Blokiranje programa

Blokiranje programa

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Pozdrav

Desava mi se ogroman problem. Naime, instalirala sam jedan programcic na D particiji i uz njega je dosao i patch. Taj patch sam ubacila u fajl u koji sam instalirala program i dvaput kliknula na taj patch. Od tada mi je pocelo blokiranje programa na C. Odnosno, kad restartujem comp, mogu pokrenuti jedan program,a poslije njega nista, nijedan program na C ne mogu da pokrenem, ni ctrl+alt+delete, cak ni propertis na desktop nece. Takodje ne mogu da odradim dds i gmer, dds otvori samo onaj crni prozor a gmer nista (kad odem na run).
Nadam se da ce biti nekakva pomoc! Hvala unaprijed!

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi Dr.Web CureIt (~24 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu


Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Napisano: 21 Apr 2010 1:46

E ovako, poslije zatrazene pomoci nekako mi se odblokirao search and destroy koji sam pokrenula ranije pa sam uradila scan. Tokom skeniranja i popravke, nod je kao prepoznao jedan virus i obrisao. Poslije toga popravilo se stanje mada mislim da nije rijeseno.

Prilikom skeniranja u safe modu sa dr.web cureIt-om, skenitanje je veoma sporo islo, u folderu drivers (sistem32) jedan fajl je skeniran 3-4min a fajlova ima 312, tako da sam odlozila skeniranje za sutra.
Medjutim, uspjela sam odraditi dds i gmer.

ps. ako ne treba scan u safe modu zbog uspjesnog dds i gmer, molim da se napomene!






DDS (Ver_10-03-17.01) - NTFSx86
Run by Nikola at 0:12:47.84 on Wed 04/21/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.603 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Novi Programi\ComodoFirewall\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Novi Programi\NetWorx\networx.exe
C:\Novi Programi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Novi Programi\ComodoFirewall\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Novi Programi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Nikola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\nikola\application data\dll\svchost.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\novipr~1\networx\deskband.dll
uRun: [Washer] c:\program files\washer\washer.exe /0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] "c:\novi programi\quicktime\QTTask.exe" -atboottime
mRun: [NetWorx] "c:\novi programi\networx\networx.exe" /auto
mRun: [Malwarebytes' Anti-Malware] "c:\novi programi\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\novi programi\comodofirewall\comodo\comodo internet security\cfp.exe" -h
mRunServicesOnce: [washindex] c:\program files\washer\washidx.exe "Nikola"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\airlive\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\airlive\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {A17D0446-139D-44FE-80C0-A9346DCDEA8D} = 217.23.192.9 217.23.192.14
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\system32\ebkp.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikola\applic~1\mozilla\firefox\profiles\9ozk9k0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/webhp?hl=bs&output=html
FF - plugin: c:\novi programi\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\novi programi\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-3 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 25240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\novi programi\comodofirewall\comodo\comodo internet security\cmdagent.exe [2010-3-3 1769216]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 MBAMService;MBAMService;c:\novi programi\malwarebytes' anti-malware\mbamservice.exe [2010-3-18 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-18 19160]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2009-2-20 462212]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-04-20 20:44:02 0 d-----w- c:\documents and settings\nikola\DoctorWeb
2010-04-20 15:51:21 0 d-sh--r- c:\docume~1\nikola\applic~1\dll
2010-04-20 14:12:05 0 d-----w- c:\program files\directx
2010-04-12 15:00:43 0 d-----w- c:\program files\DVBViewerTE
2010-04-12 15:00:07 122880 ----a-w- c:\windows\system32\Sky2PCUI.dll
2010-04-12 15:00:07 118784 ----a-w- c:\windows\system32\SkyDll.dll
2010-04-12 15:00:07 102400 ----a-w- c:\windows\system32\libbz2.dll
2010-04-11 19:24:07 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-03-28 13:22:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-22 16:48:48 572 ----a-w- c:\windows\eReg.dat

==================== Find3M ====================

2010-04-15 00:18:23 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-15 00:18:19 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-15 00:18:18 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-15 00:18:18 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-20 14:58:14 2776 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-15 20:46:41 4096 ----a-w- c:\windows\d3dx.dat
2010-02-25 21:19:20 25088 ----a-w- c:\windows\system32\ebkp.dll
2010-01-27 22:24:25 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 0:13:12.82 ===============


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 22 Apr 2010 15:59

Posto nema odgovora, pokrenula sam ponovo scan u safe modu ali ista stvar se desava. drivere tako sporo skenira da sam skontala (racunajuci) da mi treba preko 16h da uradi express scan, a tek complete scan:(

Pa molim ako se moze procitati iz DDS I GMER fajlova da li imam malware pa da ne radim ovaj scan. A ako treba ipak to odraditi, moze li se kako iskljuciti da ne skenira drajvere? I jos da napomenem (ne znam da li je vazno), prilikom podizanja sistema u safe modu, na crnom ekranu ocitava ove drajvere....

Hvala unaprijed!

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ne moras raditi scan ..Crni ekran je normalan.. Dalja uputstva dobijas veceras posle 22h.

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Hvala puno na odgovoru

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

:files
c:\documents and settings\nikola\application data\dll

Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"c:\windows\system32\userinit.exe," /E : value set successfully!
========== FILES ==========
c:\documents and settings\nikola\application data\dll folder moved successfully.

OTM by OldTimer - Version 3.1.10.2 log created on 04232010_013803

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Kao sto sam rekla ranije, programi su se odblokirali kada je odradio search and destroy, tako da sada ne prepoznajem razliku. Izgleda da ovaj malware nije pravio taj problem ali hvala na pomoci zbog uklanjanja.
Uglavnom, sve je ok.

Hvala puno!

Ko je trenutno na forumu
 

Ukupno su 1312 korisnika na forumu :: 34 registrovanih, 3 sakrivenih i 1275 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, aleksmajstor, babaroga, BlekMen, bojankrstc, Botovac, Brana01, cemix, darionis, darios, dragoljub11987, Georgius, Griffon vulture, havoc995, ILGromovnik, Krvava Devetka, kybonacci, ljuba, Mcdado, Mercury, Mihajlo, milenko crazy north, nebkv, nemkea71, Ripanjac, RJ, ruma, Seeker, solic, srbijaiznadsvega, W123, YU-UKI, zillbg, Čivi