Možda tražite i:
mbam i sas nasli viruse dali su to stvarno virusi?
virus,virusi ili....
Nemačka prepuna virusa i bot-mreža

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko virusa

Pomoc oko virusa

Napisano na dan: 16.6.2009

Strana:
1
2
3

Pomoc oko virusa

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

gardinho Poslao: 19 Jun 2009 17:19 Idi na vrh
offline gardinho Građanin Pridružio: 16 Jun 2009 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-18.02 - Administrator 18.06.2009 17:11.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.157 [GMT 13:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp" "c:\windows\system32\6to4ex.dll" "c:\windows\system32\tpsaxyd.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\mta91881.dll c:\windows\Install.txt c:\windows\irc.txt c:\windows\system32\6to4ex.dll c:\windows\system32\comsa32.sys c:\windows\system32\FInstall.sys c:\windows\system32\msncache.dll c:\windows\system32\sopidkc.exe c:\windows\system32\tpszxyd.sys c:\windows\system32\wtukd32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_MSNCACHE -------\Legacy_SAFEKIS -------\Legacy_SOPIDKC -------\Service_msncache -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))))) . 2009-06-15 06:40 . 2009-06-15 06:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET 2009-06-14 07:22 . 2009-06-14 07:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-06-14 07:14 . 2009-06-14 07:14 -------- d-----w- c:\program files\ESET 2009-06-14 07:14 . 2009-06-14 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-06-14 06:25 . 2009-06-14 06:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-14 06:01 . 2009-06-14 06:01 0 ----a-w- c:\windows\nsreg.dat 2009-06-14 06:01 . 2009-06-14 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-06-14 05:04 . 2007-10-22 20:22 3350528 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe 2009-06-14 05:04 . 2009-06-14 05:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-14 02:49 . 2009-05-14 02:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-05-14 02:47 . 2009-05-14 02:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 02:41 . 2009-05-14 02:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-02 05:19 . 2009-05-02 04:41 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-04-30 07:08 . 2009-04-30 07:08 1915520 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-04-28 14:27 . 2009-04-28 14:27 78848 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\wproxy2.dll 2009-04-28 14:27 . 2009-04-28 14:27 210432 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\wlan2.dll 2009-04-28 14:27 . 2009-04-28 14:27 10752 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\system.dll 2009-04-28 14:27 . 2009-04-28 14:27 718848 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\secure.dll 2009-04-28 14:27 . 2009-04-28 14:27 97280 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\routing.dll 2009-04-28 14:27 . 2009-04-28 14:26 118272 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\ppp.dll 2009-04-28 14:26 . 2009-04-28 14:26 55808 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\ntp.dll 2009-04-28 14:26 . 2009-04-28 14:26 123904 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\hotspot.dll 2009-04-28 14:26 . 2009-04-28 14:26 92672 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\dhcp.dll 2009-04-28 14:26 . 2009-04-28 14:26 73728 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\advtool.dll 2009-04-28 14:26 . 2009-04-28 14:26 1257472 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\roteros.dll 2009-04-28 14:26 . 2009-04-28 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mikrotik 2009-04-28 02:13 . 2009-04-28 02:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-04-28 02:13 . 2009-04-28 02:13 -------- d-----w- c:\program files\Ovislink 2009-04-28 02:13 . 2007-02-19 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((( SnapShot@2009-06-14_05.47.19 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-03 23:56 . 2004-08-03 23:56 49152 c:\windows\system32\ws2help32.dll + 2009-06-14 07:15 . 2009-06-14 07:15 10134 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\callmsi.exe + 2009-06-14 07:10 . 2009-06-14 07:10 262144 c:\windows\system32\config\systemprofile\NtUser.dat + 2009-06-14 07:15 . 2009-06-14 07:15 101480 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\egui.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-11-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-11-17 118784] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2003-09-05 409600] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-01-16 1220608] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AirLive 802.11G Wireless Utility.lnk - c:\program files\Ovislink\Common\AirLiveUI.exe [2009-4-28 1748992] Thunder.exe [2009-6-11 3584] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [14.11.2008 9:54 9344] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [14.11.2008 9:54 468480] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 msncache;Microsoft Automatic Update;c:\windows\System32\svchost.exe -k netsvcs [4.8.2004 12:56 14336] R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ovislink\Common\RalinkRegistryWriter.exe [28.4.2009 15:13 69632] R2 safeKis;safeKis;c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp [18.6.2009 17:15 10752] R3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;c:\windows\system32\drivers\mdgndis5.sys [20.2.2008 5:51 164586] --- Other Services/Drivers In Memory --- NewlyCreated - MSNCACHE NewlyCreated - SAFEKIS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {69A98FC0-AA3D-45CE-9931-1E22390CFEE5} = 87.250.98.250 208.67.222.222 FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-18 17:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\sopidkc.exe 122880 bytes executable c:\windows\system32\comsa32.sys 6 bytes scan completed successfully hidden files: 2 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\safeKis] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3352) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\windows\system32\Msi.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\shdoclc.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\tpsaxyd.exe c:\windows\system32\wscntfy.exe c:\docume~1\ADMINI~1\LOCALS~1\Temp\18586f6700000 c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\dncyool32.sys . ************************************************************************ . Completion time: 2009-06-18 17:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-18 04:16 ComboFix2.txt 2009-06-17 06:48 ComboFix3.txt 2009-06-15 06:50 ComboFix4.txt 2009-06-14 05:49 Pre-Run: 19.555.672.064 bytes free Post-Run: 19.563.106.304 bytes free 166

Profil

helen1 Poslao: 19 Jun 2009 21:11 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp c:\windows\system32\sopidkc.exe c:\windows\system32\comsa32.sys c:\windows\system32\dncyool32.sys c:\windows\system32\tpsaxyd.exe c:\docume~1\ADMINI~1\LOCALS~1\Temp\18586f6700000 Driver:: msncache safeKis` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

gardinho Poslao: 22 Jun 2009 19:55 Idi na vrh
offline gardinho Građanin Pridružio: 16 Jun 2009 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo vam saljem log koji je napravljen, nadam se da cemo uspjeti ovo rijesti, izvinite na uznemiiravanju i hvala vam veliko!!!!! ComboFix 09-06-21.01 - Administrator 21.06.2009 19:33.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.279 [GMT 13:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\docume~1\ADMINI~1\LOCALS~1\Temp\18586f6700000" "c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp" "c:\windows\system32\comsa32.sys" "c:\windows\system32\dncyool32.sys" "c:\windows\system32\sopidkc.exe" "c:\windows\system32\tpsaxyd.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\mta57070.dll c:\windows\Install.txt c:\windows\system32\6to4ex.dll c:\windows\system32\comsa32.sys c:\windows\system32\FInstall.sys c:\windows\system32\msncache.dll c:\windows\system32\sopidkc.exe c:\windows\system32\tpszxyd.sys c:\windows\system32\wiawow32.sys c:\windows\system32\wtukd32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_MSNCACHE -------\Legacy_SAFEKIS -------\Legacy_SOPIDKC -------\Service_6to4 -------\Service_msncache -------\Service_safeKis -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 ))))))))))))))))))))))))))))))) . 2009-06-15 06:40 . 2009-06-15 06:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET 2009-06-14 07:22 . 2009-06-14 07:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-06-14 07:14 . 2009-06-14 07:14 -------- d-----w- c:\program files\ESET 2009-06-14 07:14 . 2009-06-14 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-06-14 06:25 . 2009-06-14 06:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-14 06:01 . 2009-06-14 06:01 0 ----a-w- c:\windows\nsreg.dat 2009-06-14 06:01 . 2009-06-14 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-06-14 05:04 . 2007-10-22 20:22 3350528 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe 2009-06-14 05:04 . 2009-06-14 05:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-14 02:49 . 2009-05-14 02:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-05-14 02:47 . 2009-05-14 02:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 02:41 . 2009-05-14 02:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-02 05:19 . 2009-05-02 04:41 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-04-30 07:08 . 2009-04-30 07:08 1915520 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-04-28 14:27 . 2009-04-28 14:27 78848 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\wproxy2.dll 2009-04-28 14:27 . 2009-04-28 14:27 210432 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\wlan2.dll 2009-04-28 14:27 . 2009-04-28 14:27 10752 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\system.dll 2009-04-28 14:27 . 2009-04-28 14:27 718848 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\secure.dll 2009-04-28 14:27 . 2009-04-28 14:27 97280 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\routing.dll 2009-04-28 14:27 . 2009-04-28 14:26 118272 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\ppp.dll 2009-04-28 14:26 . 2009-04-28 14:26 55808 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\ntp.dll 2009-04-28 14:26 . 2009-04-28 14:26 123904 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\hotspot.dll 2009-04-28 14:26 . 2009-04-28 14:26 92672 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\dhcp.dll 2009-04-28 14:26 . 2009-04-28 14:26 73728 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\advtool.dll 2009-04-28 14:26 . 2009-04-28 14:26 1257472 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\roteros.dll 2009-04-28 14:26 . 2009-04-28 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mikrotik 2009-04-28 02:13 . 2009-04-28 02:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-04-28 02:13 . 2009-04-28 02:13 -------- d-----w- c:\program files\Ovislink 2009-04-28 02:13 . 2007-02-19 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((( SnapShot@2009-06-14_05.47.19 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-03 23:56 . 2004-08-03 23:56 49152 c:\windows\system32\ws2help32.dll + 2004-08-17 07:00 . 2004-08-17 07:00 69652 c:\windows\system32\msncacheex.dll + 2009-06-14 07:15 . 2009-06-14 07:15 10134 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\callmsi.exe + 2009-06-14 07:10 . 2009-06-14 07:10 262144 c:\windows\system32\config\systemprofile\NtUser.dat + 2009-06-14 07:15 . 2009-06-14 07:15 101480 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\egui.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-11-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-11-17 118784] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2003-09-05 409600] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-01-16 1220608] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AirLive 802.11G Wireless Utility.lnk - c:\program files\Ovislink\Common\AirLiveUI.exe [2009-4-28 1748992] Thunder.exe [2009-6-11 3584] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [14.11.2008 9:54 9344] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [14.11.2008 9:54 468480] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ovislink\Common\RalinkRegistryWriter.exe [28.4.2009 15:13 69632] R3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;c:\windows\system32\drivers\mdgndis5.sys [20.2.2008 5:51 164586] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {69A98FC0-AA3D-45CE-9931-1E22390CFEE5} = 87.250.98.250 208.67.222.222 FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-21 19:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4084) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\windows\system32\Msi.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\shdoclc.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\documents and settings\All Users\Start Menu\Programs\Startup\Thunder.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-06-21 19:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-21 06:50 ComboFix2.txt 2009-06-18 04:16 ComboFix3.txt 2009-06-17 06:48 ComboFix4.txt 2009-06-15 06:50 ComboFix5.txt 2009-06-21 06:32 Pre-Run: 19.015.503.872 bytes free Post-Run: 19.208.220.672 bytes free 161

Profil

helen1 Poslao: 22 Jun 2009 21:12 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne uznemiravas ti mene, nego te nema po par dana, pa nas to koci. Kakvo je sad stanje?

Profil

gardinho Poslao: 22 Jun 2009 21:20 Idi na vrh
offline gardinho Građanin Pridružio: 16 Jun 2009 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Radim pa nemam bas uvjek vremena soryyyyy!!!!! Stanje je isto, nazalost, u sustini on meni ne pravi nikakve velike probleme osim sto mi ne da da otvorim pocetnu stranicu "facebook.com" i ne da mi samo nalog od tog druga da otvorim!!! Kada se prijavi na internet "nod" (trial verzija je i ja sam je instalirao tek nakon sto smo i otkrili taj virus) mi prijavljuje neki virus i da ga salje u quarnten!!!!!!

Profil

helen1 Poslao: 22 Jun 2009 21:23 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi nekako taj log od Noda.

Profil

gardinho Poslao: 22 Jun 2009 21:26 Idi na vrh
offline gardinho Građanin Pridružio: 16 Jun 2009 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 22 Jun 2009 21:25 mislim da je to ovaj log: Update 4160 (20090616)2009-06-16 19:18 BAT/Agent.NCH (2), IRC/SdBot, IRC/SdBot.DXK, PDF/Exploit.Pidief.OPL, PHP/C99Shell.W, SWF/TrojanDownloader.Swif.C, Win32/Adware.AdvancedVirusRemover (2), Win32/Adware.PersonalAntivirus (2), Win32/Adware.SystemSecurity (42), Win32/Agent.OOA, Win32/Agent.POZ, Win32/Agent.PPA (3), Win32/Agent.WPI (2), Win32/AntiAV.AZQ (2), Win32/AutoRun.Agent.PB (2), Win32/AutoRun.Delf.CJ (2), Win32/AutoRun.FlyStudio.LR, Win32/AutoRun.KS (2), Win32/Bagle.RQ, Win32/Bagle.RR, Win32/Bifrose.NEL, Win32/Delf.OKM (4), Win32/Dialer.NHX (2), Win32/FlyStudio.NNF (2), Win32/Injector.QJ, Win32/Injector.QK, Win32/IRCBot (2), Win32/IRCBot.ANV, Win32/Koobface.NBG, Win32/Koobface.NBQ, Win32/Koutodoor.BI (3), Win32/Koutodoor.G, Win32/Kryptik.UB, Win32/Kryptik.UC, Win32/Kryptik.UD, Win32/Kryptik.UE, Win32/Kryptik.UF, Win32/Kryptik.UG, Win32/LockScreen.F, Win32/NetTool.Grinder, Win32/Popwin.NBN, Win32/Popwin.NBQ, Win32/PSW.OnLineGames.NMP (15), Win32/PSW.OnLineGames.NMY (13), Win32/PSW.OnLineGames.NNU (12), Win32/PSW.OnLineGames.ODJ (3), Win32/PSW.OnLineGames.XTT (2), Win32/PSW.WOW.NLA (2), Win32/PSWTool.MailPassView.151, Win32/Qhost, Win32/Qhost.NKS, Win32/Qhost.NKU (2), Win32/Rootkit.Agent.NKV, Win32/Rustock.NIV (2), Win32/Rustock.NIW (2), Win32/Small.NGB, Win32/Spy.Banker.PPH, Win32/Spy.Delf.NVB (2), Win32/Spy.Zbot.JF (3), Win32/Spy.Zbot.RY, Win32/Spy.Zbot.RZ, Win32/Spy.Zbot.SA, Win32/StartPage.NJS, Win32/TrojanClicker.VB.NIA, Win32/TrojanDownloader.Agent.OYF, Win32/TrojanDownloader.Agent.PAC, Win32/TrojanDownloader.Banload.LNU, Win32/TrojanDownloader.Bredolab.AA (4), Win32/TrojanDownloader.Bredolab.AD, Win32/TrojanDownloader.Delf.OLB (2), Win32/TrojanDownloader.Delf.OZH (2), Win32/TrojanDownloader.FakeAlert.ACE, Win32/TrojanDownloader.FakeAlert.ACN, Win32/TrojanDownloader.Small.NTQ, Win32/TrojanDownloader.VB.HHS, Win32/TrojanDownloader.VB.NXX, Win32/TrojanDownloader.VB.NZH, Win32/TrojanDropper.Agent.OCR (3), Win32/TrojanDropper.Agent.OCS, Win32/TrojanDropper.Agent.OCT, Win32/TrojanDropper.Mudrop.NAS, Win32/TrojanDropper.VB.NDC, Win32/TrojanDropper.VB.NIF, Win32/VB.NRR (2), Win32/Wigon.LC, Win32/Wigon.LG Dopuna: 22 Jun 2009 21:26 ili ovaj, ili je to cak mozda i isti.....?!? Update 4179 (20090622)2009-06-22 19:38 ACAD/Agent.A (2), BAT/Logoff.A (2), BAT/Qhost.NBY (2), BAT/Shutdown.NAK (3), IRC/SdBot, Win32/Adware.AdvancedVirusRemover.A, Win32/Adware.InternetAntivirus (2), Win32/Adware.VirusAlarmPro, Win32/Adware.WiniGuard (2), Win32/Agent.PRA, Win32/Agent.PRB (2), Win32/AntiAV.NAZ (2), Win32/AutoRun.Agent.EU, Win32/AutoRun.Agent.NP, Win32/AutoRun.Agent.PH (3), Win32/AutoRun.KillAV.A (2), Win32/AutoRun.RR (2), Win32/BHO.NQM (2), Win32/Bifrose.NEL, Win32/Delf.OKZ, Win32/Delf.OLA, Win32/Delf.OLB, Win32/Kryptik.VB, Win32/Kryptik.VC, Win32/Olmarik.HY, Win32/Olmarik.IP (2), Win32/Olmarik.IQ (13), Win32/PSW.OnLineGames.NMP (9), Win32/PSW.OnLineGames.NMY (, Win32/PSW.OnLineGames.NNU (13), Win32/PSW.OnLineGames.NTZ, Win32/PSW.OnLineGames.ODJ (2), Win32/PSW.OnLineGames.OJT, Win32/PSW.OnLineGames.XTT (2), Win32/PSW.QQPass.NEO, Win32/PSW.VB.NCT (2), Win32/PSW.WOW.DZI, Win32/Qhost (2), Win32/Rootkit.Agent.NLY, Win32/Rustock (3), Win32/Sohanad.NEQ, Win32/Spy.Ambler.AD, Win32/Spy.Ambler.M, Win32/Spy.Banker.QEP, Win32/Spy.Banker.RBA, Win32/Spy.Banker.RBB (2), Win32/Spy.Banker.RBC, Win32/Spy.Small.NBV, Win32/Spy.Zbot.JF, Win32/Spy.Zbot.RD, Win32/Spy.Zbot.SJ, Win32/StartPage.NJS, Win32/TrojanClicker.Agent.NHE (2), Win32/TrojanDownloader.Agent.PAC, Win32/TrojanDownloader.FakeAlert.ADN, Win32/TrojanDropper.Flystud.XC

Profil

helen1 Poslao: 22 Jun 2009 21:40 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To sto ti meni pises su nazivi malwera koje Nod moze da detektuje od poslednjeg updejta. Daj taj karantin ako mozes.

Profil

gardinho Poslao: 22 Jun 2009 21:53 Idi na vrh
offline gardinho Građanin Pridružio: 16 Jun 2009 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne mogu da nadjem gdje je postavljeno to u karantinu, odradicu skeniranje sa nodom pa to salje log toga sto on skenira, je li moze tako nekako?

Profil

helen1 Poslao: 22 Jun 2009 21:57 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! gardinho ::ne mogu da nadjem gdje je postavljeno to u karantinu, odradicu skeniranje sa nodom pa to salje log toga sto on skenira, je li moze tako nekako? Moze. Ako ne mozes da izvuces log, onda mozes i da postavis screenshot.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko virusa

Ko je trenutno na forumu

Ukupno su 1203 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 1156 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, Battlehammer, bojank, Dannyboy, Dimitrise93, dozorni, dushan, FileFinder, flash12, FOX, Hamannche, HrcAk47, ILGromovnik, laganini123, laurusri, Marko Marković, MB120mm, mercedesamg, Metanoja, Milos ZA, mnn2, mocnijogurt, mustangkg, nikoladim, panzerwaffe, Petarvu, procesor, Romibrat, Sirius, sovanova95, Srle993, stegonosa, StepskiVuk, Vatreni Zmaj, vukdra, zlaya011, Zoca

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by