Danas sam na fejsbuku dobio preko e majl adrese virus. 21 .2011

2

Danas sam na fejsbuku dobio preko e majl adrese virus. 21 .2011

offline
  • Pridružio: 22 Jul 2011
  • Poruke: 169

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zamoljavam te da detaljno pratis moja uputstva!!!
To je za tvoju dobrobit, a ne moju. Nemam ja ovde problem, vec ti. Ako vec pokusavam da ti pomognem, od tebe samo ocekujem da bar detaljno pratis uputstva koja ti dajem, a koja su jako detaljna i jasna.




Arrow

Nisi mi okacila ComboFix izvestaj nakon pokretanja skripte?
Izvestaj se nalazi u root-u C particije: C:\Combofix.txt





Arrow

Zapakuj u (zip, rar) arhivu sledeci folder:

C:\Qoobox\Quarantine

... i upload-uj ga preko link-a:

http://www.mycity.rs/ambulanta-upload.php










goran9888 (AMF Tim)

offline
  • Pridružio: 22 Jul 2011
  • Poruke: 169

Napisano: 23 Jul 2011 15:07

ComboFix 11-07-22.02 - Vladan 22.07.2011 21:47:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.337 [GMT 2:00]
Running from: c:\documents and settings\Vladan\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Vladan\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 16:14 . 2011-07-22 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-22 15:50 . 2011-07-22 15:50 -------- d-----w- c:\documents and settings\Vladan\Application Data\vlc
2011-07-22 15:49 . 2011-07-22 15:49 -------- d-----w- c:\program files\VideoLAN
2011-07-21 18:37 . 2011-07-21 18:37 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-21 18:36 . 2011-07-21 18:37 -------- d-----w- c:\program files\DAEMON Tools Pro
2011-07-21 18:00 . 2011-07-21 18:00 -------- d-----w- c:\program files\AVAST Software
2011-07-21 18:00 . 2011-07-21 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-07-21 14:40 . 2011-07-21 14:40 -------- d-----w- c:\windows\ufa
2011-07-21 14:40 . 2011-07-21 14:40 -------- d-----w- c:\windows\phoenix
2011-07-21 14:15 . 2011-07-21 14:15 -------- d-----w- c:\windows\av_ico
2011-07-21 14:13 . 2011-07-21 17:54 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-21 14:13 . 2011-07-21 17:54 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-03 14:46 . 2011-07-03 14:46 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 14:46 . 2011-07-03 14:46 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 14:25 . 2011-06-29 14:37 -------- d-----w- c:\windows\system32\NtmsData
2011-06-23 13:38 . 2011-07-22 15:45 -------- d-----w- c:\program files\The KMPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2011-06-01 16:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-06-01 16:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2011-06-01 15:13 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-01 14:52 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-01 15:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-01 14:53 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-01 14:52 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-06-01 14:52 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-06-01 14:52 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-06-01 14:52 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-01 14:52 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-06-01 14:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-15 20:37 . 2011-06-15 20:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-15 20:37 . 2011-06-15 20:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-10 18:02 . 2011-06-10 18:02 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-02 14:19 . 2011-06-02 14:19 14744 ----a-w- c:\documents and settings\Vladan\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-06-02 14:02 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2011-06-01 14:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-03 22:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-03 22:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-08-03 22:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 14:47 . 2004-08-03 22:56 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:47 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 12:56 . 2004-08-03 20:59 369664 ----a-w- c:\windows\system32\html.iec
2011-07-03 14:46 . 2011-06-05 20:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 46592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\D-Link\Bluetooth Software\BTTray.exe [2006-4-12 643133]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [1.6.2011 16:34 73088]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.6.2011 20:02 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.6.2011 17:13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.6.2011 16:53 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [21.7.2011 20:37 233024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.6.2011 16:53 19544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-152049171-725345543-1003Core.job
- c:\documents and settings\Vladan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 15:28]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-152049171-725345543-1003UA.job
- c:\documents and settings\Vladan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 15:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Vladan\Application Data\Mozilla\Firefox\Profiles\tpzdnxub.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-07-22 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-07-22 22:12:59
ComboFix-quarantined-files.txt 2011-07-22 20:12
.
Pre-Run: 62.083.203.072 bytes free
Post-Run: 62.073.720.832 bytes free
.
- - End Of File - - E7E0F3FAD1BB7FDBCDEE000F8D418832





mycity.rs/must-login.png

Dopuna: 23 Jul 2011 15:13

jesam li ovo lepo urdila. ovo sto sam zipovala sto sam ti poslala

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Nisi dobro odradila pustanje skripte, tj. nisi kopirala celu skriptu.


Ponovi postupak opet (prekopiraj celu skriptu) i okaci mi ComboFix izvestaj koji budes dobila.











goran9888 (AMF Tim)

offline
  • Pridružio: 22 Jul 2011
  • Poruke: 169

mycity.rs/must-login.png

mycity.rs/must-login.png

Quarantine neće da posalje na ovu adjesu kad (zip, rar) mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Sto se Quarantine-a tice, poslala si mi.




Da li ima nesto nejasno u ovome sto pisem?
Ukoliko imas pitanja, pitaj.

U Uputstvu lepo pise da ComboFix treba da stoji na Destkop-u, a kod tebe to nije slucaj;
U Uputstvu lepo pise da trebas da instaliras Recovery Console, a kod tebe to nije uradjeno.


Ja sam napisao da pokrenes opet CF skript, a ti mi poslala prethodni CF izvestaj.
Zamoljavam te da se skoncentrises i odradis ovo:





Arrow


Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.







goran9888 (AMF Tim)

offline
  • Pridružio: 22 Jul 2011
  • Poruke: 169

mycity.rs/must-login.png

mycity.rs/must-login.png sve sam stavilako jos sta treba

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow

Ukljuci Windows-ov Firewall:


Start -> Control Panel -> Windows Firewall -> ON



Arrow

Update-uj Malwarebytes Anti'Malware i izvrsi brzo skeniranje (Quick Scan). Izvestaj koji dobijes na kraju skeniranja okaci mi u sledecoj poruci.




Arrow

Imas li neke USB memorijske uredjaje koje bi zeleo da prekontrolisemo da li su zarazeni?




---------------------------------------------------



Kakvo je sada stanje sistema?








goran9888 (AMF Tim)

offline
  • Pridružio: 22 Jul 2011
  • Poruke: 169

mycity.rs/must-login.png

imam stik imam i blutut i đojstike. sa internetom je okej sve. samo jedna igrica tenis oštetiomije neki fajl u njemu pa stopa i stane. to sam juče probala.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.





goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 408 korisnika na forumu :: 23 registrovanih, 6 sakrivenih i 379 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, amaterSRB, bato3, Braca75, CrazySerb_MLD, Dežurni pod palubom, dovla p, ILGromovnik, indja, ivan979, ivica976, lacko, Oscar2, raketaš, rodoljub, srecko81, Taso, Trpe Grozni, vasa.93, VP6919, W123, wizzardone, wolverined4