Opet Virus
Prikazujem rezultate 1 do 20 od 20

Tema: Opet Virus

  1. #1
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Opet Virus

    Trazio sam neki crak za igricu i uletelo je nesto ko ludo,zakocilo sve NOD ga registrovao bez mogucnosti brisanja.Posle toga nije bilo sanse da otvorim bilo koju internet stranicu,vracao sam 2 puta na sistem restore bez uspeha,neznam ni sada kako sam uspeo da otvorim forum.Druge probleme za sada ne primecujem,stavicu scan pa molim dr.Boru i druge da pogledaju.Hvala



    Logfile of HijackThis v1.99.1
    Scan saved at 17:33:24, on 4.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    D:\download\Krstarica\Za dr.Boru.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



  2. #2
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Ne vidim ovde bilo šta problematično.
    Pogledaj u NOD-u, pod Logs - Threat log šta je tačno bilo prijavljeno (naziv detekcije, u kom file-u).

  3. #3
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Evo ovo kaze:






    Time Module Object Name Threat Action User Information
    3.10.2007 23:49:44 AMON file C:\WINDOWS\system32\vtr.dll Win32/TrojanDownloader.Agent.NPQ trojan quarantined - deleted Event occurred on a newly created file. The file was moved to quarantine. You may close this window.



    Time Module Object Name Threat Action User Information
    3.10.2007 23:49:42 AMON file C:\WINDOWS\system32\winavxx.exe Win32/TrojanDownloader.Agent.NRJ trojan quarantined - deleted Event occurred on a new file created by the application: C:\DOCUME~1\1\LOCALS~1\Tempmbroit.exe. The file was moved to quarantine. You may close this window.
    Poslednji put ažurirao/la MonteCarlo : 04.10.2007. u 18:59

  4. #4
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Pa, po ovome, NOD je odradio posao.

    No, odradićemo neke provere. Za početak, edituj prethodni post i ukloni ta dva linka.

    Skini http://www.gmer.net/gmer.zip i raspakuj ga u neki folder.
    Isključi Av i sve ostale pokrenute programe.

    Pokreni gmer.exe.
    Na Rootkit tabu, klikni na Scan... Kada bude gotovo, klikni na Save... i snimi log file.
    Zatim pređi na Autostart tab ( klikneš na >>>, pa će se prikazati ) i klikni na Scan.
    Kada bude gotovo klikni na Copy i onda u Notepad-u nalepi sve to ( samo desni klik pa Paste ) i snimi i taj file.
    Ukoliko je prvi log veći od 10 KB, zipuj ga i priloži uz poruku.
    Drugi log iskopiraj ovde.

  5. #5
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Izvini nisam zipovao i postavio ovde jer sam deinstalirao WinZIP zato sto mi je neka trial verzija pa me non stop ometa.Postavio sam u RAR na:http://rapidshare.com/files/60256426/lista.rar.html nadam se da nije problem.
    Inace poceo je vec da brlja.Poljavjuje se neki screenserver koji sve zakoci i zacrni ekran,pise da se zove Wolves.Nikada tako nesto nisam imao ni instalirao.jedva uspevam da ga sklonim sa ekrana.Trenutno sam ga samo iskljucio dok ne kazes sta da radim sa njim.

  6. #6
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Izvinjavam se screenserver ipak se nije sam pojavio,sad mi je zena rekla da je htela da ubaci klincu neku sa vukovima kome je istekao free pereiod.Znaci to nema veze.

  7. #7
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Hajde mi negde uploaduj ova dva file-a:

    c:\ windows\ system32\ drivers\ rapnet.sys
    c:\windows\wolves.scr ( da proverim i ovoga za svaki slučaj ).

    Takođe, skini ComboFix:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    Pokreni ga i sačekaj da završi - otvoriće log file u Notepad-u koji treba da iskopiraš ovde.

  8. #8
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Citat Original postavio dr_Bora Pogledaj poruku
    Hajde mi negde uploaduj ova dva file-a:

    c:\ windows\ system32\ drivers\ rapnet.sys
    c:\windows\wolves.scr ( da proverim i ovoga za svaki slučaj ).

    Takođe, skini ComboFix:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    Pokreni ga i sačekaj da završi - otvoriće log file u Notepad-u koji treba da iskopiraš ovde.
    Evo trazeni fajlovi:http://rapidshare.com/files/60270976/Krstarica.rar.html

  9. #9
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Uploadovao si .pf file, a ne .scr.
    Znači, nalazi se u c:\windows\wolves.scr.

    ComboFix.log?


    Btw, jesi li imao nekad instaliran BlackIce?

  10. #10
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Evo ComboFix.log







    ComboFix 07-10-04.6 - 1 2007-10-04 20:44:02.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.10 [GMT 2:00]
    Running from: D:\download\Krstarica\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00816108.u rr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00873CD9.u rr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0087A855.d at
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0089AE27.d at
    C:\Program Files\FunWebProducts\ScreenSaver\Images\008C144A.d at
    C:\Program Files\FunWebProducts\ScreenSaver\Images\008D035D.d at
    C:\Program Files\FunWebProducts\ScreenSaver\Images\008D9F9D.d at
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\00 8C144A.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\00 8D035D.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\00 8D9F9D.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.b mp
    C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.l st
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\WINDOWS\NDNuninstall7_22.exe
    C:\WINDOWS\NDNuninstall7_48.exe
    C:\WINDOWS\system32\drivers\CI3XmasSetup.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\winsub.xml

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
    .

    2007-10-04 20:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-03 23:49 8,364 --a------ C:\WINDOWS\system32\sulimo.dat
    2007-10-03 21:38 <DIR> d-------- C:\Program Files\Alien Shooter - Vengeance(2)
    2007-10-01 14:46 <DIR> d-------- C:\Program Files\Super Spongebob Collapse
    2007-09-28 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
    2007-09-28 23:08 <DIR> d-------- C:\Documents and Settings\1\Application Data\Zylom
    2007-09-28 23:08 <DIR> d-------- C:\Documents and Settings\1\Application Data\Zylom
    2007-09-28 23:07 <DIR> d-------- C:\Program Files\Zylom Games
    2007-09-28 00:14 <DIR> d-------- C:\cleanup
    2007-09-27 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-27 01:44 <DIR> d--h----- C:\Documents and Settings\1\InstallAnywhere
    2007-09-27 01:44 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
    2007-09-27 01:44 <DIR> d-------- C:\Program Files\NKProds
    2007-09-26 21:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-09-26 20:00 58,640 --a------ C:\WINDOWS\system32\fwsvpn.dll
    2007-09-21 02:44 <DIR> d-------- C:\Program Files\Pinball
    2007-09-14 15:28 <DIR> d-------- C:\Documents and Settings\1\Contacts
    2007-09-11 22:59 <DIR> d-------- C:\Program Files\priyatna.org
    2007-09-11 22:01 <DIR> d-------- C:\Program Files\ICanPressKeys
    2007-09-11 19:51 180,224 --ahs---- C:\WINDOWS\system32\vcutg.dll
    2007-09-06 20:32 <DIR> d-------- C:\Program Files\Shiny
    2007-09-05 00:08 466,944 --a------ C:\WINDOWS\Wolves.scr
    2007-09-05 00:08 4,581,939 --a------ C:\WINDOWS\Wolves.dat
    2007-09-05 00:06 15,360 --a------ C:\sysmuqf.exe
    2007-09-04 23:55 5,658,438 --a------ C:\WINDOWS\Pigs and Piglets.dat
    2007-09-04 23:55 466,944 --a------ C:\WINDOWS\Pigs and Piglets.scr
    2007-09-04 23:55 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
    2007-09-04 23:55 180,224 --a------ C:\WINDOWS\UninstallWSST.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-10-01 20:41 --------- d-------- C:\Documents and Settings\1\Application Data\Wildfire
    2007-10-01 20:41 --------- d-------- C:\Documents and Settings\1\Application Data\Wildfire
    2007-09-28 01:51 --------- d-------- C:\Documents and Settings\1\Application Data\uTorrent
    2007-09-28 01:51 --------- d-------- C:\Documents and Settings\1\Application Data\uTorrent
    2007-09-27 01:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-27 01:44 --------- d-------- C:\Program Files\Save
    2007-09-27 01:44 --------- d-------- C:\Program Files\MegauploadToolbar
    2007-09-27 01:42 --------- d-------- C:\Program Files\MSN Messenger
    2007-09-23 16:53 --------- d-------- C:\Program Files\K-Lite Codec Pack
    2007-09-23 16:52 --------- d-------- C:\Program Files\Wesnoth
    2007-09-23 16:52 --------- d-------- C:\Program Files\Tumble Bugs
    2007-09-23 16:52 --------- d-------- C:\Program Files\MotoGP2
    2007-09-23 16:52 --------- d-------- C:\Program Files\Call of Duty
    2007-09-09 19:16 --------- d-------- C:\Program Files\Disney Interactive
    2007-09-09 03:40 --------- d-------- C:\Documents and Settings\1\Application Data\MegauploadToolbar
    2007-09-09 03:40 --------- d-------- C:\Documents and Settings\1\Application Data\MegauploadToolbar
    2007-09-03 13:25 --------- d-------- C:\Program Files\Frozen-Bubble
    2007-08-26 01:23 --------- d-------- C:\Program Files\3DO
    2007-08-25 16:14 24134 --a------ C:\svcipa.exe
    2007-08-16 19:47 --------- d-------- C:\Program Files\ChickenInvadersROTYXmas
    2007-08-10 17:34 --------- d-------- C:\Documents and Settings\1\Application Data\U3
    2007-08-10 17:34 --------- d-------- C:\Documents and Settings\1\Application Data\U3
    2007-08-08 20:37 --------- d-------- C:\Program Files\VideoCAM Eye
    2007-08-08 20:37 --------- d-------- C:\Program Files\Common Files\VCAMEye
    2007-07-30 20:59 15360 --a------ C:\WINDOWS\system32\taskman.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50]
    "Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 17:39]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-12 18:41]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-14 00:25]
    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
    "RAMfreer"="C:\Program Files\RAMfreer\RAMfreer.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-04-14 00:26]
    "Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]



    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
    AutoRun\command- G:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    *Newly Created Service* - GMER
    .
    ************************************************** ************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-04 20:49:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    ************************************************** ************************
    .
    Completion time: 2007-10-04 20:51:23
    C:\ComboFix-quarantined-files.txt ... 2007-10-04 20:50
    .
    --- E O F ---

  11. #11
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Citat Original postavio dr_Bora Pogledaj poruku
    Uploadovao si .pf file, a ne .scr.
    Znači, nalazi se u c:\windows\wolves.scr.

    ComboFix.log?


    Btw, jesi li imao nekad instaliran BlackIce?
    c:\windows\wolves nepostoji tj nemogu da nadjem nigde ima samo C:\WINDOWS\Prefetch\WOLVES.SCR-351DAB2D.pf koji sam vec dao.


    Sta bese to BlackIce? Cini mi se da ima neka sitna igrica sa tom nazivom.
    Inace sada posle skeniranja ovim ComboFix kompijuter radi veoma sporo.

  12. #12
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    U Windows Exploreru, Tools - Folder options: na View tabu:
    obeleži Show hidden files and folders
    dečekiraj Hide protected operating system files.

    Uploaduj sledeće fileove:

    C:\WINDOWS\system32\taskman.exe
    C:\WINDOWS\system32\vcutg.dll
    C:\WINDOWS\system32\fwsvpn.dll
    C:\WINDOWS\system32\ssconfig.exe

    Obrši sledeće:

    C:\sysmuqf.exe
    C:\svcipa.exe


    Otvori NOD, i dečekiraj File System monitor Enabled i Internet Monitor Enabled.
    Preuzmi SmitfraudFix.

    • Restartuj kompjuter u Safe Mode (pritiskuj F8 pri paljenju kompjutera i izaberi Safe Mode iz menija)
    • Dvoklikom pokreni SmitfraudFix.exe
    • Izaberi opciju #2 - Clean kucajući 2 i Enter
    • Sačekaj da se čišćenje i Disk Cleanup završe
    • Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y i Enter
    • Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y i Enter


    Možda će biti potreban restart da bi se završio proces čišćenja; ukoliko se kompjuter automatski ne restartuje, ti to učini.
    Iskopiraj ovde sadržaj file-a C:\rapport.txt.

  13. #13
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Trazeni fajlovi:http://rapidshare.com/files/60298632/Trazeni_fajlovi.rar.html

    Oni drugi obrisani

    NOD zavrsen

    Idemo dalje

  14. #14
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    SmitFraudFix v2.237

    Scan done at 23:19:11,12, cet 04.10.2007
    Run from D:\download\Krstarica\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\lfd.dat Deleted
    C:\WINDOWS\system32\oiso.bin Deleted
    C:\WINDOWS\system32\pcf.pdf Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{452334E6-62FF-4FE7-9683-FE7B32206097}: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{452334E6-62FF-4FE7-9683-FE7B32206097}: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{452334E6-62FF-4FE7-9683-FE7B32206097}: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Reboot

    C:\WINDOWS\system32\sulimo.dat Please, Reboot and Run SmitfraudFix option 2 once again.


    »»»»»»»»»»»»»»»»»»»»»»»» End

  15. #15
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Idi opet u Safe Mode i opet pokreni SmitFraudFix (sve isto kao i pre).
    Kada bude gotovo, opet iskopiraj rapport.txt.

  16. #16
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Evo


    SmitFraudFix v2.237

    Scan done at 0:21:26,23, pet 05.10.2007
    Run from D:\download\Krstarica\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\Delete_Me_Dummy_sulimo.dat Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{452334E6-62FF-4FE7-9683-FE7B32206097}: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{452334E6-62FF-4FE7-9683-FE7B32206097}: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{452334E6-62FF-4FE7-9683-FE7B32206097}: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

  17. #17
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Preuzmi VundoFix.

    • Pokreni VundoFix.exe ga i klikni na taster Scan For Vundo.
    • Nakon završenog skeniranja, ukoliko malware bude pronađen, klikni na Remove Vundo.
    • Isprati postupak do kraja potvrdno odgovarajući na sva pitanja. Kompjuter će se restartovati.


    Ukoliko se u listi detektovanih file/ove ne bude nalazio file vcutg.dll, klikni desnim tasterom miša u (beli) prozor programa VundoFix i izaberi opciju Add more files?, a zatim u prozoru koji se otvori, u prvi box iskopiraj sledeće:

    C:\WINDOWS\system32\vcutg.dll

    Nakon toga klikni na Add File(s), Close Window, pa Remove Vundo.

    Nakon toga postavi ovde sadržaj file-a C:\vundofix.txt kao i novi HijackThis log.


    Preuzmi Dr.Web CureIt ( ~7 MB ).
    • uđi u Safe Mode,
    • dvoklikom pokreni cureit.exe nakon čega će se pojaviti uvodni prozor, onda pritisni dugme Start
    • opet će se pojaviti još jedan prozor, izaberi OK,
    • sačekaj nekoliko minuta da Dr.Web izvrši uvodno skeniranje memorije,
    • klikom miša obeleži sve particije/diskove za skeniranje, obeležene su kada se na njima nalazi crvena loptica,
    • u gornjem levom uglu programa idi na Options->Change settings F9 i uradi kao što je objašnjeno na slici -> ovde,
    • na desnoj strani programa pritisni Start i Dr.Web će započeti skeniranje.

    Sve što Dr.Web pronađe, neka obriše.
    U C:\Documents and Settings\''ime pod kojim si ulogovan''\DoctorWeb se nalazi file CureIt.log. Priloži ga uz iduću poruku.

    Kako sada PC radi?

  18. #18
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    VundoFix V6.5.9

    Checking Java version...

    Scan started at 19:20:32 5.10.2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\vcutg.dll
    C:\WINDOWS\system32\vcutg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!







    Logfile of HijackThis v1.99.1
    Scan saved at 21:04:32, on 5.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\download\Krstarica\Za dr.Boru.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

  19. #19
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Opet Virus

    Preuzmi Dr.Web CureIt ( ~7 MB ).
    uđi u Safe Mode,
    dvoklikom pokreni cureit.exe nakon čega će se pojaviti uvodni prozor, onda pritisni dugme Start
    opet će se pojaviti još jedan prozor, izaberi OK,
    sačekaj nekoliko minuta da Dr.Web izvrši uvodno skeniranje memorije,

    Dosao sam dovde.Onda je pisalo da nije nadjen ni jedan virus.Kad obelezim particije i kliknem na Options->Change settings F9 ne pojavljuju se opcije u prozoru kao sto je na slici koji si mi prilozio.Vec se pojavljuje samo jedna cekirana opcija i po sredini tog prozora dva prozora za pisanje.
    Nema ovog fajla C:\Documents and Settings\''ime pod kojim si ulogovan''\DoctorWeb se nalazi file CureIt.log

    klikom miša obeleži sve particije/diskove za skeniranje, obeležene su kada se na njima nalazi crvena loptica,
    u gornjem levom uglu programa idi na Options->Change settings F9 i uradi kao što je objašnjeno na slici -> ovde,
    na desnoj strani programa pritisni Start i Dr.Web će započeti skeniranje.
    Sve što Dr.Web pronađe, neka obriše.
    U C:\Documents and Settings\''ime pod kojim si ulogovan''\DoctorWeb se nalazi file CureIt.log. Priloži ga uz iduću poruku.

    Sta sada?

  20. #20
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Opet Virus

    Ahhh... Menjali su interfejs... Izvinjavam se.

    Znači, kada ideš na change settings, samo dečekiraj Heuristic analysis.
    U glavnom prozoru programa možeš izabrati Complete Scan i kliknuti na onu zelenu strelicu / trougao da bi pokrenuo skeniranje.
    Log će biti u:
    C:\Documents and Settings\''ime pod kojim si ulogovan''\DoctorWeb

    ili, ako je verovati logovima:
    C:\Documents and Settings\1\Application Data\DoctorWeb


    Btw, kako se pc ponaša?

Slične teme

  1. Odgovora: 79
    Poslednja poruka: 26.07.2013., 00:55
  2. Opet neki virus.Dok help
    Autor MonteCarlo u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 24.02.2008., 19:33
  3. opet, opet i opet Charli Braun...
    Autor crow u forumu Politika
    Odgovora: 0
    Poslednja poruka: 15.10.2007., 23:10
  4. Virus, ili...?
    Autor Gemina u forumu Sigurnost i zaštita
    Odgovora: 3
    Poslednja poruka: 25.08.2007., 17:54
  5. Virus...opet
    Autor wild_child u forumu Sigurnost i zaštita
    Odgovora: 3
    Poslednja poruka: 06.06.2004., 14:43

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •