Provera logova

Provera logova

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

Pozdrav.
Racunar mi je bio zarazen salyti-em pa sam formatirao C particija i instalirao win.Medjutim D particija nije formatirana i na njoj mi je MBAM pronasao virus sality.


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bogdan at 23:13:05 on 2012-02-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.89 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe
svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe
c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Terminator\Quick TV\Scheduled.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Bogdan\LOCALS~1\Temp\jophj.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Quick TV Agent] c:\program files\terminator\quick tv\Scheduled.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SMSTray] c:\program files\samsung\emodio\SMSTray.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2012\Inicio.exe"
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvremo~1.lnk - c:\program files\terminator\tv7131 utilities\P3XRCtl.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
TCP: Interfaces\{2EF00024-42A5-4C87-8A68-D303CB377BCB} : DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bogdan\application data\mozilla\firefox\profiles\i2x2jdqb.default\
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-2-29 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2012-2-29 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2012-2-29 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2012-2-29 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2012-2-29 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2012-2-29 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2012-2-29 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2012-2-29 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2012-2-29 59080]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2012\PsCtrlS.exe [2012-2-29 173312]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2012-2-29 163848]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2012\psksvc.exe [2012-2-29 28992]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\rkmtn.sys --> c:\windows\system32\drivers\rkmtn.sys [?]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2012-2-28 685824]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2012-2-29 201032]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-4-14 3584]
S3 3xHybrid;DTV-DVB 3056 PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2012-2-28 883328]
S4 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2012\PavFnSvr.exe [2012-2-29 202048]
S4 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2012-2-29 62768]
S4 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2012\pavsrvx86.exe [2012-2-29 314176]
.
=============== File Associations ===============
.
JSEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-29 20:52:20 103140 --sh--r- C:\baur.exe
2012-02-29 20:43:29 -------- d-----w- c:\documents and settings\bogdan\local settings\application data\Panda Security
2012-02-29 20:39:06 202332 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2012-02-29 20:38:53 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2012-02-29 20:38:53 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2012-02-29 20:38:52 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys
2012-02-29 20:38:29 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2012-02-29 20:38:29 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2012-02-29 20:38:29 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2012-02-29 20:38:24 -------- d-----w- c:\documents and settings\all users\application data\Backup
2012-02-29 20:38:18 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-02-29 20:36:09 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2012-02-29 20:35:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2012-02-29 20:34:53 87360 ----a-w- c:\windows\system32\PavLspHook.dll
2012-02-29 20:34:53 193344 ----a-w- c:\windows\system32\TpUtil.dll
2012-02-29 20:34:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2012-02-29 20:34:52 55616 ----a-w- c:\windows\system32\pavipc.dll
2012-02-29 20:34:50 520000 ----a-w- c:\windows\system32\PavSHook.dll
2012-02-29 20:34:39 201032 ----a-w- c:\windows\system32\drivers\neti1644.sys
2012-02-29 20:34:30 55552 ----a-w- c:\windows\system32\avldr.dll
2012-02-29 20:34:29 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2012-02-29 20:34:29 -------- d-----w- c:\windows\system32\PAV
2012-02-29 20:34:25 -------- d-----w- c:\program files\Panda Security
2012-02-29 20:34:25 -------- d-----w- c:\documents and settings\bogdan\application data\Panda Security
2012-02-29 20:34:25 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2012-02-29 20:33:26 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-02-29 20:33:26 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-02-29 20:33:25 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-02-29 20:33:25 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-02-29 20:33:25 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-02-29 20:33:15 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-02-29 20:33:14 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-02-29 20:33:04 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2012-02-29 20:33:04 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
2012-02-29 20:33:03 -------- d-----w- c:\program files\common files\Panda Security
2012-02-29 18:34:37 -------- d-----w- c:\program files\WhoCrashed
2012-02-29 12:02:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 11:33:57 -------- d-----w- c:\documents and settings\bogdan\application data\Desktop Sidebar
2012-02-29 11:25:31 -------- d-----w- c:\program files\Desktop Sidebar
2012-02-29 10:57:32 -------- d-----w- c:\program files\Yahoo!
2012-02-29 10:40:35 -------- d-----w- c:\documents and settings\bogdan\application data\Malwarebytes
2012-02-29 10:40:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-29 10:40:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 10:40:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 22:52:12 -------- d-----w- C:\My Video
2012-02-28 22:51:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-28 22:51:20 -------- d-----w- c:\documents and settings\bogdan\application data\DataCast
2012-02-28 22:51:02 -------- d-----w- c:\program files\MarkAny
2012-02-28 22:43:42 -------- d-----w- c:\program files\Samsung
2012-02-28 21:31:46 -------- d-----w- c:\program files\MCShield
2012-02-28 21:31:46 -------- d-----w- c:\documents and settings\all users\application data\MCShield
.
==================== Find3M ====================
.
.
============= FINISH: 23:15:38,76 ===============



https://www.mycity.rs/must-login.png

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3895
  • Gde živiš: Novi Sad,Klisa

Pozdrav MISTER UNSU,

Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti da uradiš jednu od sledećih solucija:

1) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.

2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).

3) Poseti temu Primena Live CD Rescue rešenja kako bi skenirao računar sa nekim RescueCD rešenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rešenjima.

Javi za koju si se varijantu odlučio.

offline
  • Pridružio: 21 Avg 2011
  • Poruke: 810
  • Gde živiš: Sibir

Napisano: 01 Mar 2012 8:28

Znam ja racunar u kantu i to je rjesenje....
Pa daj jebot* reinstalirao sam ga zbog salytija i on se vratio!!!!!!!!!!! GUZ - Glavom U Zid GUZ - Glavom U Zid GUZ - Glavom U Zid

Hajde da probamo sa killerom.

Dopuna: 01 Mar 2012 8:29

A da nemam tu opciju ovde..Nisam itao citav tekst jer prothodni put je bio isti ovakav(samo sto je tu bila opcija salyti killer).

Dopuna: 01 Mar 2012 8:45

Kolikav sam ja maler :/
Ocu sad da odem da skinem kaspersku rescue cs ali oces k****,nece da mi otvori kaspesky stranicu GUZ - Glavom U Zid

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3895
  • Gde živiš: Novi Sad,Klisa

::Korak 1

Formatiranje sistemske C particije i sveza instalacija Windows OS-a.
Posle instalacije svezeg Windowsa ne ulazi u druge particije Hard Diska osim sistemske!!!
Predji na sledeci korak.

::Korak 2

Preuzmi avast! Antivirus i MCShield.
http://www.avast.com/index
http://amf.mycity.rs/mcshield/

Instaliraj oba softwera. MCShield neka bude aktivan da bi sprecio re-infekciju putem USB uredjaja.
Sa avast antivirusom odradi boot-time skeniranje. Sve sto avast u boot time skenu detektuje kao malware ukloni!




::Korak 3
Klikni desnim tasterom misa na avast! ikonicu () u donjem desnom uglu ekrana i izaberi Open Avast! User Interface
Isprati detaljno sve korake sa slike:


Nakon toga izabrati opciju Restart Computer kao na slici:


Racunar ce se restartovati i pre startovanja sistema ce pokrenuti Boot-Scan proces.
U toku skeniranja, ukoliko malware bude detektovan izabrati opciju Move infected files to Quarantine.


Okaci log, opcijom Prikaci fajl, uz poruku, koji se nalazi na sledecoj lokaciji:
Citat:C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt < --- Windows XP

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt < --- Windows Vista, 7




::Korak 4

Preuzmi svez DDS na Desktop. Ponovo pokreni DDS i kopiraj svez log na forum.


NIx Car (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 349 korisnika na forumu :: 11 registrovanih, 1 sakriven i 337 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: alexmiki, bato3, Dannyboy, dragoljub11987, igormihajlovic, ILGromovnik, Lep1na, Marko Marković, Mixelotti, Skijavoneska, White Knight