Možda tražite i:
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?
virusi iz karantina

MyCity » Ambulanta -> Arhiva Ambulante » pomoc virusi

pomoc virusi

Napisano na dan: 13.3.2009

Strana:
1
2

pomoc virusi

Sledeća strana

Pagination

Odgovori

Strana:
1
2

milenka Poslao: 13 Mar 2009 14:29 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:18:37, on 13.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\acs.exe E:\WINDOWS\Explorer.EXE E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe E:\WINDOWS\regx32.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\Atheros\ACU.exe E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\Program Files\Wireless Console 2\wcourier.exe E:\Program Files\Winamp\winampa.exe E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe E:\Program Files\DAEMON Tools\daemon.exe E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\WordWeb\wweb32.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\CyberLink\Shared Files\RichVideo.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe E:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Documents and Settings\Milenka\Desktop\fe5.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [TrialReset] E:\WINDOWS\regx32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ACU] "E:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" O4 - HKLM\..\Run: [Wireless Console 2] "E:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Power2GoExpress] "E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [kxva] E:\WINDOWS\system32\kxvo.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = E:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1F06F9-D363-464A-9545-C66672BC9612}: NameServer = 81.93.85.152 81.93.85.132 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Atheros Configuration Service (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 6584 bytes

Profil

helen1 Poslao: 13 Mar 2009 15:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja. -------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

milenka Poslao: 13 Mar 2009 15:27 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-12.01 - Milenka 2009-03-13 15:18:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1919.1277 [GMT 1:00] Running from: e:\documents and settings\Milenka\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\Temp\1.exe . ((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 ))))))))))))))))))))))))))))))) . 2009-03-11 18:26 . 2009-03-11 18:26 <DIR> d-------- e:\documents and settings\Milenka\Application Data\MSNInstaller 2009-03-11 13:11 . 2009-03-11 13:11 <DIR> d-------- e:\documents and settings\Milenka\Application Data\Mikrotik 2009-02-15 13:57 . 2009-02-18 16:56 <DIR> d-------- e:\program files\eRjecnik11 2009-02-15 13:57 . 2009-02-15 13:57 <DIR> d-------- e:\program files\Common Files\Borland Shared 2009-02-15 13:57 . 1999-11-12 06:11 183,808 --a------ e:\windows\system32\bdeadmin.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 10:28 --------- d-----w e:\program files\Synonyms and Antonyms 2009-03-09 18:31 --------- d-----w e:\documents and settings\Milenka\Application Data\Nokia Multimedia Player 2009-02-15 12:57 --------- d--h--w e:\program files\InstallShield Installation Information 2009-01-26 09:52 --------- d-----w e:\program files\COED11 2009-01-13 14:56 --------- d-----w e:\program files\Trymedia . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="e:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072] "LightScribe Control Panel"="e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "TrialReset"="e:\windows\regx32.exe" [2008-07-03 285327] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ACU"="e:\program files\Atheros\ACU.exe" [2007-10-23 376921] "SMSERIAL"="e:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336] "LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760] "UpdatePPShortCut"="e:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "Wireless Console 2"="e:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-04-01 36352] "NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PCSuiteTrayApplication"="e:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nwiz"="nwiz.exe" [2007-08-16 e:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-12-12 e:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] e:\documents and settings\Milenka\Start Menu\Programs\Startup\ WordWeb.lnk - e:\program files\WordWeb\wweb32.exe [2008-12-12 42168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= e:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"= "e:\\Program Files\\Messenger\\msmsgs.exe"= R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] R3 WSIMD;wsimd Service;e:\windows\system32\drivers\wsimd.sys [2008-10-29 57344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04bda6da-02a3-11de-ad04-e2e0e4c1bba6}] \Shell\AutoRun\command - dwg3gngs.exe \Shell\explore\Command - dwg3gngs.exe \Shell\open\Command - dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb838ee-a9c7-11dd-ac4e-002215a38e10}] \Shell\AutoRun\command - I:\2.bat \Shell\open\Command - I:\2.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea5d1f8-04f7-11de-ad07-002243276157}] \Shell\AutoRun\command - I:\dwg3gngs.exe \Shell\explore\Command - I:\dwg3gngs.exe \Shell\open\Command - I:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e6b05ba-fdb1-11dd-acfe-002215a38e10}] \Shell\AutoRun\command - J:\dwg3gngs.exe \Shell\explore\Command - J:\dwg3gngs.exe \Shell\open\Command - J:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e2b231-b56f-11dd-ac6f-002215a38e10}] \Shell\AutoRun\command - I:\dwg3gngs.exe \Shell\explore\Command - I:\dwg3gngs.exe \Shell\open\Command - I:\dwg3gngs.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "e:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EE1F06F9-D363-464A-9545-C66672BC9612} = 81.93.85.152 81.93.85.132 FF - ProfilePath - e:\documents and settings\Milenka\Application Data\Mozilla\Firefox\Profiles\34vtlumg.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search FF - prefs.js: network.proxy.type - 4 FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-13 15:19:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-13 15:21:15 ComboFix-quarantined-files.txt 2009-03-13 14:21:13 Pre-Run: 17.412.919.296 bytes free Post-Run: 18,969,006,080 bytes free 125

Profil

helen1 Poslao: 13 Mar 2009 17:05 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci ponovo Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: File:: e:\windows\regx32.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04bda6da-02a3-11de-ad04-e2e0e4c1bba6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb838ee-a9c7-11dd-ac4e-002215a38e10}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea5d1f8-04f7-11de-ad07-002243276157}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e6b05ba-fdb1-11dd-acfe-002215a38e10}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e2b231-b56f-11dd-ac6f-002215a38e10}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrialReset"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

milenka Poslao: 13 Mar 2009 18:20 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! File:: e:\windows\regx32.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04bda6da-02a3-11de-ad04-e2e0e4c1bba6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb838ee-a9c7-11dd-ac4e-002215a38e10}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea5d1f8-04f7-11de-ad07-002243276157}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e6b05ba-fdb1-11dd-acfe-002215a38e10}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e2b231-b56f-11dd-ac6f-002215a38e10}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrialReset"=-

Profil

helen1 Poslao: 13 Mar 2009 18:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi kako se gore kaze.

Profil

milenka Poslao: 13 Mar 2009 18:41 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-12.01 - Milenka 2009-03-13 18:12:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1919.1407 [GMT 1:00] Running from: e:\documents and settings\Milenka\Desktop\ComboFix.exe Command switches used :: e:\documents and settings\Milenka\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: e:\windows\regx32.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\regx32.exe . ((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 ))))))))))))))))))))))))))))))) . 2009-03-11 18:26 . 2009-03-11 18:26 <DIR> d-------- e:\documents and settings\Milenka\Application Data\MSNInstaller 2009-03-11 13:11 . 2009-03-11 13:11 <DIR> d-------- e:\documents and settings\Milenka\Application Data\Mikrotik 2009-02-15 13:57 . 2009-02-18 16:56 <DIR> d-------- e:\program files\eRjecnik11 2009-02-15 13:57 . 2009-02-15 13:57 <DIR> d-------- e:\program files\Common Files\Borland Shared 2009-02-15 13:57 . 1999-11-12 06:11 183,808 --a------ e:\windows\system32\bdeadmin.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 10:28 --------- d-----w e:\program files\Synonyms and Antonyms 2009-03-09 18:31 --------- d-----w e:\documents and settings\Milenka\Application Data\Nokia Multimedia Player 2009-02-15 12:57 --------- d--h--w e:\program files\InstallShield Installation Information 2009-01-26 09:52 --------- d-----w e:\program files\COED11 2009-01-13 14:56 --------- d-----w e:\program files\Trymedia . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="e:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072] "LightScribe Control Panel"="e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ACU"="e:\program files\Atheros\ACU.exe" [2007-10-23 376921] "SMSERIAL"="e:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336] "LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760] "UpdatePPShortCut"="e:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "Wireless Console 2"="e:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-04-01 36352] "NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "PCSuiteTrayApplication"="e:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nwiz"="nwiz.exe" [2007-08-16 e:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-12-12 e:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] e:\documents and settings\Milenka\Start Menu\Programs\Startup\ WordWeb.lnk - e:\program files\WordWeb\wweb32.exe [2008-12-12 42168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= e:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"= "e:\\Program Files\\Messenger\\msmsgs.exe"= R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] R3 WSIMD;wsimd Service;e:\windows\system32\drivers\wsimd.sys [2008-10-29 57344] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "e:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EE1F06F9-D363-464A-9545-C66672BC9612} = 81.93.85.152 81.93.85.132 FF - ProfilePath - e:\documents and settings\Milenka\Application Data\Mozilla\Firefox\Profiles\34vtlumg.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search FF - prefs.js: network.proxy.type - 4 FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-13 18:13:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-13 18:15:21 ComboFix-quarantined-files.txt 2009-03-13 17:15:18 ComboFix2.txt 2009-03-13 14:21:17 Pre-Run: 19.032.825.856 bytes free Post-Run: 19,025,395,712 bytes free 109

Profil

helen1 Poslao: 13 Mar 2009 18:43 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi novi HijackThis log.

Profil

milenka Poslao: 14 Mar 2009 09:49 Idi na vrh
offline milenka Novi MyCity građanin Pridružio: 13 Mar 2009 Poruke: 13 Gde živiš: Pale	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:43:46, on 14.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\acs.exe E:\WINDOWS\Explorer.EXE E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\Atheros\ACU.exe E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\Program Files\Wireless Console 2\wcourier.exe E:\Program Files\Winamp\winampa.exe E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe E:\Program Files\DAEMON Tools\daemon.exe E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\WordWeb\wweb32.exe E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\CyberLink\Shared Files\RichVideo.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe E:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Documents and Settings\Milenka\Desktop\fe5.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ACU] "E:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" O4 - HKLM\..\Run: [Wireless Console 2] "E:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Power2GoExpress] "E:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = E:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1F06F9-D363-464A-9545-C66672BC9612}: NameServer = 81.93.85.152 81.93.85.132 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Atheros Configuration Service (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - E:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 6609 bytes

Profil

helen1 Poslao: 14 Mar 2009 10:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li sad imas problema?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomoc virusi

Ko je trenutno na forumu

Ukupno su 926 korisnika na forumu :: 5 registrovanih, 2 sakrivenih i 919 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Areal84, Milos82, novator, nuke92, shaja1

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by