Virus Win32/Cryptor. Pomozite

Virus Win32/Cryptor. Pomozite

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 44

Napisano: 26 Avg 2011 12:47

Od juče mi računar radi sporo. Sporo prima naredbe,sporo otvara prozore, nekad pojavi i not respond, sporo se i gasi. Sada sam ušla u karantin za viruse i zabeležen je virus Win32/Cryptor, vreme pise 25.08.2011. u 19:49. Da li možete opet da mi pomognete da ga obrišem? Samo njega registruje program, mislim da drugi virus nema ili nisu pronađeni.

Pozdrav Kristina

Dopuna: 26 Avg 2011 14:42

Zaboravila sam da navedem da imam antivirusni program AVG 2011, ADSL 4mb Windows XP.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav.

Ako je file u karantinu onda nije aktivan (prebačen je u karantin prilikom uklanjanja sa lokacije na kojoj je bio).

Ukoliko smatraš da su opisani problemi prouzrokovani malicioznim programima, isprati ovo uputstvo:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

pa će neko da proveri da li je doista malware u pitanju.

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 44

Napisano: 26 Avg 2011 15:34

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by kris at 14:51:34 on 2011-08-26
Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.512.107 [GMT 2:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\AVG\AVG10\avgtray.exe
svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2953735
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll
TB: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\kris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8CC2F0DC-81BF-46A0-A12B-AD3211653A78} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgfws;AVG zastitni zid;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 gupdate;Google ажурирање услуга (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-23 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 gupdatem;Google ажурирање услуга (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176]
.
=============== Created Last 30 ================
.
2011-08-25 17:49:59 -------- d--h--w- C:\$AVG
2011-08-25 13:45:11 -------- d-----w- c:\documents and settings\kris\application data\AVG
2011-08-25 10:04:07 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-08-25 10:03:34 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-08-25 10:02:50 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-25 09:59:55 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-25 09:59:51 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-25 09:55:09 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-25 09:55:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-25 09:55:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-25 09:55:07 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-25 09:55:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-08-25 09:55:03 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-08-25 09:54:53 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-08-25 09:54:27 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-25 09:54:18 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-24 15:29:01 -------- d-----w- c:\documents and settings\kris\application data\MCShield
2011-08-24 14:46:17 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-08-24 14:46:16 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-08-24 14:46:14 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-08-24 14:43:18 966656 ----a-w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2011-08-24 14:42:50 1327320 ----a-w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2011-08-24 14:40:56 77824 ----a-w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2011-08-24 14:40:17 86016 ----a-w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2011-08-24 14:39:29 229376 ----a-w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2011-08-24 14:37:17 11053008 ----a-w- c:\program files\msn\msncorefiles\install\msn9components\Msncli.exe
2011-08-24 14:36:01 884712 ----a-w- c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe
2011-08-24 14:29:59 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2011-08-24 14:29:59 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2011-08-24 14:29:56 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2011-08-24 14:26:23 19569 ----a-w- c:\windows\003034_.tmp
2011-08-24 14:25:24 -------- d-----w- c:\documents and settings\kris\local settings\application data\Apple Computer
2011-08-24 13:00:36 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-24 12:59:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-24 12:59:30 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-08-24 12:59:30 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-08-24 12:59:30 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-08-24 12:59:30 117760 ------w- c:\windows\system32\prntvpt.dll
2011-08-24 12:59:29 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-08-24 12:59:29 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-08-24 12:59:29 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-08-24 12:59:29 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-08-24 12:53:29 -------- d-----w- c:\program files\MSXML 6.0
2011-08-24 12:32:11 -------- d-sh--w- c:\documents and settings\kris\IETldCache
2011-08-24 12:28:33 -------- d-----w- c:\windows\ie8updates
2011-08-24 12:24:03 -------- dc-h--w- c:\windows\ie8
2011-08-23 16:52:10 -------- d-----w- c:\documents and settings\kris\local settings\application data\PCHealth
2011-08-23 13:33:19 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-08-23 13:29:14 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-23 13:29:14 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-08-23 08:00:28 -------- d-----w- c:\program files\AVG
2011-08-23 01:13:27 -------- d-----w- c:\documents and settings\kris\application data\Malwarebytes
2011-08-23 01:13:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-22 23:27:30 -------- d-----w- c:\program files\Conduit
2011-08-22 23:27:28 -------- d-----w- c:\documents and settings\kris\local settings\application data\CyberDefender-TB
2011-08-22 23:27:27 -------- d-----w- c:\documents and settings\kris\local settings\application data\Temp
2011-08-22 23:27:27 -------- d-----w- c:\documents and settings\kris\local settings\application data\Conduit
2011-08-22 23:27:25 -------- d-----w- c:\program files\CyberDefender-TB
2011-08-22 23:26:38 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-08-22 11:24:16 -------- d-----w- c:\windows\ServicePackFiles
2011-08-22 11:22:18 -------- d-----w- c:\program files\MSXML 4.0
2011-08-22 07:32:58 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-08-22 07:32:19 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-08-22 07:31:24 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-08-22 07:31:17 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-08-22 07:30:51 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-08-22 07:26:30 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-08-22 07:19:45 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-08-22 07:18:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-08-22 07:18:06 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-08-22 07:10:42 -------- d-----w- c:\windows\system32\PreInstall
2011-08-22 07:10:41 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-22 07:10:39 -------- d--h--w- c:\windows\$hf_mig$
2011-08-21 19:31:14 -------- d-sha-r- C:\cmdcons
2011-08-17 18:57:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 18:53:31 -------- d-----w- c:\documents and settings\kris\local settings\application data\Google
2011-08-17 18:37:22 -------- d-----w- c:\documents and settings\all users\application data\Autorun Eater
2011-08-17 18:37:13 -------- d-----w- c:\program files\Autorun Eater
2011-08-17 18:22:00 -------- d-----w- c:\program files\CCleaner
2011-08-17 18:12:46 -------- d-----w- c:\documents and settings\kris\local settings\application data\Opera
2011-08-17 18:10:53 -------- d-----w- c:\windows\system32\SoftwareDistribution
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:53:31,87 ===============



mycity.rs/must-login.png



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 26 Avg 2011 15:35

ovo sam stavila prateći uputstvo kako otvoriti temu.

Dopuna: 26 Avg 2011 15:55

skenirala sam računar Mallwarebytes Anti-Malware programom ful skan,nema nijedan virus.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda čisto.

Vezano za brzinu rada: deinstaliraj nepotrebne programe i sa sistemske particije ( C: disk ) skloni sve što tamo ne mora da bude (muzika, filmovi, itd), obriši privremene file-ove (dole je uputstvo) i defragmentuj disk.

Takođe, moguće je da AVG nije baš najoptimalniji izbor za tvoj kompjuter - probaj da ga deinstaliraš i zameniš nekim drugim antivirusom (probaš npr. avast!).


Arrow Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.




Ukoliko ništa od navedenoga ne pomogne ili imaš kakvih dodatnih pitanja, otvori temu u Windows forumu i tamo potraži savete.

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 44

Hvala vam na strpljenju i savetu.

Pozdrav

Ko je trenutno na forumu
 

Ukupno su 622 korisnika na forumu :: 20 registrovanih, 2 sakrivenih i 600 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4fat, _Sale, A.R.Chafee.Jr., Bloody, Cobi026, djboj, goxin, indja, Kaplar2, kolateralnasteta, Lieutenant, Marko Marković, Mercury, MiroslavD, Recce, renoje2, stegonosa, virked, vlahale, vlvl