Virusi...Pomoc

Virusi...Pomoc

offline
  • Jocic 
  • Novi MyCity građanin
  • Pridružio: 30 Jun 2009
  • Poruke: 6

I posle reinstalacije Windows-a imam probleme sa virusima,pa bih molio ako mozete da mi pomognete da se resim ove gamadi.Ne dozvoljava cak ni instalaciju Antivirusa(pokusao sam da instaliram KIS2010) tako da sam bez antivirusa! Sad


DDS (Ver_09-07-30.01) - NTFSx86
Run by Ivan at 16:18:25.39 on Thu 08/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.600 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\DOCUME~1\IVAN~1.IVA\LOCALS~1\Temp\winyjyub.exe
C:\DOCUME~1\IVAN~1.IVA\LOCALS~1\Temp\winruvu.exe
C:\DOCUME~1\IVAN~1.IVA\LOCALS~1\Temp\wf9726.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Ivan.IVAN-F8CB1039F0\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ivan~1.iva\applic~1\mozilla\firefox\profiles\u7f27tka.default\
FF - prefs.js: browser.startup.homepage - facebook.com
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\ivan.ivan-f8cb1039f0\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\njnmkn.sys --> c:\windows\system32\drivers\njnmkn.sys [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\ivan~1.iva\locals~1\temp\RPG11A.tmp [2009-8-9 17864]

=============== Created Last 30 ================

2009-08-13 15:40 <DIR> --d----- c:\windows\pss
2009-08-13 15:36 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-08-13 15:36 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-08-13 15:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab
2009-08-13 15:31 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab Setup Files
2009-08-13 14:54 <DIR> --d----- c:\docume~1\ivan~1.iva\applic~1\TeamViewer
2009-08-13 14:54 <DIR> --d----- c:\program files\TeamViewer
2009-08-13 14:52 <DIR> --d----- c:\documents and settings\ivan.ivan-f8cb1039f0\temp
2009-08-13 14:14 <DIR> --d----- c:\program files\The KMPlayer
2009-08-13 14:10 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-08-13 03:02 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-13 03:01 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-12 17:27 <DIR> --d----- c:\program files\Garena
2009-08-10 17:18 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-10 17:14 <DIR> --d----- c:\program files\AskBarDis
2009-08-10 17:14 <DIR> --d----- c:\program files\FrostWire
2009-08-10 16:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Kaspersky Anti-Virus Personal
2009-08-10 05:08 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-10 05:05 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-10 05:05 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-10 05:05 2,180,480 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-10 05:05 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-10 05:04 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-10 05:04 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-10 04:52 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-09 21:13 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-08-09 20:57 77,333 a------- c:\windows\War3Unin.dat
2009-08-09 20:57 2,829 a------- c:\windows\War3Unin.pif
2009-08-09 20:57 139,264 a------- c:\windows\War3Unin.exe
2009-08-09 20:32 94,592 a----r-- c:\windows\system32\drivers\Rtenicxp.sys
2009-08-09 20:32 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
2009-08-09 20:31 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-08-09 20:31 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-08-09 20:28 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-08-09 20:27 315,392 a------- c:\windows\HideWin.exe
2009-08-09 20:27 356,352 a----r-- c:\windows\system32\nvusmb.exe
2009-08-09 20:27 1,864 a----r-- c:\windows\system32\nvsmb.nvu
2009-08-09 20:25 558 a------- c:\windows\DFC.INI
2009-08-09 20:23 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-08-09 20:23 <DIR> --d----- c:\program files\muvee Technologies
2009-08-09 20:23 <DIR> --d----- c:\windows\RegisteredPackages
2009-08-09 20:21 127,254 a------- c:\windows\system32\nvapps.xml
2009-08-09 20:20 356,352 a------- c:\windows\system32\nvudisp.exe
2009-08-09 20:20 17,463 a------- c:\windows\system32\nvdisp.nvu
2009-08-09 20:19 356,352 a------- c:\windows\system32\NVUNINST.EXE
2009-08-09 20:16 <DIR> --d----- c:\documents and settings\Ivan.IVAN-F8CB1039F0
2009-08-09 20:15 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-09 20:11 426,041 ac------ c:\windows\system32\dllcache\voicepad.dll
2009-08-09 20:10 92,032 ac------ c:\windows\system32\dllcache\mga.dll
2009-08-09 20:09 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-08-09 20:08 16,439 ac------ c:\windows\system32\dllcache\admin.exe
2009-08-09 20:08 20,540 ac------ c:\windows\system32\dllcache\admin.dll
2009-08-09 20:08 2,577 a------- c:\windows\system32\CONFIG.NT
2009-08-09 20:08 0 a------- c:\windows\control.ini
2009-08-09 20:08 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-09 20:08 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-09 20:08 316,640 a------- c:\windows\WMSysPr9.prx
2009-08-09 20:07 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-08-09 20:07 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-09 20:07 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-09 20:06 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-09 20:06 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-09 20:06 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-09 20:06 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-08-09 20:06 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-09 20:06 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-08-09 20:06 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-08-09 20:04 102,400 ac------ c:\windows\system32\dllcache\pchshell.dll
2009-08-09 20:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-09 20:02 65,832 a------- c:\windows\Santa Fe Stucco.bmp
2009-08-09 20:01 473,088 ac------ c:\windows\system32\dllcache\fastprox.dll
2009-08-09 13:00 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-08-09 13:00 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-08-09 12:59 74,240 a------- c:\windows\system32\usbui.dll
2009-08-09 12:56 8,192 ac------ c:\windows\system32\dllcache\kbdhept.dll
2009-08-09 12:56 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-08-09 12:54 623 a------- c:\windows\system32\$winnt$.inf
2009-08-09 11:39 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-09 11:39 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-08-09 11:39 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-09 11:39 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-09 11:39 <DIR> --d----- c:\program files\Kaspersky Lab
2009-08-09 08:11 <DIR> --d----- c:\windows\setup.pss
2009-08-08 08:28 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-08 06:39 <DIR> --d----- c:\program files\Microsoft Games
2009-07-26 04:35 <DIR> --d----- c:\program files\Managed DirectX (0901)
2009-07-23 11:38 <DIR> --d----- C:\heroes
2009-07-19 06:32 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll

==================== Find3M ====================

2009-08-10 23:34 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 15:48 219,664 a------- c:\windows\system32\klogon.dll
2009-07-03 15:45 27,507 a------- c:\windows\system32\drivers\klopp.dat
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 09:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-25 11:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 11:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 11:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 11:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 11:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 11:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 11:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 11:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 11:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 11:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 11:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 11:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-15 14:01 128,016 a------- c:\windows\system32\drivers\kl1.sys
2009-06-12 04:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 00:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-02 09:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-29 14:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-29 14:31 881,664 a------- c:\windows\system32\xvidcore.dll

============= FINISH: 16:18:38.82 ===============

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ovo ne izgleda dobro.

Ovde je aktivna jedna varijanta Sality-ja; u pitanju je virus (file infektor).

Za dezinfekciju virusa je potrebno koristiti antivirus program - problem je u tome što je dezinfekcija praktično nemoguća iz aktivnog Windows-a.


Postoje tri mogućnosti:

1. formatiranje diska i instalacija Windows-a.

Ako ti je hard disk podeljen na više particija, sve što ti je bitno možeš skloniti na jednu od njih, formatirati C: disk i instalirati Windows.
Odmah nakon toga bi bilo potrebno izvršiti skeniranje svih preostalih particija.

2. mogao bi pokušati izvršiti dezinfekciju korišćenjem LiveCD-a neke AV kompanije. To uključuje download image-a, snimanje na CD, boot sa tog CD-a i skeniranje.

3. mogao bi prebaciti svoj HDD u drugi kompjuter i tamo ga skenirati.


Dezinfekcija aktivnog Sality-ja je stvarno nemoguća misija.


Izaberi jednu od ove tri opcije pa da te uputim na odgovarajuće programe.

Ko je trenutno na forumu
 

Ukupno su 828 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 783 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, aramis s, babaroga, Bane san, bankulen, Bogoslov, bojank, branko7, celik, Ctrl x, dekao, Denaya, djordje92sm, Doca, doktor1964, Drug pukovnik, Hektor, ivica976, Jovan Nenad, komkom, krlebgd77, Marko Marković, meelosh64, mercedesamg, Mixelotti, neutralal.com, operniki, pein, Profica, Recce, repac, RJ, ruma, Srki94, suton, Toni, vasa.93, VJ, wolf431, x9