MyCity » Ambulanta -> Arhiva Ambulante » virusi problem

virusi problem

Napisano na dan: 22.8.2010

Strana:
1
2

virusi problem

Sledeća strana

Pagination

Odgovori

Strana:
1
2

jomlla Poslao: 22 Avg 2010 12:38 Idi na vrh
offline jomlla Građanin Pridružio: 30 Jul 2010 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nod je pronasao gomilu virusa na kompu. Da li je moguce ocistiti ih? Evo DDS logova: DDS (Ver_10-03-17.01) - FAT32x86 Run by LELA at 12:27:33,85 on ned 22.08.2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384.81 [GMT 2:00] AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Mixer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\vsnp2uvc.exe C:\WINDOWS\tsnp2uvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\LELA\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ba/ uInternet Connection Wizard,ShellNext = iexplore BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [C-Media Mixer] Mixer.exe /startup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [snp2uvc] c:\windows\vsnp2uvc.exe mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /runonce /rm mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\lela\applic~1\mozilla\firefox\profiles\2lwfdvwc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/ FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\lela\application data\mozilla\firefox\profiles\2lwfdvwc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 35168] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280] R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2009-10-14 9344] R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-12-11 18004] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-3 14336] S4 MSWindows;Network Windows Service;"c:\windows\system32\urdvxc.exe" /service --> c:\windows\system32\urdvxc.exe [?] =============== Created Last 30 ================ 2010-08-22 09:58:27 0 d-----w- c:\program files\TeamViewer 2010-08-22 08:08:03 0 d-----w- c:\windows\system32\drivers\NSS 2010-08-22 08:08:03 0 d-----w- c:\program files\Norton Security Scan 2010-08-22 08:08:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec 2010-08-22 08:08:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-08-22 08:07:59 0 d-----w- c:\program files\NortonInstaller 2010-08-22 08:07:59 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-08-22 05:07:22 0 d-----w- c:\windows\system32\Adobe 2010-08-18 18:46:42 0 d-sh--w- C:\FOUND.002 2010-08-16 21:18:00 0 d-sh--w- C:\FOUND.001 2010-08-13 15:43:08 0 d-sh--w- C:\FOUND.000 2010-08-05 11:14:38 0 d-sh--w- C:\FOUND.037 2010-07-31 19:01:02 0 d-----w- C:\agw_demo 2010-07-31 16:41:12 0 d-----w- c:\docume~1\lela\applic~1\TeamViewer ==================== Find3M ==================== 2010-08-21 11:33:38 1632 ----a-w- c:\windows\system32\d3d8caps.dat 2010-08-18 18:55:22 1744 ----a-w- c:\windows\system32\d3d9caps.dat ============= FINISH: 12:28:50,72 =============== ATACH: mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 22 Avg 2010 14:04 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobro dosao u Ambulantu MyCity foruma. Ispratio si samo delimicno Uputstvo za otvaranje teme sa ovog link-a: -> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Potrebno je da ispratis jos jedan korak (Korak #3: iz uputstva) i da postavis potrebne log-ove. Takodje, ostavi nam SS (screenshot) NOD-ovih detekcija. Kako napraviti SS? http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html goran9888 (AMF Tim)

Profil

jomlla Poslao: 22 Avg 2010 14:52 Idi na vrh
offline jomlla Građanin Pridružio: 30 Jul 2010 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Izvinjavam se zbog nekomplene teme.Evo i ostalih logova i screenshota od NOD-a: mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png NOD screenshot: mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 22 Avg 2010 19:24 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Drivers to delete: MSWindows Files to delete: c:\windows\system32\urdvxc.exe` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. goran9888 (AMF Tim)

Profil

jomlla Poslao: 22 Avg 2010 20:15 Idi na vrh
offline jomlla Građanin Pridružio: 30 Jul 2010 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 22 Avg 2010 20:04 Pojavila mi se greska kod avengera.Evo screenshota: mycity.rs/must-login.png Dopuna: 22 Avg 2010 20:15 Greska se pojavljuje odmah nakon prve potvrde na Yes.

Profil

1l padr1n0 Poslao: 23 Avg 2010 17:23 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se sto kasnim sa odgovorom, no nadam se da ces imati strpljenja da isteramo slucaj do kraja. -Deaktiviraj antivirus (uputstvo: http://www.mycity.rs/Uputstva/Iskljucivanje-zastitnog-softvera.html); -Isprati uputstvo za Avenger koje sam ti ostavio u prethodnoj poruci; -Postavi mi u sledecoj poruci sadrzaj Avenger-ov log. goran9888 (AMF Tim)

Profil

jomlla Poslao: 24 Avg 2010 13:24 Idi na vrh
offline jomlla Građanin Pridružio: 30 Jul 2010 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije problem zbog kasnjenja i ja malo kasnim. Iskljucio sam antivirus ali mi se i dalje pojavljuje ista greska.

Profil

1l padr1n0 Poslao: 24 Avg 2010 16:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, precicemo na drugi alat. Detaljno isprati sledece Uputstvo ---------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

jomlla Poslao: 24 Avg 2010 18:25 Idi na vrh
offline jomlla Građanin Pridružio: 30 Jul 2010 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo konacno je i ovo gotovo. Combo fix log izgleda ovako: ComboFix 10-08-23.06 - LELA 24.08.2010 18:08:22.1.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384.158 [GMT 2:00] Running from: c:\documents and settings\LELA\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\delextra.exe c:\windows\system\delnew.exe c:\windows\system\nadlocop.exe c:\windows\system\run.exe c:\windows\system\temp2.exe c:\windows\WPlayer.exe D:\winlogon.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSWINDOWS -------\Service_MSWindows ((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 ))))))))))))))))))))))))))))))) . 2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\program files\Common Files\PC Tools 2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-08-22 10:02 . 2010-08-22 10:02 -------- d-----w- c:\program files\NOS 2010-08-22 10:02 . 2010-08-22 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-08-22 10:02 . 2010-07-26 14:01 37184 ----a-w- c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2010-08-22 10:02 . 2010-07-26 14:01 32032 ----a-w- c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe 2010-08-22 09:58 . 2010-08-22 09:58 -------- d-----w- c:\program files\TeamViewer 2010-08-22 08:08 . 2010-08-22 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-08-22 08:08 . 2010-08-22 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-22 08:07 . 2010-08-22 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-08-22 05:07 . 2010-08-22 05:07 -------- d-----w- c:\windows\system32\Adobe 2010-08-21 18:22 . 2010-08-22 09:59 2788816 ----a-w- c:\documents and settings\LELA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-08-21 11:19 . 2010-08-21 11:19 45056 ----a-r- c:\documents and settings\LELA\Application Data\Microsoft\Installer\{0A28C610-EE06-4A33-BB56-A2155B524916}\ARPPRODUCTICON.exe 2010-08-18 18:46 . 2010-08-18 18:46 -------- d-----w- C:\FOUND.002 2010-08-16 21:18 . 2010-08-16 21:18 -------- d-----w- C:\FOUND.001 2010-08-14 17:24 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\LELA\Application Data\U3\temp\cleanup.exe 2010-08-14 17:11 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\LELA\Application Data\U3\temp\Launchpad Removal.exe 2010-08-14 17:11 . 2010-08-14 17:11 -------- d-----w- c:\documents and settings\LELA\Application Data\U3 2010-08-13 15:43 . 2010-08-13 15:43 -------- d-----w- C:\FOUND.000 2010-08-05 11:14 . 2010-08-05 11:14 -------- d-----w- C:\FOUND.037 2010-07-31 19:01 . 2010-07-31 19:01 -------- d-----w- C:\agw_demo 2010-07-31 16:41 . 2010-07-31 16:41 -------- d-----w- c:\documents and settings\LELA\Application Data\TeamViewer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-24 15:05 . 2010-02-22 18:34 1744 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-21 11:33 . 2009-11-07 16:18 1632 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\program files\ESET 2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-07-01 09:47 . 2010-03-22 16:38 439816 ----a-w- c:\documents and settings\LELA\Application Data\Real\Update\setup3.10\setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-04-08 3233752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2002-07-12 1581056] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160] "FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840] "tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-06-01 320512] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey] 2004-04-03 16:38 36864 ----a-w- c:\program files\Hotkey\Hotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "MSWindows"=2 (0x2) "gupdate1ca87e9c760bf40"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [22.8.2010 13:25 632792] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [6.7.2010 17:03 173352] R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [14.10.2009 20:52 9344] R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [11.12.2009 11:59 18004] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3.8.2004 22:56 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:15] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:15] 2010-08-23 c:\windows\Tasks\RMSchedule_219.job - c:\program files\Registry Mechanic\Launcher.exe [2010-08-22 07:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/ FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-08-24 18:18 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3268-) c:\program files\TeamViewer\Version5\tv.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\TeamViewer\Version5\TeamViewer.exe c:\windows\system32\wscntfy.exe c:\windows\Mixer.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2010-08-24 18:24:23 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-24 16:24 Pre-Run: 4.092.051.456 bytes free Post-Run: 4.357.898.240 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 32761B943570DC0301A1380CD8531C9E

Profil

1l padr1n0 Poslao: 24 Avg 2010 19:02 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napomena: Nismo jos zavrsili. Obavesticu te kada je slucaj gotov; Isprati detaljno sledece Uputstvo. ------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MSWindows"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virusi problem

Ko je trenutno na forumu

Ukupno su 1204 korisnika na forumu :: 37 registrovanih, 5 sakrivenih i 1162 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anta, Brana01, CikaKURE, Dannyboy, deimos25, Dimitrise93, djboj, DragoslavS, dushan, Excalibur13, HogarStrashni, ikan, ivan1973, Karla, Krvava Devetka, kubura91, laurusri, Lazarus, madza, MB120mm, Mi lao shu, muaddib, nebkv, nemkea71, Oscar2, Panter, pein, Pikac-47, procesor, sovanova95, Srle993, stalja, suton, Tvrtko I, vladulns, |_MeD_|, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by