MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.Virtumonde BQ application

Win32/Adware.Virtumonde BQ application

Napisano na dan: 16.4.2007

Strana:
1
2

Win32/Adware.Virtumonde BQ application

Sledeća strana

Pagination

Odgovori

Strana:
1
2

jessica Poslao: 16 Apr 2007 23:49 Idi na vrh
offline jessica Zaslužni građanin Pridružio: 24 Mar 2004 Poruke: 646	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav svima, Kompjuter mi se pokocio nacisto, explorer se jedva otvara a Nod samo sto se ne rasplace. Ne moze uopste da ocisti ovaj virus! Kao da se mnozi. Imam ADSL na 256. Evo prilazem hijack log Hvala unapred. Logfile of HijackThis v1.99.1 Scan saved at 23:34:12, on 16.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\ISS\BlackICE\blackice.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\explorer.exe D:\Programi\Programi\Antivirus\Ciscenje virusa\HijackThis\MM5.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\pmnnkif.dll O2 - BHO: (no name) - {9B396081-19F9-4E88-BD1D-C023328DF5B2} - C:\WINDOWS\system32\vtsts.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\Save Flash\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....8527328375 O20 - Winlogon Notify: pmnnkif - C:\WINDOWS\SYSTEM32\pmnnkif.dll O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - (no file) O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: Rapfibntdnt - Unknown owner - (no file) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Profil

rapha Poslao: 17 Apr 2007 00:52 Idi na vrh
offline rapha Mod u pemziji Cigarette Smoking Man Pridružio: 14 Feb 2005 Poruke: 9113 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav jessica, sad ću da pregledam log pa ti se javljam.. Dopuna: 17 Apr 2007 0:52 Komp je definitivno zaražen.. Evo ovako ćemo: Skinuti VundoFix. - Kliknuti na VundoFix.exe - Kada se otvori, kliknuti na Scan for Vundo - Kada se završi skeniranje, kliknuti na Remove Vundo dugme - Pitaće te da li želiš da ukloniš fajlove, kliknuti Yes - Kada završi, pitaće te da restartuješ računar, kliknuti OK Moguće je da VundoFix neće moći odmah da ukloni neke fajlove. U tom slučaju VundoFix će se pokrenuti pri butovanju. Jednostavno, čim se VundoFix pojavi nakon reboota kliknuti na Scan for Vundo. Nakon toga iskopiraj nam sadržaj fajla C:\vundofix.txt ovde i postavi svež HijackThis log, da vidimo šta se dešava..

Profil

jessica Poslao: 17 Apr 2007 07:31 Idi na vrh
offline jessica Zaslužni građanin Pridružio: 24 Mar 2004 Poruke: 646	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinula sam VundoFix, medjutim on ne moze da iskenira do kraja jer "pukne" i pokoci se (...not responding). A evo sta mi Nod prijavljuje pre svakog skeniranja: application Win32/Adware.Virtumonde.BQ found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\pmnnkif.dll. I broj inficiranih fajlova se brzo povecava Evo kako to izgleda: [/img] Dopuna: 17 Apr 2007 7:31 Cele noci nisam spavala i uspela sam da "ucmekam gada". Rapha, hvala ti, dao si mi smernicu Pronasla sam jedan remuval programcic koji se zove VirtumundoBeGone.exe (94.7kb) [04/17/2007, 7:05:57] - VirtumundoBeGone v1.5 ( "D:\Programi\Programi\Antivirus\Ciscenje virusa\VirtumundoBeGone.exe" ) [04/17/2007, 7:06:01] - Detected System Information: [04/17/2007, 7:06:01] - Windows Version: 5.1.2600, Service Pack 2 [04/17/2007, 7:06:01] - Current Username: miguel (Admin) [04/17/2007, 7:06:01] - Windows is in NORMAL mode. [04/17/2007, 7:06:01] - Searching for Browser Helper Objects: [04/17/2007, 7:06:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/17/2007, 7:06:01] - BHO 2: {0F87BAAC-7BDB-43CB-88D2-A92079AF9A9A} () [04/17/2007, 7:06:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/17/2007, 7:06:01] - Checking for HKLM\...\Winlogon\Notify\vtsts [04/17/2007, 7:06:01] - Found: HKLM\...\Winlogon\Notify\vtsts - This is probably Virtumundo. [04/17/2007, 7:06:01] - Assigning {0F87BAAC-7BDB-43CB-88D2-A92079AF9A9A} MSEvents Object [04/17/2007, 7:06:01] - BHO list has been changed! Starting over... [04/17/2007, 7:06:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/17/2007, 7:06:01] - BHO 2: {0F87BAAC-7BDB-43CB-88D2-A92079AF9A9A} (MSEvents Object) [04/17/2007, 7:06:01] - ALERT: Found MSEvents Object! [04/17/2007, 7:06:01] - BHO 3: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} () [04/17/2007, 7:06:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/17/2007, 7:06:01] - No filename found. Continuing. [04/17/2007, 7:06:01] - BHO 4: {68218620-3D65-43F6-AD47-D38D84B5412A} (MSEvents Object) [04/17/2007, 7:06:01] - ALERT: Found MSEvents Object! [04/17/2007, 7:06:01] - Finished Searching Browser Helper Objects [04/17/2007, 7:06:01] - * Detected MSEvents Object [04/17/2007, 7:06:01] - Trying to remove MSEvents Object... [04/17/2007, 7:06:02] - Terminating Process: IEXPLORE.EXE [04/17/2007, 7:06:03] - Terminating Process: RUNDLL32.EXE [04/17/2007, 7:06:03] - Disabling Automatic Shell Restart [04/17/2007, 7:06:03] - Terminating Process: EXPLORER.EXE [04/17/2007, 7:06:03] - Suspending the NT Session Manager System Service [04/17/2007, 7:06:03] - Terminating Windows NT Logon/Logoff Manager [04/17/2007, 7:11:32] - Re-enabling Automatic Shell Restart [04/17/2007, 7:11:32] - File to disable: C:\WINDOWS\system32\vtsts.dll [04/17/2007, 7:11:32] - Renaming C:\WINDOWS\system32\vtsts.dll -> C:\WINDOWS\system32\vtsts.dll.vir [04/17/2007, 7:11:32] - File successfully renamed! [04/17/2007, 7:11:32] - Removing HKLM\...\Browser Helper Objects\{0F87BAAC-7BDB-43CB-88D2-A92079AF9A9A} [04/17/2007, 7:11:32] - Removing HKCR\CLSID\{0F87BAAC-7BDB-43CB-88D2-A92079AF9A9A} [04/17/2007, 7:11:32] - Adding Kill Bit for ActiveX for GUID: {0F87BAAC-7BDB-43CB-88D2-A92079AF9A9A} [04/17/2007, 7:11:32] - Deleting ATLEvents/MSEvents Registry entries [04/17/2007, 7:11:32] - Removing HKLM\...\Winlogon\Notify\vtsts [04/17/2007, 7:11:32] - Searching for Browser Helper Objects: [04/17/2007, 7:11:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/17/2007, 7:11:32] - BHO 2: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} () [04/17/2007, 7:11:32] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/17/2007, 7:11:32] - No filename found. Continuing. [04/17/2007, 7:11:32] - BHO 3: {68218620-3D65-43F6-AD47-D38D84B5412A} (MSEvents Object) [04/17/2007, 7:11:32] - ALERT: Found MSEvents Object! [04/17/2007, 7:11:32] - Finished Searching Browser Helper Objects [04/17/2007, 7:11:32] - * Detected MSEvents Object [04/17/2007, 7:11:32] - Trying to remove MSEvents Object... [04/17/2007, 7:11:33] - Terminating Process: IEXPLORE.EXE [04/17/2007, 7:11:33] - Terminating Process: RUNDLL32.EXE [04/17/2007, 7:11:33] - Disabling Automatic Shell Restart [04/17/2007, 7:11:33] - Terminating Process: EXPLORER.EXE [04/17/2007, 7:11:33] - Suspending the NT Session Manager System Service [04/17/2007, 7:11:33] - Terminating Windows NT Logon/Logoff Manager [04/17/2007, 7:11:33] - Re-enabling Automatic Shell Restart [04/17/2007, 7:11:33] - File to disable: C:\WINDOWS\system32\pmnnkif.dll [04/17/2007, 7:11:33] - Renaming C:\WINDOWS\system32\pmnnkif.dll -> C:\WINDOWS\system32\pmnnkif.dll.vir [04/17/2007, 7:11:33] - File successfully renamed! [04/17/2007, 7:11:33] - Removing HKLM\...\Browser Helper Objects\{68218620-3D65-43F6-AD47-D38D84B5412A} [04/17/2007, 7:11:33] - Removing HKCR\CLSID\{68218620-3D65-43F6-AD47-D38D84B5412A} [04/17/2007, 7:11:33] - Adding Kill Bit for ActiveX for GUID: {68218620-3D65-43F6-AD47-D38D84B5412A} [04/17/2007, 7:11:33] - Deleting ATLEvents/MSEvents Registry entries [04/17/2007, 7:11:33] - Removing HKLM\...\Winlogon\Notify\pmnnkif [04/17/2007, 7:11:33] - Searching for Browser Helper Objects: [04/17/2007, 7:11:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [04/17/2007, 7:11:33] - BHO 2: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} () [04/17/2007, 7:11:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/17/2007, 7:11:33] - No filename found. Continuing. [04/17/2007, 7:11:33] - Finished Searching Browser Helper Objects [04/17/2007, 7:11:33] - Finishing up... [04/17/2007, 7:11:33] - A restart is needed. [04/17/2007, 7:13:59] - Attempting to Restart via STOP error (Blue Screen!) A evo i Hijack loga posle "ciscenja" Logfile of HijackThis v1.99.1 Scan saved at 8:25:10, on 17.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\ISS\BlackICE\blackice.exe D:\Programi\Programi\Antivirus\Ciscenje virusa\HijackThis\MM5.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\Save Flash\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....8527328375 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - (no file) O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: Rapfibntdnt - Unknown owner - (no file) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe Pozdrav!

Profil

rapha Poslao: 17 Apr 2007 13:42 Idi na vrh
offline rapha Mod u pemziji Cigarette Smoking Man Pridružio: 14 Feb 2005 Poruke: 9113 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini, na poslu sam, za pola sata ću pregledati ovaj novi log pa ti se javljam.. Dopuna: 17 Apr 2007 13:42 Lepo, svaka čast.. Ostalo je nekih "repića" ali ćemo o tome malo kasnije. Pošto ti je računar bio bukvalno prepun pošasti, bilo bi dobro da uradiš skeniranje sa Ewido Microm za svaki slučaj. To ćeš uraditi na sledeći način: Skini Ewido micro (8Mb) : http://downloads.ewido.net/ewido_micro.exe Kako se radi sa Ewido micro: - na prvom ekranu odaberi sve particije (štikliraj polja ispred njih) - klikni na dugme Start Scan - nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto - klikni na Remove Infections - iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

Profil

jessica Poslao: 18 Apr 2007 04:20 Idi na vrh
offline jessica Zaslužni građanin Pridružio: 24 Mar 2004 Poruke: 646	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala Rapha! Skinula sam Ewido-micro i sve kao sto si napisao. I bilo je jos virusa... Evo i rezultata skeniranja: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Trojan.NSAnti.A Path: C:\System Volume Information\_restore{7F44A825-E878-4036-ACB7-817E5AC0DCDC}\RP445\A0150454.scr Risk: High Name: Heuristic.Win32.Morphine-Crypted Path: D:\Programi\IGRICE\3D SexVillaxxx\Razbijac.rar/Binaries\fc3DSexVilla.dll Risk: Questionable Name: Heuristic.Win32.Morphine-Crypted Path: D:\Programi\IGRICE\3D SexVillaxxx\Razbijac.rar/Binaries\fc3DSexVillaRun.exe Risk: Questionable Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\cena.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\djavoli.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\jedandan.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\jedandan2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\nocu.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\nocu2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\podaci.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\podaci2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\posada.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\priprema.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\priprema2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\Jedrenje\rezime.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/cena.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/djavoli.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/jedandan.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/jedandan2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/nocu.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/nocu2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/podaci.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/podaci2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/posada.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/priprema.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/priprema2.htm Risk: High Name: Downloader.Agent.cd Path: D:\Tekstovi\Knjizevnost\Knjige\Jedrenje oko Balkana\princ.zip/rezime.htm Risk: High Name: Adware.BHO Path: E:\GAMES\New Folder\iWin Games\iWinGamesHookIE.dll Risk: Medium Logfile of HijackThis v1.99.1 Scan saved at 4:11:33, on 18.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\ISS\BlackICE\blackice.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Opera\Opera.exe D:\Programi\Programi\Antivirus\Ciscenje virusa\HijackThis\MM5.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\Save Flash\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....8527328375 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Profil

rapha Poslao: 18 Apr 2007 14:36 Idi na vrh
offline rapha Mod u pemziji Cigarette Smoking Man Pridružio: 14 Feb 2005 Poruke: 9113 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kao što sam i pretpostavio. Idi opet u HijackThis, štikliraj sledeću liniju: O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) i nakon toga klikni na Fix Checked. Postavi mi svež HJT log. Reci mi kako se sada ponaša komp?

Profil

jessica Poslao: 18 Apr 2007 16:11 Idi na vrh
offline jessica Zaslužni građanin Pridružio: 24 Mar 2004 Poruke: 646	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na poslu sam i ne mogu sada da ti posaljem, ali moci cu veceras oko 22h. Inace kompjuter mi, u odnosu na ono ponasanje preksinoc, radi super. Tada nisam mogla da otvorim ni jedan program, bio se pokocio skroz. A sada radi lako i brzo. Kao da nemam nikakav virus. Drug mi kaze da je najbolje da formatiram komp, ali nedavno sam ga formatirala, mrzi me ponovo to da radim. Sta ti mislis, jel treba? Odoh sada da sljakam. Bices na forumu oko 22h?

Profil

rapha Poslao: 18 Apr 2007 18:50 Idi na vrh
offline rapha Mod u pemziji Cigarette Smoking Man Pridružio: 14 Feb 2005 Poruke: 9113 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nažalost, neću biti tu večeras ali svakako uradi ono što sam ti napisao i postavi svež log da još jednom pogledam kada dođem kući. Što se tiče formatiranja, meni je to uvek poslednja varijanta kada bukvalno više ništa ne može da se uradi. Pogotovo u situacijama kada sve lepo može da se sredi, ali ljudima je valjda najlakše da reinstaliraju OS i da se ne bakću sa problemima (u većini slučajeva to su ljudi koji i ne znaju da ih reše). To je kao kada te zaboli zub a ti hoćeš odmah da ga izvadiš..

Profil

jessica Poslao: 19 Apr 2007 04:56 Idi na vrh
offline jessica Zaslužni građanin Pridružio: 24 Mar 2004 Poruke: 646	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Slazem se s tobom u vezi formatiranja. Evo saljem i poslednji HJT log: Logfile of HijackThis v1.99.1 Scan saved at 4:54:24, on 19.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\ISS\BlackICE\blackice.exe D:\Programi\Programi\Antivirus\Ciscenje virusa\HijackThis\MM5.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\Save Flash\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....8527328375 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Profil

rapha Poslao: 19 Apr 2007 12:16 Idi na vrh
offline rapha Mod u pemziji Cigarette Smoking Man Pridružio: 14 Feb 2005 Poruke: 9113 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je ok.. Ostaviću temu otvorenom još dva-tri dana za ne daj Bože, a nakon toga je prebacujem u Arhivu Ambulante..

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.Virtumonde BQ application

Ko je trenutno na forumu

Ukupno su 1387 korisnika na forumu :: 58 registrovanih, 7 sakrivenih i 1322 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Aleksandar Tomić, babaroga, bladesu, Boris Bosiljčić, Boris90, botta, brundo65, ccoogg123, Denaya, doktor1964, Dorcolac, draganca, dragoljub11987, dule10savic, Faki-Valjevo, GandorCC, goxin, hologram, ikan, ivicasimo, JimmyNapoli, Joco Skljoco, JOntra, jukeboxer, kalens021, kokodakalo, Kubovac, kunktator, kybonacci, mercedesamg, Mercury, mile23, MiroslavD, mrvica78, nemkea71, nikoladim, oganj123, opt1, Panter, Parker, Romibrat, rovac, ruma, ruso, Shinobi, Sirius, Sićko, slonic_tonic, solic, SR-3m, vathra, VJ, Vladko, vukovi, wizzardone, Wrangler, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by