MyCity » Ambulanta -> Arhiva Ambulante » Virusi - Pomozite još večeras, ako možete

Virusi - Pomozite još večeras, ako možete

Napisano na dan: 26.3.2010

Virusi - Pomozite još večeras, ako možete
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Mar 2010 00:33
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Napisano: 26 Mar 2010 0:28

Imam problema sa virusima, jedva sam se konektovao na net, a sutra mi je potreban laptop, ako neko može da mi pomogne što pre bio bih zahvalan.
Nod mi javlja da je pronašao virus na
C:/Windows/system32/wmimgr32dll
win32/sality.NAF virus
Comment:
Event occurred during an attemp to run the file by the aplication: C:/Program Files/ MP4 Player/mp4Player.exe

i još jedan virus u Documents&Setings
Win32/Sality.NAE virus

Kad upalim komp piše mi i da nedostaje komponenta framedyn.dll

Komp je usporen, a izgleda da mi je pao i NOD.

Sad ću okačiti ovo ostalo šta treba.

Dopuna: 26 Mar 2010 0:33

DDS (Ver_10-03-17.01) - NTFSx86
Run by Sandra at 0:19:36,26 on pon 01.01.2001
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.480 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\winsa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\mts mobilni internet\mts mobilni internet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Taskman=c:\documents and settings\sandra\application data\utlro.exe
uWinlogon: Shell=c:\windows\system32\nss.exe,c:\documents and settings\sandra\application data\oula.exe,c:\documents and settings\sandra\application data\utlro.exe,c:\documents and settings\sandra\application data\mepg.exe,explorer.exe,c:\documents and settings\sandra\csrss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh\iMeshIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: iMesh MediaBar: {b7d3e479-cc68-42b5-a338-938ece35f419} - c:\program files\imesh applications\imesh mediabar\iMeshMediaBar.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [bind] c:\docume~1\sandra\locals~1\temp\mosc.exe
mRun: [person] c:\windows\system32\into.exe
mRun: [eng] c:\windows\system32\nss.exe
mRun: [persons] c:\windows\system32\mine.exe
mRun: [WINDOWS UPDATE] winsa.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {260D4581-E819-4305-B0FB-672FE8DA593E} = 195.178.38.3 195.178.38.8
TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
uASetup: {4175C5F3-D47F-143B-DD4D-E67A0EB4E773} - "c:\documents and settings\sandra\application data\winnt\winlogon.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sandra\applic~1\mozilla\firefox\profiles\f5igsa94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.uns.ac.rs
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\sandra\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-1-1 100480]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 30192]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-2-26 250240]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-2-26 476160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\sandra\desktop\temeratura\WinRing0.sys [2009-9-17 14416]

=============== Created Last 30 ================

2010-03-05 18:53:55 140096 ----a-w- c:\windows\system32\comdlg32.ocx
2010-03-05 18:53:45 0 d-----w- c:\program files\Microsoft
2010-03-05 18:40:32 107008 --sh--r- c:\documents and settings\sandra\csrss.exe
2010-03-05 18:36:46 0 d-----w- c:\windows\system32\appmgmt
2010-03-05 18:25:43 0 d-sh--r- c:\windows\CIDD_P
2010-03-05 18:04:55 184320 --sh--r- c:\windows\winsa.exe
2010-03-05 18:04:13 184320 ----a-w- c:\windows\system32\mine.exe
2010-03-05 18:01:33 239104 --sh--r- c:\windows\system32\NSS.EXE
2010-03-05 18:01:33 218624 --sh--r- c:\docume~1\sandra\applic~1\mepg.exe
2010-03-05 17:59:55 245760 --sh--r- c:\docume~1\sandra\applic~1\utlro.exe
2010-03-05 17:59:53 219648 --sh--r- c:\docume~1\sandra\applic~1\oula.exe
2010-03-05 17:59:41 0 ----a-w- c:\documents and settings\sandra\Desktop.ini
2010-03-05 17:59:38 245760 --sha-r- c:\windows\system32\INTO.EXE
2010-03-05 17:51:01 0 d-----w- c:\docume~1\alluse~1\applic~1\11A5
2010-02-22 21:25:30 0 d-----w- C:\USBNoRisk
2010-02-16 13:17:36 0 d-----w- c:\docume~1\sandra\applic~1\Facebook
2010-02-05 14:59:11 0 d-----w- c:\program files\Winamp Detect
2010-02-03 17:18:02 0 d-----w- c:\program files\MSECache
2010-01-23 11:30:19 0 d-----w- c:\program files\MP4 Player
2010-01-18 17:15:53 0 d-----w- c:\program files\YouTube Downloader
2010-01-17 18:21:37 0 d-----w- c:\program files\Recnik20
2010-01-14 13:08:01 0 d-----w- C:\ALEKSA
2010-01-12 15:09:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-12 15:09:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 21:19:34 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-01 21:19:34 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-01 21:19:33 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-01 21:19:33 100480 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-01-01 21:18:57 0 d-----w- c:\program files\mts mobilni internet
2009-12-27 14:20:50 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-12-27 14:20:50 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-12-27 14:20:50 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-12-27 14:20:37 0 d-----w- c:\program files\MODEM Mobile Connection
2009-12-20 18:56:10 0 d-----w- c:\windows\system32\SupportAppXL
2009-12-16 18:21:20 0 d-----w- C:\Lud- zbunjen-normalan
2009-12-09 17:31:22 0 d-----w- c:\docume~1\alluse~1\applic~1\PEERNET
2009-12-09 17:31:18 0 d-----w- c:\docume~1\sandra\applic~1\PEERNET
2009-12-09 17:11:21 0 d-----w- c:\program files\PdfSvg
2009-12-09 16:42:46 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2009-12-09 16:42:22 0 d-----w- c:\program files\ImageConverter Plus
2009-12-06 22:48:39 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2009-11-22 16:23:25 0 d-----w- C:\10005521
2009-11-22 16:20:37 0 d-----w- C:\New Folder
2009-10-22 14:17:29 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-22 14:17:13 0 d-----w- c:\windows\Logs
2009-10-22 14:17:12 0 d-----w- c:\windows\system32\temp
2009-10-22 14:17:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PassMark
2009-10-22 14:17:02 0 d-----w- c:\program files\BurnInTest
2009-09-21 11:56:04 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-09-21 11:56:04 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-21 11:55:53 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-09-21 11:55:53 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-17 14:10:05 0 d-----w- c:\program files\Lavalys
2009-07-15 14:36:49 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2009-07-15 14:36:49 57344 ----a-w- c:\windows\system32\ImageDrive.cpl
2009-07-15 14:36:39 38912 ----a-w- c:\windows\system32\picn20.dll
2009-07-15 14:36:38 569344 ----a-w- c:\windows\system32\imagr5.dll
2009-07-15 14:36:38 544768 ----a-w- c:\windows\system32\imagx5.dll
2009-07-15 14:36:38 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2009-07-15 14:36:38 176128 ----a-w- c:\windows\system32\NEROCHECK.EXE
2009-07-15 14:28:07 0 d-----w- c:\program files\Webteh
2009-07-15 13:06:45 0 d-----w- c:\program files\Power off
2009-07-15 13:06:35 0 d-----w- c:\program files\PDF Creator
2009-07-15 13:06:30 0 d-----w- c:\program files\NODpravi
2009-07-15 13:06:24 0 d-----w- c:\program files\Nero Burning Rom 6.0.0.11
2009-07-15 13:05:40 0 d-----w- c:\program files\BSplayer
2009-07-15 13:05:23 0 d-----w- c:\program files\BS.Player ControlBar
2009-07-12 17:01:51 0 d-----w- c:\docume~1\alluse~1\applic~1\33203
2009-06-28 15:34:02 0 d-----w- c:\program files\ESET
2009-06-28 15:04:02 0 d-s---w- C:\ComboFix
2009-06-28 13:41:40 0 d-sha-r- C:\cmdcons
2009-06-28 13:18:14 0 dc----w- c:\windows\system32\dllcache\cache
2009-06-27 15:42:01 0 d-----w- c:\documents and settings\sandra\DoctorWeb
2009-06-25 21:36:27 2 ----a-w- c:\windows\010112010146118114.dat
2009-05-18 08:30:11 0 ----a-w- C:\testwma.raw
2009-05-17 10:50:40 0 d-sh--r- C:\Win
2009-05-15 18:30:26 483328 ----a-w- c:\windows\system32\actskn45.ocx
2009-05-15 18:30:23 0 d-----w- c:\program files\iMesh Applications
2009-05-03 10:52:11 0 d-----w- c:\program files\Easy MP3 Cutter
2009-05-01 18:30:36 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-03-24 13:56:03 7680 --sha-w- c:\windows\Thumbs.db
2009-03-23 21:50:17 32 ----a-w- c:\docume~1\alluse~1\applic~1\ezsid.dat
2009-03-07 16:28:04 38 ----a-w- c:\windows\avisplitter.INI
2009-02-26 21:55:52 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2009-02-26 21:55:51 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2009-02-26 21:55:51 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
2009-02-26 21:55:51 516096 ----a-w- c:\windows\system32\VMUVC.ax
2009-02-26 21:55:51 476160 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
2009-02-26 21:55:51 250240 ----a-w- c:\windows\system32\drivers\VMUVC.sys
2009-02-26 21:55:51 188416 ----a-w- c:\windows\system32\vvftUVC.ax
2009-02-26 21:55:51 11776 ----a-w- c:\windows\system32\VMUVC.dll
2009-02-26 21:55:21 0 d-----w- c:\program files\Vimicro Corporation
2009-02-26 18:55:12 0 d-----w- c:\windows\VMUVC
2009-02-26 18:55:04 0 d-----w- c:\windows\system32\ReinstallBackups
2009-02-26 18:51:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-02-26 18:42:39 0 d-----r- c:\program files\Skype
2009-02-26 18:23:02 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-02-26 18:23:02 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-02-25 16:57:17 3248 ----a-w- c:\windows\system32\wbem\Outlook_01c9976a1dc1c0e4.mof
2009-02-23 15:33:36 0 d-----w- c:\program files\common files\ODBC
2009-02-23 15:33:32 0 d-----w- c:\program files\common files\SpeechEngines
2009-02-23 15:33:05 0 d-----r- c:\documents and settings\all users\Documents
2009-02-23 15:28:18 0 d-----w- c:\program files\PC Wizard 2008
2009-02-23 15:25:25 0 d-----w- c:\program files\Microsoft ActiveSync
2009-02-23 15:21:57 0 d-----w- c:\program files\common files\CyberLink
2009-02-23 15:17:57 0 d-----w- c:\program files\CCleaner
2009-02-23 15:17:26 0 d-----w- c:\program files\Mv2Player
2009-02-23 15:16:17 0 d-----w- c:\docume~1\sandra\applic~1\Ashampoo
2009-02-23 15:15:54 0 d-----w- c:\docume~1\alluse~1\applic~1\ashampoo
2009-02-23 15:15:37 0 d-----w- c:\program files\Ashampoo
2009-02-23 15:14:31 0 d-----w- c:\program files\K-Lite Codec Pack
2009-02-23 14:45:55 0 d-sh--w- c:\documents and settings\all users\DRM
2009-02-23 14:45:38 0 d--h--w- c:\program files\WindowsUpdate
2009-02-23 14:45:22 0 d-----w- c:\program files\Windows Media Connect 2
2009-02-23 14:44:34 0 d-----w- c:\program files\common files\MSSoap
2009-02-23 14:42:37 0 d-----w- c:\program files\Online Services
2009-02-23 14:42:29 0 d-----w- c:\program files\Messenger
2009-02-23 14:42:24 0 d-----w- c:\program files\MSN Gaming Zone
2009-02-23 14:41:41 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-02-23 15:31:02 4096 ----a-w- c:\windows\d3dx.dat
2009-02-23 15:20:59 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-02-23 15:20:59 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-02-23 15:20:59 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-02-23 14:43:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-11-20 19:19:06 43872 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2008-08-24 02:33:46 3127 ----a-w- c:\windows\system32\presetup.cmd
2008-08-24 02:33:46 28672 ----a-w- c:\windows\system32\setupold.exe
2008-08-24 01:23:57 96792 ----a-w- c:\windows\system32\basecsp.dll
2008-07-04 03:18:16 84480 ----a-w- c:\windows\system32\pintool.exe
2008-07-04 03:18:16 133120 ----a-w- c:\windows\system32\axaltocm.dll
2008-07-04 03:18:15 25600 ----a-w- c:\windows\system32\bcsprsrc.dll
2008-07-04 03:18:15 151552 ----a-w- c:\windows\system32\ifxcardm.dll
2008-06-25 17:19:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-06-25 17:19:00 155648 ----a-w- c:\windows\system32\wscript.exe
2008-06-25 17:18:58 90112 ----a-w- c:\windows\system32\wshext.dll
2008-06-25 17:18:58 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-06-25 17:18:58 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-06-25 17:18:58 135168 ----a-w- c:\windows\system32\cscript.exe
2008-06-22 14:14:40 36864 ----a-w- c:\windows\system32\qfecheck.exe
2008-06-20 17:43:05 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:59:02 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:48:03 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-06-20 11:16:44 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-16 14:15:01 383488 ----a-w- c:\windows\system32\wzcdlg.dll
2008-06-13 11:27:44 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2008-06-13 11:03:52 215552 ----a-w- c:\windows\system32\osk.exe
2008-06-06 11:10:04 195456 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2008-06-05 13:53:44 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2008-06-05 13:53:42 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2008-06-05 13:53:41 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2008-06-05 13:53:41 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2008-06-05 13:53:41 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2008-06-05 13:53:41 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2008-06-05 13:53:40 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2008-06-05 13:50:59 299520 ----a-w- c:\windows\system32\kerberos.dll
2008-05-30 23:22:46 683520 ----a-w- c:\windows\system32\divx.dll
2008-05-30 11:42:06 1846016 ----a-w- c:\windows\system32\win32k.sys
2008-05-29 12:04:44 62848 ----a-w- c:\windows\system32\drivers\rspndr.sys
2008-05-29 12:04:42 10752 ----a-w- c:\windows\system32\rspndr.exe
2008-05-29 09:16:52 633344 ----a-w- c:\windows\system32\gpprefcl.dll
2008-05-27 17:29:24 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-05-22 22:22:18 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2008-05-22 22:19:46 81920 ----a-w- c:\windows\system32\dpl100.dll
2008-05-19 04:33:20 4445184 ----a-w- c:\windows\system32\msi.dll
2008-05-19 04:33:20 332800 ----a-w- c:\windows\system32\msihnd.dll
2008-05-19 04:33:20 18944 ----a-w- c:\windows\system32\msisip.dll
2008-05-18 23:57:42 95744 ----a-w- c:\windows\system32\msiexec.exe
2008-05-15 15:39:22 343552 ----a-w- c:\windows\system32\localspl.dll
2008-05-15 15:28:14 985088 ----a-w- c:\windows\system32\setupapi.dll
2008-05-13 13:53:40 1689088 ----a-w- c:\windows\system32\d3d9.dll
2008-05-08 13:58:18 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys
2008-05-08 06:18:31 102400 ----a-w- c:\windows\system32\cscdll.dll
2008-05-07 11:49:02 455552 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-05-07 11:12:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2008-05-07 05:04:16 1288192 ----a-w- c:\windows\system32\quartz.dll
2008-05-05 11:06:02 132608 ----a-w- c:\windows\system32\msv1_0.dll
2008-05-05 09:16:22 706048 ----a-w- c:\windows\system32\ntdll.dll
2008-05-03 11:57:06 52736 ----a-w- c:\windows\system32\w32tm.exe
2008-05-02 13:25:20 465920 ----a-w- c:\windows\system32\imapi2fs.dll
2008-05-02 13:25:20 317952 ----a-w- c:\windows\system32\imapi2.dll
2008-05-02 10:49:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2008-05-01 09:48:24 1358336 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2008-04-28 14:07:46 344064 ----a-w- c:\windows\system32\hnetcfg.dll
2008-04-28 14:07:46 330752 ----a-w- c:\windows\system32\ipnathlp.dll
2008-04-28 14:05:24 134144 ----a-w- c:\windows\system32\wkssvc.dll
2008-04-28 13:58:06 347136 ----a-w- c:\windows\system32\windowscodecsext.dll
2008-04-28 11:58:36 105344 ----a-w- c:\windows\system32\drivers\mup.sys
2008-04-25 11:36:54 91776 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2008-04-25 11:36:52 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2008-04-24 13:55:34 997888 ----a-w- c:\windows\system32\msgina.dll
2008-04-24 13:55:34 423936 ----a-w- c:\windows\system32\licdll.dll
2008-04-24 13:33:54 507904 ----a-w- c:\windows\system32\winlogon.exe
2008-04-24 11:11:32 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys
2008-04-24 07:06:32 937984 ----a-w- c:\windows\system32\wmnetmgr.dll
2008-04-23 15:40:33 599040 ----a-w- c:\windows\system32\crypt32.dll
2008-04-23 14:21:06 150016 ----a-w- c:\windows\system32\rastls.dll
2008-04-23 11:49:34 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-04-23 03:35:36 827392 ----a-w- c:\windows\system32\wininet.dll
2008-04-22 17:00:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-04-22 13:54:07 174848 ----a-w- c:\windows\system32\drivers\rdbss.sys
2008-04-22 13:45:52 576384 ----a-w- c:\windows\system32\drivers\ntfs.sys
2008-04-22 13:09:20 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2008-04-17 20:50:10 176128 ----a-w- c:\windows\system32\adsldp.dll
2008-04-17 14:33:26 4707328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2008-04-17 04:50:12 92672 ----a-w- c:\windows\system32\wbem\policman.dll
2008-04-17 04:50:12 728064 ----a-w- c:\windows\system32\lsasrv.dll
2008-04-17 04:50:12 68096 ----a-w- c:\windows\system32\ntdsapi.dll
2008-04-17 04:50:12 407040 ----a-w- c:\windows\system32\netlogon.dll
2008-04-17 04:50:12 175104 ----a-w- c:\windows\system32\w32time.dll
2008-04-17 04:50:10 68096 ----a-w- c:\windows\system32\adsmsext.dll
2008-04-17 04:50:10 199680 ----a-w- c:\windows\system32\gptext.dll
2008-04-17 04:50:10 113152 ----a-w- c:\windows\system32\dsuiext.dll
2008-04-16 23:43:24 2560 ----a-w- c:\windows\system32\msimsg.dll
2008-04-14 05:42:46 23552 ----a-w- c:\windows\system32\wdmaud.drv
2008-04-14 05:42:10 74240 ----a-w- c:\windows\system32\usbui.dll
2008-04-14 05:42:08 74752 ----a-w- c:\windows\system32\storprop.dll
2008-04-14 05:41:58 4096 ----a-w- c:\windows\system32\ksuser.dll
2008-04-14 04:43:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 04:42:46 294912 ----a-w- c:\windows\system32\msh263.drv

============= FINISH: 0:19:51,25 ===============

mycity.rs/must-login.png

Poslao: 26 Mar 2010 00:36
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Auuu.. Ti si se bas ljudski zarazio.. Pitanje je sta cemo ovde uspeti da uradimo, jer sem klasicnog virusa koji se kolko ja naslucujem iz tvoje price lepo rasirio, imas i gomilu ostalog malware-a


Preuzmi Dr.Web CureIt (~24 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.


Zatim bootuj u normalni rezim rada i skeniraj odatle sa ovim programom :

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

Poslao: 26 Mar 2010 11:15
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Napisano: 26 Mar 2010 1:22

Evo i Gmerovi, sad ću uraditi i ovo što si rekao, skinuo sam Dr.Web CureIt, sad ću preći u Safe mode.
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 26 Mar 2010 11:10

Sinoć sam pokrenuo Dr.Web CureIt i skenirao je sve dok nije došao do
C:/WINDOWS/system 32/drivers/acpi.sys
onda je usporio i celu noć je skenirao nekih 100 fajlova, a do tad je za pola sata prešao nekih 6000. Jutros sam ga ponovo pokrenuo, samo sad za kompletno skeniranje i prešao je nekih 70000 fajlova, ali kad je bio pri kraju naišao je na C:/WINDOWS/system 32/drivers/acpi.sys i opet uspori kao sinoć, do tad je pronašao 164 virusa, stopirao sam ga i selektovao sve i išao na Move incurable, nisam primetio da je išta očistio, sačuvao sam log i evo šta je skenirao:

ctfmon.exe C:\WINDOWS\system32 Win32.Sector.20480
hkcmd.exe C:\WINDOWS\system32 Win32.Sector.20480
igfxpers.exe C:\WINDOWS\system32 Win32.Sector.20480
igfxtray.exe C:\WINDOWS\system32 Win32.Sector.20480
INTO.EXE C:\WINDOWS\system32 Trojan.MulDrop.55658
mine.exe C:\WINDOWS\system32 Win32.Sector.20480
NEROCHECK.EXE C:\WINDOWS\system32 Win32.Sector.20480
NSS.EXE C:\WINDOWS\system32 Win32.Sector.20480
wmimgr32.dll C:\WINDOWS\system32 Win32.HLLP.Sector
CF13345.exe C:\ComboFix Win32.Sector.20480
MoodEditor.exe C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2 Win32.Sector.20480
csrss.exe C:\Documents and Settings\Sandra Win32.Sector.20480
mepg.exe C:\Documents and Settings\Sandra\Application Data Win32.Sector.20480
oula.exe C:\Documents and Settings\Sandra\Application Data Trojan.MulDrop.55658
utlro.exe C:\Documents and Settings\Sandra\Application Data Trojan.MulDrop.55658
usbnorisk.exe C:\Documents and Settings\Sandra\Desktop Win32.Sector.20480
JDownloader.exe C:\Documents and Settings\Sandra\Desktop\JDownloader Win32.Sector.20480
shutdown.exe C:\Documents and Settings\Sandra\Desktop\JDownloader\plugins\jdshutdown\windows Win32.Sector.20480
unrar.exe C:\Documents and Settings\Sandra\Desktop\JDownloader\tools\Windows\unrarw32 Win32.Sector.20480
RealTemp.exe C:\Documents and Settings\Sandra\Desktop\Temeratura Win32.Sector.20480
nero.exe C:\Documents and Settings\Sandra\Local Settings\Application Data\Xenocode\XSandbox\Nero Burning ROM\9, 0, 9, 100\2009.01.02T09. Win32.Sector.20480
225.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.HLLW.Lime.18
406.exe C:\Documents and Settings\Sandra\Local Settings\temp Trojan.MulDrop.55658
547.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
86902.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
922854.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
9295.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
963.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
DataCard_Setup.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
MOSC.EXE C:\Documents and Settings\Sandra\Local Settings\temp Trojan.MulDrop.55658
ResetDevice.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
RtkBtMnt.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
vcxb.exe C:\Documents and Settings\Sandra\Local Settings\temp Win32.Sector.20480
samcc[1].exe C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\MM0ZF6CK Win32.Sector.20480
Acrobat.com.exe C:\Program Files\Adobe\Acrobat.com Win32.Sector.20480
LogTransport2.exe C:\Program Files\Adobe\Reader 9.0\Reader Win32.Sector.20480
amf_slv.exe C:\Program Files\Ashampoo\Ashampoo Burning Studio 8 Win32.Sector.20480
ash_updateMediator.exe C:\Program Files\Ashampoo\Ashampoo Burning Studio 8 Win32.Sector.20480
uninst.exe C:\Program Files\BS.Player ControlBar Win32.Sector.20480
MemTest.exe C:\Program Files\BurnInTest Win32.Sector.20480
rebooter.exe C:\Program Files\BurnInTest Win32.Sector.20480
template.exe C:\Program Files\Common Files\Adobe AIR\Versions\1.0 Win32.Sector.20480
msinfo32.exe C:\Program Files\Common Files\Microsoft Shared\MSInfo Win32.Sector.20480
sapisvr.exe C:\Program Files\Common Files\Microsoft Shared\Speech Win32.Sector.20480
Eset Login Viewer v1.3.exe C:\Program Files\ESET\NOD (zabranjeno) Win32.Sector.20480
pdftotext.exe C:\Program Files\Google\Google Desktop Search Win32.Sector.20480
ih.exe C:\Program Files\ImageConverter Plus Win32.Sector.20480
FFPage.exe C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480
Launcher.exe C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480
UNWISE.EXE C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480
UpdateInst.exe C:\Program Files\iMesh Applications\iMesh Win32.Sector.20480
setup.exe C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D} Win32.Sector.20480
iedw.exe C:\Program Files\Internet Explorer Win32.Sector.20480
IEXPLORE.EXE C:\Program Files\Internet Explorer Win32.Sector.20480
icwconn1.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480
icwconn2.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480
icwrmind.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480
icwtutor.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480
inetwiz.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480
isignup.exe C:\Program Files\Internet Explorer\Connection Wizard Win32.Sector.20480
ac3config.exe C:\Program Files\K-Lite Codec Pack\Filters Win32.Sector.20480
gdsmux.exe C:\Program Files\K-Lite Codec Pack\Filters\Haali Win32.Sector.20480
mplayerc.exe C:\Program Files\K-Lite Codec Pack\Media Player Classic Win32.Sector.20480
dsconfig.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480
graphedit.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480
mediainfo.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480
StatsReader.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480
VobSubStrip.exe C:\Program Files\K-Lite Codec Pack\Tools Win32.Sector.20480
gspot.exe C:\Program Files\K-Lite Codec Pack\Tools\gspot Win32.Sector.20480
msmsgs.exe C:\Program Files\Messenger Win32.Sector.20480
ejectdisk.exe C:\Program Files\MODEM Mobile Connection Win32.Sector.20480
MODEM Mobile Connection.exe C:\Program Files\MODEM Mobile Connection Win32.Sector.20480
USBDriverInstaller_x86.exe C:\Program Files\MODEM Mobile Connection Win32.Sector.20480
Mp4Player.exe C:\Program Files\MP4 Player Win32.Sector.20480
VMonitor.exe C:\Program Files\Vimicro Corporation\VMUVC Win32.Sector.20480
A0143750.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143764.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143857.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143858.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143859.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0143860.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0143870.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143887.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143888.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143896.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0143901.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLW.Lime.18
A0143928.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143939.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143944.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0143948.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0143949.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144001.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144004.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144041.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0144045.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144048.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144062.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144067.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0144071.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144074.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144084.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144089.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0144093.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144140.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0144150.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145146.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0145148.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145150.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145154.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145155.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145339.dll C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.HLLP.Sector
A0145340.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145344.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145351.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145355.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145356.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145361.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145383.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145387.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Trojan.MulDrop.55658
A0145388.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145390.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145391.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145393.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145395.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145396.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145397.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145398.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145401.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145409.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145415.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145417.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145422.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145428.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145429.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145439.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145461.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145466.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145479.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145480.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145482.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145487.EXE C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145489.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145493.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145526.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145527.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145528.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145530.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145531.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145532.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145533.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145534.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145535.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145560.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145561.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
A0145563.exe C:\System Volume Information\_restore{BE2CCF99-2155-43BE-A5EC-B1F79E59B6FA}\RP176 Win32.Sector.20480
ctfmon.exe C:\WINDOWS\system32 Win32.Sector.20480
hkcmd.exe C:\WINDOWS\system32 Win32.Sector.20480
igfxpers.exe C:\WINDOWS\system32 Win32.Sector.20480
igfxtray.exe C:\WINDOWS\system32 Win32.Sector.20480
INTO.EXE C:\WINDOWS\system32 Trojan.MulDrop.55658
mine.exe C:\WINDOWS\system32 Win32.Sector.20480
NEROCHECK.EXE C:\WINDOWS\system32 Win32.Sector.20480
NSS.EXE C:\WINDOWS\system32 Win32.Sector.20480
wmimgr32.dll C:\WINDOWS\system32 Win32.HLLP.Sector

Dopuna: 26 Mar 2010 11:15

Skenirao sam i sa Malwarebytes Anti-Malware, pa pošto sam restartovao komp nisam mogao da nađem log, pa sam ponovio još jednom, ali je drugi put pronašao samo dva malware-a, a pronašao sam i log-fajlove i evo tu je i prvi i drugi log:

Malwarebytes' Anti-Malware 1.44
Database version: 3915
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.1.2001 9:51:53
mbam-log-2001-01-01 (09-51-53).txt

Scan type: Quick Scan
Objects scanned: 115491
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\person (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Sandra\Local Settings\temp\MOSC.EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\INTO.EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.Softomate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\oula.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Documents and Settings\Sandra\Application Data\utlro.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Documents and Settings\Sandra\Local Settings\temp\406.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Win\names.txt (Worm.AutoIT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\winsa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.

i drugi

Malwarebytes' Anti-Malware 1.44
Database version: 3915
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.1.2001 10:32:55
mbam-log-2001-01-01 (10-32-55).txt

Scan type: Quick Scan
Objects scanned: 115393
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wmimgr32.dll (Trojan.Downloader) -> Delete on reboot.

Poslao: 27 Mar 2010 16:37
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Stanje je veoma lose..Bas se rasirio.. Kazi mi jel si isao cure? Jel bila dostupna ta opcija.

Uploaduj mi

C:\WINDOWS\system32\ctfmon.exe

Preko sledece forme.

http://www.mycity.rs/ambulanta-upload.php

Jel mozes da startuje windows u normal modu. Jel malo bolje radi?

Ako ne uspemo bilo bi dobro da odradis sad backup dokumenata kao sto su slike, word fajlovi i sl... Programe i igrice ili bilo sta drugo sto se instalira il je aplikacija nemoj prebacivati na drugu particiju.

Poslao: 28 Mar 2010 16:08
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Napisano: 27 Mar 2010 17:02

Uploadovao sam ti ovaj fajl, komp je radio bolje, pošto mi je NOD bio blokiranpa ništa ga nije kočilo. Danas sam na svoju ruku uradio kompletno skeniranje sa Malwarebytes Anti-Malware, pa je on pronašao nekih 50 zaraženih fajlova, išao sam remove selected i onda mi je NOD ponovo proradio, sad on prijavljuje da ima negde virusa i blokira ih. Bila je opcija Cure, ja sam išao na Move incurable i sačekao nekih 2-3 minuta, al nisam video da je išta uradio.

Dopuna: 27 Mar 2010 18:02

Sad sam skenirao komp sa NOD-om i pronašao je 420 zaraženih fajlova i sve ih očistio, ako treba mogu da ti pošaljem ili kopiram taj logfile.
Svi su uglavnom bili zaraženi virusom:
Win32/Sality.NAE virus.
Sad komp radi solidno, šta misliš šta sad da uradim?

Dopuna: 28 Mar 2010 16:08

Juče sam skenirao još jednom sa NOD-om i pronašao je 140 zaraženih fajlova i očistio ih, a jutros kad sam skenirao nije pronašao ni jedan, šta misliš da skeniram još jednom sa Dr.Web CureIt? Uglavnom sad radi normalno i ništa ne prijavljuje.

Poslao: 28 Mar 2010 18:40
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

ok .to bi bilo to.

MyCity » Ambulanta -> Arhiva Ambulante » Virusi - Pomozite još večeras, ako možete

Ko je trenutno na forumu
 

Ukupno su 1260 korisnika na forumu :: 45 registrovanih, 7 sakrivenih i 1208 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Andrija357, aramis s, Buzdovan, cavatina, cifra, Denaya, DonRumataEstorski, dragoljub11987, Dukelander, FOX, goxin, ikan, Istman, ivica976, jackreacher011011, JOntra, Karla, kybonacci, ladro, M1los, mikrimaus, milenko crazy north, Mixelotti, nemkea71, nenad81, nextyamb, opt1, pein, Petarvu, royst33, sasa76, Sirius, slonic_tonic, solic, Srle993, Tvrtko I, vlvl, wolverined4, yrraf, YugoSlav, zziko, |_MeD_|, 1107