Poslao: 29 Feb 2012 23:18
|
offline
- Master Boot
- Počasni građanin
- Pridružio: 21 Avg 2011
- Poruke: 810
- Gde živiš: Sibir
|
Pozdrav.
Racunar mi je bio zarazen salyti-em pa sam formatirao C particija i instalirao win.Medjutim D particija nije formatirana i na njoj mi je MBAM pronasao virus sality.
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bogdan at 23:13:05 on 2012-02-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.89 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe
svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe
c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Terminator\Quick TV\Scheduled.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Bogdan\LOCALS~1\Temp\jophj.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Quick TV Agent] c:\program files\terminator\quick tv\Scheduled.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SMSTray] c:\program files\samsung\emodio\SMSTray.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2012\Inicio.exe"
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvremo~1.lnk - c:\program files\terminator\tv7131 utilities\P3XRCtl.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
TCP: Interfaces\{2EF00024-42A5-4C87-8A68-D303CB377BCB} : DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bogdan\application data\mozilla\firefox\profiles\i2x2jdqb.default\
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-2-29 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2012-2-29 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2012-2-29 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2012-2-29 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2012-2-29 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2012-2-29 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2012-2-29 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2012-2-29 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2012-2-29 59080]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2012\PsCtrlS.exe [2012-2-29 173312]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2012-2-29 163848]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2012\psksvc.exe [2012-2-29 28992]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\rkmtn.sys --> c:\windows\system32\drivers\rkmtn.sys [?]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2012-2-28 685824]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2012-2-29 201032]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-4-14 3584]
S3 3xHybrid;DTV-DVB 3056 PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2012-2-28 883328]
S4 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2012\PavFnSvr.exe [2012-2-29 202048]
S4 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2012-2-29 62768]
S4 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2012\pavsrvx86.exe [2012-2-29 314176]
.
=============== File Associations ===============
.
JSEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-29 20:52:20 103140 --sh--r- C:\baur.exe
2012-02-29 20:43:29 -------- d-----w- c:\documents and settings\bogdan\local settings\application data\Panda Security
2012-02-29 20:39:06 202332 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2012-02-29 20:38:53 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2012-02-29 20:38:53 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2012-02-29 20:38:52 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys
2012-02-29 20:38:29 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2012-02-29 20:38:29 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2012-02-29 20:38:29 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2012-02-29 20:38:24 -------- d-----w- c:\documents and settings\all users\application data\Backup
2012-02-29 20:38:18 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-02-29 20:36:09 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2012-02-29 20:35:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2012-02-29 20:34:53 87360 ----a-w- c:\windows\system32\PavLspHook.dll
2012-02-29 20:34:53 193344 ----a-w- c:\windows\system32\TpUtil.dll
2012-02-29 20:34:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2012-02-29 20:34:52 55616 ----a-w- c:\windows\system32\pavipc.dll
2012-02-29 20:34:50 520000 ----a-w- c:\windows\system32\PavSHook.dll
2012-02-29 20:34:39 201032 ----a-w- c:\windows\system32\drivers\neti1644.sys
2012-02-29 20:34:30 55552 ----a-w- c:\windows\system32\avldr.dll
2012-02-29 20:34:29 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2012-02-29 20:34:29 -------- d-----w- c:\windows\system32\PAV
2012-02-29 20:34:25 -------- d-----w- c:\program files\Panda Security
2012-02-29 20:34:25 -------- d-----w- c:\documents and settings\bogdan\application data\Panda Security
2012-02-29 20:34:25 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2012-02-29 20:33:26 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-02-29 20:33:26 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-02-29 20:33:25 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-02-29 20:33:25 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-02-29 20:33:25 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-02-29 20:33:15 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-02-29 20:33:14 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-02-29 20:33:04 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2012-02-29 20:33:04 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
2012-02-29 20:33:03 -------- d-----w- c:\program files\common files\Panda Security
2012-02-29 18:34:37 -------- d-----w- c:\program files\WhoCrashed
2012-02-29 12:02:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 11:33:57 -------- d-----w- c:\documents and settings\bogdan\application data\Desktop Sidebar
2012-02-29 11:25:31 -------- d-----w- c:\program files\Desktop Sidebar
2012-02-29 10:57:32 -------- d-----w- c:\program files\Yahoo!
2012-02-29 10:40:35 -------- d-----w- c:\documents and settings\bogdan\application data\Malwarebytes
2012-02-29 10:40:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-29 10:40:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 10:40:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 22:52:12 -------- d-----w- C:\My Video
2012-02-28 22:51:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-28 22:51:20 -------- d-----w- c:\documents and settings\bogdan\application data\DataCast
2012-02-28 22:51:02 -------- d-----w- c:\program files\MarkAny
2012-02-28 22:43:42 -------- d-----w- c:\program files\Samsung
2012-02-28 21:31:46 -------- d-----w- c:\program files\MCShield
2012-02-28 21:31:46 -------- d-----w- c:\documents and settings\all users\application data\MCShield
.
==================== Find3M ====================
.
.
============= FINISH: 23:15:38,76 ===============
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 01 Mar 2012 00:05
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Pozdrav MISTER UNSU,
Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti da uradiš jednu od sledećih solucija:
1) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.
2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).
3) Poseti temu Primena Live CD Rescue rešenja kako bi skenirao računar sa nekim RescueCD rešenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rešenjima.
Javi za koju si se varijantu odlučio.
|
|
|
|
|
|