MyCity » Ambulanta -> Arhiva Ambulante » Virusi!Hitno!

Virusi!Hitno!

Napisano na dan: 24.4.2009

Strana:
1
2

Virusi!Hitno!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

brainstolen Poslao: 24 Apr 2009 21:19 Idi na vrh
offline brainstolen Novi MyCity građanin Pridružio: 16 Jan 2009 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na kompu ima BitDefender - trial version. Registruje da imam nekoliko virusa medju kojima iclose.exe, bv2.exe, mscup2.exe i jos neke. Zna li ne neko kako da ih izbrisem? Hitno mi treba pomoc

Profil

argus Poslao: 24 Apr 2009 21:56 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, procitaj ovu temu i uradi po uputstvu. http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

brainstolen Poslao: 24 Apr 2009 22:28 Idi na vrh
offline brainstolen Novi MyCity građanin Pridružio: 16 Jan 2009 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 24 Apr 2009 22:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:18:49, on 24.4.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\nMtsk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe C:\Documents and Settings\Admin.PC-0EC8CDAADA00\mscup2.exe C:\Documents and Settings\Admin.PC-0EC8CDAADA00\Desktop\PeraZdera\zmajj.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [01381593] C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe O4 - HKLM\..\Run: [01662234] C:\Documents and Settings\All Users.WINDOWS\Application Data\01662234\01662234.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b0.....586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: ?????? Google Update (gupdate1c9b7bc57c12942) (gupdate1c9b7bc57c12942) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7363 bytes Dopuna: 24 Apr 2009 22:28 P.S - cuju mi se neki nevezani zvuci na zvucniku kada sam na netu - kao neke radio stanice

Profil

argus Poslao: 24 Apr 2009 22:33 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

brainstolen Poslao: 24 Apr 2009 23:05 Idi na vrh
offline brainstolen Novi MyCity građanin Pridružio: 16 Jan 2009 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 24 Apr 2009 22:51 Uradio sam sve i pokrenuo, ali mi je trazio da downloaduje neku WINDOWS MACHINE i potvrdio sam ali sad je downloadu i stoji.... Dopuna: 24 Apr 2009 23:05 OK, kad je zavrsio 50 staza stao je i nista ne radi, ja sam cekao neko vreme, pa sam ga onda izgasio i restartovao racunar, ali sad kad mi se ukljuci racunar nema mi ikonica na desktopu.... Nije mi izbacio ComboFix.txt.....Pomoc

Profil

argus Poslao: 24 Apr 2009 23:05 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako stoji, ne razumem, blokirao ili sta \|

Profil

brainstolen Poslao: 24 Apr 2009 23:06 Idi na vrh
offline brainstolen Novi MyCity građanin Pridružio: 16 Jan 2009 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Procitaj moju drugu poruku...

Profil

argus Poslao: 24 Apr 2009 23:07 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moras da sacekas da CF odradi do kraja, nemoj da si nestrpljiv. Pokreni ponovo Combofix i sacekaj da se zavrsi ceo proces. Moze doci i do restarta ali ne mora, tvoje je da sacekas.

Profil

brainstolen Poslao: 25 Apr 2009 11:29 Idi na vrh
offline brainstolen Novi MyCity građanin Pridružio: 16 Jan 2009 Poruke: 23	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 25 Apr 2009 9:18 ComboFix 09-04-25.03 - Admin 25.04.2009 9:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.719 [GMT 2:00] Running from: c:\documents and settings\Admin.PC-0EC8CDAADA00\Desktop\Prijemni - MG\PeraZdera\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\comp\Favorites\Download programs.url c:\documents and settings\comp\Favorites\Games.url c:\documents and settings\comp\Favorites\Translator.url c:\documents and settings\comp\Favorites\Videos.url C:\resycled c:\resycled\boot.com c:\windows\IE4 Error Log.txt c:\windows\ieocx.dll c:\windows\jestertb.dll c:\windows\system32\kr_done1 c:\windows\system32\mdm.exe . ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 ))))))))))))))))))))))))))))))) . 2009-04-24 19:58 . 2009-04-24 19:58 512096 ----a-w c:\windows\system32\drivers\amon.sys 2009-04-24 19:58 . 2009-04-24 19:58 298104 ----a-w c:\windows\system32\imon.dll 2009-04-24 19:58 . 2009-04-24 19:58 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2009-04-24 19:48 . 2009-04-24 19:48 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Lavasoft 2009-04-24 18:22 . 2009-04-24 21:11 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\01662234 2009-04-24 17:49 . 2009-04-25 07:01 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\01381593 2009-04-23 12:08 . 2009-04-24 19:38 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-22 20:09 . 2009-04-24 20:36 8552 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\bv2.exe 2009-04-22 18:54 . 2009-04-22 18:54 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\2036B 2009-04-22 18:41 . 2009-04-22 18:41 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\182AF 2009-04-22 16:20 . 2009-04-24 20:36 35766 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\mscup2.exe 2009-04-22 06:49 . 2009-04-22 06:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\3A242 2009-04-21 17:14 . 2009-04-24 20:29 35766 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\iclose.exe 2009-04-13 15:16 . 2009-04-13 15:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\369C 2009-04-10 13:02 . 2009-04-10 13:03 -------- d-----w c:\windows\system32\NtmsData 2009-04-08 10:37 . 2009-04-08 10:37 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Google 2009-04-07 20:06 . 2009-04-07 20:06 56 ---ha-w c:\windows\system32\ezsidmv.dat 2009-04-07 20:06 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Google 2009-04-07 20:06 . 2009-04-24 18:22 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\skypePM 2009-04-04 12:47 . 2009-04-04 12:47 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-30 21:57 . 2009-04-24 18:24 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Skype 2009-03-30 21:57 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 20:15 . 2008-11-27 20:29 -------- d-----w c:\program files\Eset 2009-04-23 12:02 . 2009-04-23 11:57 -------- d-----w c:\program files\Common Files\Softwin 2009-04-23 08:50 . 2008-07-12 19:26 -------- d-----w c:\program files\Winamp 2009-04-20 17:32 . 2008-12-28 14:08 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\BearShare 2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\Alwil Software 2009-04-17 19:33 . 2009-04-11 17:35 -------- d-----w c:\program files\BearShare Applications 2009-04-14 12:22 . 2009-04-14 12:22 0 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\~eu37.tmp 2009-04-07 20:07 . 2008-01-09 12:46 -------- d-----w c:\program files\Google 2009-04-07 20:06 . 2009-03-30 21:56 -------- d-----r c:\program files\Skype 2009-04-07 20:06 . 2008-01-23 18:27 -------- d-----w c:\program files\Common Files\Skype 2009-04-04 12:47 . 2008-03-09 20:41 -------- d-----w c:\program files\Java 2009-01-09 21:03 . 2008-11-28 17:56 67928 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-12-10 14:42 . 2008-12-10 14:42 144 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\fusioncache.dat 2008-11-19 20:18 . 2008-11-19 20:18 322 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin 2008-11-15 18:23 . 2008-03-09 20:50 79680 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-27 22:00 . 2008-01-09 18:04 87608 ----a-w c:\documents and settings\comp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-10-19 286720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-04 148888] "01381593"="c:\documents and settings\All Users.WINDOWS\Application Data\01381593\01381593.exe" [2009-04-24 17:49 387641] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-24 949376] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-13 7094272] "msnsc"="c:\windows\system32\msnsc.exe" [2002-12-31 62054] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="1" "UpdatesDisableNotify"="1" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 gupdate1c9b7bc57c12942;?????? Google Update (gupdate1c9b7bc57c12942);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104] R3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880] R3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016] R3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504] R3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488] R3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648] S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-24 15424] --- Other Services/Drivers In Memory --- Deregistered - gupdate1c9b7bc57c12942 . Contents of the 'Scheduled Tasks' folder 2009-04-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 20:06] . - - - - ORPHANS REMOVED - - - - HKCU-Run-12CFG914-K641-26SF-N32P - c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe HKLM-Run-01662234 - c:\documents and settings\All Users.WINDOWS\Application Data\01662234\01662234.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\windows\system32\imon.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-25 09:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(680) c:\windows\system32\imon.dll . Completion time: 2009-04-25 9:14 ComboFix-quarantined-files.txt 2009-04-25 07:14 Pre-Run: 5.695.668.224 bytes free Post-Run: 7.457.251.328 bytes free 151 Dopuna: 25 Apr 2009 9:44 Sad kad mi se ukljuci racunar pojvaljuju mi se dve greske SetWindowPos Failed i Error Code 1406.... Dopuna: 25 Apr 2009 11:29 Malwarebytes mi je nasao ovo: Malwarebytes' Anti-Malware 1.36 Verzija baze podataka: 2039 Windows 5.1.2600 Service Pack 2 25.4.2009 11:26:45 mbam-log-2009-04-25 (11-26-40).txt Tip provjere: Kompletna Provjera (C:\\|D:\ Provjerenih objekata: 188539 Vrijeme trajanja: 24 minute(s), 35 second(s) Zaraženi procesi u memoriji: 0 Zaraženi moduli u memoriji: 0 Zaraženi kljuèevi u registru: 2 Zaražene vrijednosti u registru: 3 Zaraženi podaci u registru: 2 Zaraženi spremnici: 1 Zaražene datoteke: 4 Zaraženi procesi u memoriji: (Zloæudne stavke nisu otkrivene) Zaraženi moduli u memoriji: (Zloæudne stavke nisu otkrivene) Zaraženi kljuèevi u registru: HKEY_CLASSES_ROOT\ieocxapp.ieocx.1 (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken. Zaražene vrijednosti u registru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\01381593 (Rogue.Multiple.H) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken. Zaraženi podaci u registru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zaraženi spremnici: C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593 (Rogue.Multiple.H) -> No action taken. Zaražene datoteke: C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\01381593.exe (Rogue.Multiple.H) -> No action taken. C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\pc01381593cnf (Rogue.Multiple.H) -> No action taken. C:\Documents and Settings\All Users.WINDOWS\Application Data\01381593\pc01381593ins (Rogue.Multiple.H) -> No action taken. C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> No action taken.

Profil

argus Poslao: 25 Apr 2009 23:16 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 25 Apr 2009 21:23 @brainstolen Nadji ovaj fajl c:\windows\system32\msnsc.exe daj ga na upload, evo link. http://www.mycity.rs/ambulanta-upload.php Dopuna: 25 Apr 2009 23:16 Ponovo ugasi AV Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\documents and settings\Admin.PC-0EC8CDAADA00\mscup2.exe c:\documents and settings\Admin.PC-0EC8CDAADA00\iclose.exe c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin Folder:: c:\documents and settings\All Users.WINDOWS\Application Data\01662234 c:\documents and settings\All Users.WINDOWS\Application Data\01381593 DirLook:: c:\documents and settings\All Users.WINDOWS\Application Data\2036B c:\documents and settings\All Users.WINDOWS\Application Data\182AF c:\documents and settings\All Users.WINDOWS\Application Data\3A242 c:\documents and settings\All Users.WINDOWS\Application Data\369C Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "01381593"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnsc"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Ne zaboravi da posaljes onaj fajl!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virusi!Hitno!

Ko je trenutno na forumu

Ukupno su 874 korisnika na forumu :: 12 registrovanih, 2 sakrivenih i 860 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: brundo65, draggan, ILGromovnik, Koridor, kovac9mm, Krvava Devetka, opt1, pacika, saputnik plavetnila, stalja, TBF1D, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by