido.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26540:TCP"= 26540:TCP:BitComet 26540 TCP "26540:UDP"= 26540:UDP:BitComet 26540 UDP R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08.10.2010 г. 22:23 304464] R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [23.1.2010 г. 09:12 330240] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08.10.2010 г. 22:23 20952] S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2010 г. 00:30 135664] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [31.8.2009 г. 12:57 20160] . Contents of the 'Scheduled Tasks' folder 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:29] 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - e:\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - e:\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - e:\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Violeta\Application Data\Mozilla\Firefox\Profiles\tnz6ho4j.default\ FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: e:\divx\DivX Player\npDivxPlayerPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(496) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-10-13 01:05:15 ComboFix-quarantined-files.txt 2010-10-12 22:05 ComboFix2.txt 2010-10-11 18:49 ComboFix3.txt 2010-10-10 22:27 ComboFix4.txt 2010-10-10 22:05 ComboFix5.txt 2010-10-12 21:51 Pre-Run: 181 481 472 bytes free Post-Run: 179 290 112 bytes free - - End Of File - - AD00B41CC3AAD2FBB0644F51140915FE

Profil

Bogdan-Tc Poslao: 14 Okt 2010 10:04 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Preuzmi CLCOPY.bat sa sledeće adrese na Desktop: CLCOPY Pokreni CLCOPY.bat dvoklikom na ikonicu i sačekaj da završi sa radom. Korak 2. Preuzmi BlitzBlank sa sledeće adrese na Desktop: http://download1.emsisoft.com/BlitzBlank.exe Pokreni BlitzBlank (dvoklikom na ikonicu); Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `DeleteFile: c:\windows\system32\dllcache\winlogon.exe c:\windows\system32\winlogon.exe c:\windows\system32\dllcache\explorer.exe c:\windows\explorer.exe MoveFile: c:\w1.exe c:\windows\system32\dllcache\winlogon.exe c:\w2.exe c:\windows\system32\winlogon.exe c:\e1.exe c:\windows\system32\dllcache\explorer.exe c:\e2.exe c:\windows\explorer.exe` Izvršiti komandu klikom na taster Execute Now; Na oba upita kliknuti OK. Napomena: Nakon restarta računara izveštaj će biti sačuvan pod nazivom blitzblank.log na sistemskoj particiji (tipična lokacija: C:\blitzblank.log); Sadržaj izveštaja blitzblank.log je potrebno iskopirati ovde u poruci. Korak 3. Ponovo pokreni ComboFix i postavi izveštaj ovde u poruci.

Profil

ramzesV Poslao: 15 Okt 2010 00:29 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Okt 2010 0:24 e nista nisam mogla otvoriti kad sam ukljucila komp sem cf ponovo pokrenuti, evo loga. posle njega mogu mozillu da otvorim ..] sad cu pokusati ovo sto si mi dao da uradim: ComboFix 10-10-11.05 - Violeta 10.2010 г. 1:03.11.1 - x86 Running from: c:\documents and settings\Violeta\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 ))))))))))))))))))))))))))))))) . 2010-10-14 07:39 . 2010-10-14 07:39 234 ----a-w- c:\documents and settings\Violeta\Application Data\jsfhjjsd.bat 2010-10-09 21:39 . 2010-10-09 21:39 182656 ----a-w- C:\ndis_dllcache(2).bak 2010-10-09 21:39 . 2010-10-09 21:39 182656 ----a-w- C:\ndis_drivers(2).bak 2010-10-09 21:28 . 2010-10-09 21:28 182656 ----a-w- C:\ndis_dllcache(1).bak 2010-10-09 21:28 . 2010-10-09 21:28 182656 ----a-w- C:\ndis_drivers(1).bak 2010-10-09 21:27 . 2010-10-09 21:27 211072 ----a-w- C:\ndis_dllcache.bak 2010-10-09 21:27 . 2010-10-09 21:27 211072 ----a-w- C:\ndis_drivers.bak 2010-10-09 21:15 . 2010-10-09 21:14 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-10-08 19:23 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-08 19:23 . 2010-10-08 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-08 19:23 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-08 18:01 . 2010-10-08 18:01 -------- d-----w- c:\documents and settings\Violeta\Local Settings\Application Data\Mozilla 2010-10-06 17:33 . 2010-10-06 17:33 -------- d-----w- c:\documents and settings\Violeta\Application Data\Malwarebytes 2010-10-06 17:33 . 2010-10-06 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-28 08:47 . 2010-09-28 08:47 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2010-10-09 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2010-10-09 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys [-] 2010-10-11 . 51AD0455B7C2A6E50C35DCF5BD798B50 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2010-10-11 . 015CD27FE4C955A6638CBA2F27D72B15 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-10-09_20.23.37 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-14 21:55 . 2010-10-14 21:55 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="e:\bitcomet\BitComet.exe" [2009-07-31 2674488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-08-31 16248320] "SkyTel"="SkyTel.EXE" [2009-08-31 2879488] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-31 761946] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-20 149280] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 22:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-08-03 22:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nakido\\nakido.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26540:TCP"= 26540:TCP:BitComet 26540 TCP "26540:UDP"= 26540:UDP:BitComet 26540 UDP R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08.10.2010 г. 22:23 304464] R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [23.1.2010 г. 09:12 330240] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08.10.2010 г. 22:23 20952] S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2010 г. 00:30 135664] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [31.8.2009 г. 12:57 20160] . Contents of the 'Scheduled Tasks' folder 2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:29] 2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - e:\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - e:\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - e:\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Violeta\Application Data\Mozilla\Firefox\Profiles\tnz6ho4j.default\ FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: e:\divx\DivX Player\npDivxPlayerPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(496) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-10-15 01:15:36 ComboFix-quarantined-files.txt 2010-10-14 22:15 ComboFix2.txt 2010-10-12 22:45 ComboFix3.txt 2010-10-12 22:05 ComboFix4.txt 2010-10-11 18:49 ComboFix5.txt 2010-10-14 22:02 Pre-Run: 194 985 984 bytes free Post-Run: 189 063 168 bytes free - - End Of File - - 9C203540622732C1E209E1B9F5A46F9A Dopuna: 15 Okt 2010 0:29 ovaj blitzblank ne radi... kaze syntax error in ine 2, invalid file path

Profil

Bogdan-Tc Poslao: 15 Okt 2010 19:24 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvo pogledaj da li imaš ova četiri file-a na sistemskoj particiji. `c:\w1.exe c:\w2.exe c:\e1.exe c:\e2.exe` Ukoliko postoje onda zatvori program BlitzBlank pa ga ponovo pokreni i pažljivo iskopiraj teskt iz moje prethodne poruke. Ukoliko ne postoje ponovo pokreni CLCOPY.bat pa onda odradi po uputstvu za BlitzBlank.

Profil

ramzesV Poslao: 15 Okt 2010 19:33 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! imaju sva 4 ali nece ... opet isto ... syntax error, line 2.

Profil

Bogdan-Tc Poslao: 15 Okt 2010 19:40 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokušaj ovako: `DeleteFile: c:\windows\system32\winlogon.exe c:\windows\explorer.exe MoveFile: c:\w1.exe c:\windows\system32\dllcache\winlogon.exe c:\w2.exe c:\windows\system32\winlogon.exe c:\e1.exe c:\windows\system32\dllcache\explorer.exe c:\e2.exe c:\windows\explorer.exe`

Profil

ramzesV Poslao: 15 Okt 2010 20:28 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Okt 2010 20:01 e uspelo je ... sad se restartuje komp pa cu pokrenuti cf. Dopuna: 15 Okt 2010 20:09 BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveFileOnReboot: sourceFile = "\??\c:\w2.exe", destinationFile = "\??\c:\windows\system32\winlogon.exe", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\e1.exe", destinationFile = "\??\c:\windows\system32\dllcache\explorer.exe", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\e2.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0 BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\winlogon.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\explorer.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\w1.exe", destinationFile = "\??\c:\windows\system32\dllcache\winlogon.exe", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\w2.exe", destinationFile = "\??\c:\windows\system32\winlogon.exe", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\e1.exe", destinationFile = "\??\c:\windows\system32\dllcache\explorer.exe", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\e2.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0 Dopuna: 15 Okt 2010 20:28 evo i cf: ComboFix 10-10-14.04 - Violeta 10.2010 г. 21:15:26.13.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1251.359.1033.18.382.160 [GMT 3:00] Running from: c:\documents and settings\Violeta\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 ))))))))))))))))))))))))))))))) . 2010-10-15 18:02 . 2010-10-15 18:02 507904 -c--a-w- c:\windows\system32\dllcache\winlogon.exe 2010-10-15 15:15 . 2010-10-15 18:02 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe 2010-10-09 21:39 . 2010-10-09 21:39 182656 ----a-w- C:\ndis_dllcache(2).bak 2010-10-09 21:39 . 2010-10-09 21:39 182656 ----a-w- C:\ndis_drivers(2).bak 2010-10-09 21:28 . 2010-10-09 21:28 182656 ----a-w- C:\ndis_dllcache(1).bak 2010-10-09 21:28 . 2010-10-09 21:28 182656 ----a-w- C:\ndis_drivers(1).bak 2010-10-09 21:27 . 2010-10-09 21:27 211072 ----a-w- C:\ndis_dllcache.bak 2010-10-09 21:27 . 2010-10-09 21:27 211072 ----a-w- C:\ndis_drivers.bak 2010-10-09 21:15 . 2010-10-09 21:14 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-10-08 19:23 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-08 19:23 . 2010-10-08 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-08 19:23 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-08 18:01 . 2010-10-08 18:01 -------- d-----w- c:\documents and settings\Violeta\Local Settings\Application Data\Mozilla 2010-10-06 17:33 . 2010-10-06 17:33 -------- d-----w- c:\documents and settings\Violeta\Application Data\Malwarebytes 2010-10-06 17:33 . 2010-10-06 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-28 08:47 . 2010-09-28 08:47 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2010-10-09 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2010-10-09 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys [-] 2010-10-15 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2010-10-15 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2010-10-15 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2010-10-15 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-10-09_20.23.37 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-15 18:03 . 2010-10-15 18:03 16384 c:\windows\Temp\Perflib_Perfdata_638.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="e:\bitcomet\BitComet.exe" [2009-07-31 2674488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-08-31 16248320] "SkyTel"="SkyTel.EXE" [2009-08-31 2879488] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-31 761946] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-20 149280] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 22:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 21:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-08-03 22:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nakido\\nakido.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26540:TCP"= 26540:TCP:BitComet 26540 TCP "26540:UDP"= 26540:UDP:BitComet 26540 UDP R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08.10.2010 г. 22:23 304464] R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [23.1.2010 г. 09:12 330240] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08.10.2010 г. 22:23 20952] S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2010 г. 00:30 135664] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [31.8.2009 г. 12:57 20160] . Contents of the 'Scheduled Tasks' folder 2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:29] 2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 21:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - e:\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - e:\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - e:\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Violeta\Application Data\Mozilla\Firefox\Profiles\tnz6ho4j.default\ FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: e:\divx\DivX Player\npDivxPlayerPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2704) c:\windows\system32\msi.dll . Completion time: 2010-10-15 21:27:07 ComboFix-quarantined-files.txt 2010-10-15 18:27 ComboFix2.txt 2010-10-14 22:44 ComboFix3.txt 2010-10-14 22:15 ComboFix4.txt 2010-10-12 22:45 ComboFix5.txt 2010-10-15 18:13 Pre-Run: 147 779 584 bytes free Post-Run: 136 822 784 bytes free - - End Of File - - 93E1EBBEDC22AF3559459A8CA4049F44

Profil

Bogdan-Tc Poslao: 15 Okt 2010 21:04 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sad deluje ok. Isprati još sledeće... Korak 1. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Korak 2. Pronađi navedene file-ove i slobodno ih obriši: `C:\ndis_dllcache(2).bak C:\ndis_drivers(2).bak C:\ndis_dllcache(1).bak C:\ndis_drivers(1).bak C:\ndis_dllcache.bak C:\ndis_drivers.bak` Korak 3. Odaberi neki Anti-virus i Firewall po želji i instaliraj ih na računar. Ovde možeš pogledati objašnjenja/mišljenja o navedenim programima pa odaberi za koje smatraš da su ti najpogodniji za korišćenje. http://www.mycity.rs/Zastita/

Profil

ramzesV Poslao: 15 Okt 2010 21:24 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ima u c: \ folder combofix u kom se nalazi: NircmdB.exe da li mogu i to da obrisem?

Profil

Bogdan-Tc Poslao: 15 Okt 2010 21:43 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi prvo deinstalirala ComboFix? Ako jesi, možeš da obrišeš C:\ComboFix

Profil

MyCity » Ambulanta -> Arhiva Ambulante » 76 virusa

Ko je trenutno na forumu

Ukupno su 825 korisnika na forumu :: 47 registrovanih, 11 sakrivenih i 767 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, amaterSRB, Atomski čoban, Brana01, darkangel, deLacy, Denaya, Dorcolac, flash12, GandorCC, Georgius, gomago, ILGromovnik, Istman, jackreacher011011, Karla, kolle.the.kid, Kubovac, Leonov, Lutvo_Redzepagic, milenko crazy north, Mixelotti, moldway, nebkv, novator, opt1, pein, RJ, Rogan33, sasa87, Shinobi, Sirius, SlaKoj, Trpe Grozni, vathra, VJ, Vlad000, Vlada1389, vladulns, W123, yufighter, ZetaMan, zlaya011, Zoca, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by