Win32.Sality virus

4

Win32.Sality virus

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Ovo je stanje:Vista me je uzasno iznervirala(manje vise vec joj treba 2.5 min da se podigne...SP1 nece da se instalira......)Zbog tih razloga napravio sam opet triple boot(linux xp i vista)--->tu je xp defoult sistem...Ovo sam uradio uz viste mada se i XP naravno zarazio.Ako tako zelis odradicu format visitne particije(vec sam bekapovao 500mb vaznih dokumenata iz viste)i nece mi predstavljati problem da formatiram vistu....I da ovo sa virusom lepo zavrsimo iz xp iz kojeg smo poceli Smile.Pa ce biti vremena da je instaliram kad se otarasimo virusa Smile.
Odluka je na tebi da resavamo paralelno iz viste i iz xp ili da formatiram vistu
sta god da odlucih ja se slazem






ComboFix 09-03-26.03 - veljko 2009-03-27 9:16:47.11 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.3070.2277 [GMT 1:00]
Running from: c:\users\veljko\Desktop\ComboFix.exe
Command switches used :: c:\users\veljko\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 17:30 . 2009-03-27 17:30 619 --ah----- C:\MsInstaller.exe
2009-03-27 14:57 . 2009-03-27 14:58 <DIR> d-------- c:\program files\Counter-Strike 1.62
2009-03-27 13:42 . 2006-11-02 11:23 <DIR> dr------- c:\users\veljkoo\Videos
2009-03-27 13:42 . 2006-11-02 11:23 <DIR> d-------- c:\users\veljkoo\Saved Games
2009-03-27 13:42 . 2006-11-02 11:23 <DIR> dr------- c:\users\veljkoo\Pictures
2009-03-27 13:42 . 2006-11-02 11:23 <DIR> dr------- c:\users\veljkoo\Music
2009-03-27 13:42 . 2006-11-02 11:23 <DIR> dr------- c:\users\veljkoo\Links
2009-03-27 13:42 . 2006-11-02 11:23 <DIR> dr------- c:\users\veljkoo\Downloads
2009-03-27 13:42 . 2009-03-27 13:42 <DIR> dr------- c:\users\veljkoo\Documents
2009-03-27 13:42 . 2006-11-02 12:18 <DIR> d--h----- c:\users\veljkoo\AppData
2009-03-27 13:42 . 2009-03-27 13:42 <DIR> d-------- c:\users\veljkoo
2009-03-27 09:16 . 2009-03-27 09:16 <DIR> d-------- c:\users\veljko\AppData\Roaming\progeSOFT
2009-03-27 09:16 . 2009-03-27 09:16 <DIR> d-------- c:\users\All Users\progeSOFT
2009-03-27 09:16 . 2009-03-27 09:16 <DIR> d-------- c:\programdata\progeSOFT
2009-03-26 21:41 . 2009-03-26 21:41 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2009-03-26 21:41 . 2009-03-26 21:41 <DIR> d-------- c:\programdata\Yahoo! Companion
2009-03-26 21:38 . 2009-03-26 21:38 <DIR> d-------- C:\WFDB
2009-03-26 21:38 . 2009-03-26 21:38 <DIR> d-------- c:\program files\WinFast
2009-03-26 21:38 . 2009-03-26 21:38 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2009-03-26 21:38 . 2009-03-26 21:38 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-03-26 21:31 . 2007-07-25 12:43 405,632 --a------ c:\windows\System32\drivers\wfeaglxt.sys
2009-03-26 21:27 . 2009-03-26 21:27 <DIR> d-------- c:\windows\Album
2009-03-26 21:27 . 2009-03-26 21:27 <DIR> d-------- c:\program files\KYE
2009-03-26 21:27 . 2005-01-28 14:15 7,064 --a------ c:\windows\System32\WMVCORE.lib
2009-03-26 21:26 . 2009-03-26 21:26 <DIR> d-------- c:\windows\PixArt
2009-03-26 21:26 . 2009-03-26 21:26 <DIR> d-------- c:\program files\Common Files\i-Look 110
2009-03-26 21:26 . 2008-02-13 13:17 618,112 --a------ c:\windows\System32\drivers\PFC027.SYS
2009-03-26 21:26 . 2007-05-17 15:50 129,024 --a------ c:\windows\System32\SP207.AX
2009-03-26 21:26 . 2008-04-23 14:05 47,616 --a------ c:\windows\System32\Remove.exe
2009-03-26 21:26 . 2007-11-02 11:07 6,656 --a------ c:\windows\System32\CoInst_080213.dll
2009-03-26 21:26 . 2007-06-29 11:07 566 --a------ c:\windows\System32\SP207.ini
2009-03-26 21:26 . 2008-05-07 16:19 407 --a------ c:\windows\System32\Remover.ini
2009-03-26 18:35 . 2009-03-26 18:35 <DIR> d-------- c:\program files\WinPcap
2009-03-26 18:35 . 2009-03-26 19:57 <DIR> d-------- c:\program files\WC3Banlist
2009-03-26 18:35 . 2005-01-22 20:12 679,936 --a------ c:\windows\System32\D3DX81ab.dll
2009-03-26 18:27 . 2009-03-26 21:46 917,504 --------- c:\windows\SPInstall.etl
2009-03-26 17:32 . 2009-03-26 17:32 <DIR> d-------- C:\USBNoRisk
2009-03-26 17:17 . 2009-03-26 18:17 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-26 17:17 . 2009-03-26 18:17 <DIR> d-a------ c:\programdata\TEMP
2009-03-26 17:17 . 2009-03-26 17:17 <DIR> d-------- c:\program files\GetData
2009-03-26 17:16 . 2009-03-26 17:16 <DIR> d-------- c:\program files\Active Data Recovery Software
2009-03-26 17:14 . 2009-03-26 17:14 <DIR> d-------- c:\program files\PC Inspector File Recovery
2009-03-26 17:14 . 2002-02-18 18:40 6,200 --a------ c:\windows\System32\INT13EXT.VXD
2009-03-26 17:07 . 2009-03-26 17:07 <DIR> d-------- c:\program files\Runtime Software
2009-03-26 16:43 . 2009-03-26 16:43 <DIR> d-------- c:\users\veljko\AppData\Roaming\Windows Live Writer
2009-03-26 16:39 . 2009-03-26 16:39 <DIR> d-------- c:\users\veljko\Tracing
2009-03-26 16:36 . 2009-03-26 16:36 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-26 16:36 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2009-03-26 16:35 . 2009-03-26 16:35 <DIR> d-------- c:\program files\Microsoft
2009-03-26 16:24 . 2009-03-26 16:35 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-03-26 16:24 . 2009-03-26 16:35 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-03-26 16:24 . 2009-03-26 16:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-26 14:49 . 2009-03-26 14:49 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-26 14:48 . 2009-03-26 14:48 <DIR> d-------- c:\windows\PCHEALTH
2009-03-26 14:48 . 2009-03-26 16:38 <DIR> d-------- c:\program files\Windows Live
2009-03-26 14:45 . 2009-03-26 14:45 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-26 14:22 . 2009-03-26 14:22 <DIR> d-------- c:\program files\Picasa2
2009-03-26 14:22 . 2009-03-26 14:27 <DIR> d-------- c:\program files\PhotoFiltre
2009-03-26 14:22 . 2006-10-05 03:42 2,560 --------- c:\windows\System32\drivers\cdralw2k.sys
2009-03-26 14:22 . 2006-10-05 03:42 2,432 --------- c:\windows\System32\drivers\cdr4_xp.sys
2009-03-26 14:21 . 2009-03-26 14:21 <DIR> d-------- c:\users\veljko\AppData\Roaming\Winamp
2009-03-26 14:21 . 2009-03-26 14:21 <DIR> d-------- c:\program files\Yahoo!
2009-03-26 14:21 . 2009-03-26 14:21 <DIR> d-------- c:\program files\Winamp
2009-03-26 14:21 . 2009-03-26 14:21 <DIR> d-------- c:\program files\foobar2000
2009-03-26 14:21 . 2009-03-26 14:21 <DIR> d-------- c:\program files\CCleaner
2009-03-26 14:21 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll
2009-03-25 23:07 . 2009-03-26 14:46 <DIR> d-------- c:\users\All Users\Google
2009-03-25 23:06 . 2009-03-25 23:06 <DIR> d-------- c:\program files\Nero 9
2009-03-25 23:06 . 2009-03-25 23:06 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-25 23:06 . 2009-03-25 23:06 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
2009-03-25 23:06 . 2008-07-04 10:23 1,757,184 --a------ c:\windows\System32\imagX7.dll
2009-03-25 23:06 . 2008-07-04 10:23 802,816 --a------ c:\windows\System32\imagXRA7.dll
2009-03-25 23:06 . 2008-07-04 10:23 497,296 --a------ c:\windows\System32\imagXpr7.dll
2009-03-25 23:06 . 2006-03-17 15:49 368,640 --a------ c:\windows\System32\twnlib4.dll
2009-03-25 23:06 . 2008-07-04 10:23 258,048 --a------ c:\windows\System32\imagXR7.dll
2009-03-25 22:59 . 2009-03-25 23:02 <DIR> d-------- c:\program files\Garena
2009-03-25 22:57 . 2009-03-25 22:57 <DIR> d-------- c:\users\veljko\AppData\Roaming\OpenOffice.org
2009-03-25 22:53 . 2009-03-25 22:53 <DIR> d-------- c:\users\veljko\AppData\Roaming\Corel
2009-03-25 22:53 . 2009-03-25 22:53 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-03-25 22:53 . 2009-03-25 22:53 <DIR> d-------- c:\program files\JRE
2009-03-25 22:53 . 2009-03-25 22:56 2,828 --ahs---- c:\users\All Users\KGyGaAvL.sys
2009-03-25 22:53 . 2009-03-25 22:56 2,828 --ahs---- c:\programdata\KGyGaAvL.sys
2009-03-25 22:53 . 2009-03-25 22:53 8 -r-hs---- c:\users\All Users\77083ACD65.sys
2009-03-25 22:53 . 2009-03-25 22:53 8 -r-hs---- c:\programdata\77083ACD65.sys
2009-03-25 22:52 . 2009-03-25 22:52 <DIR> d-------- c:\users\All Users\Corel
2009-03-25 22:52 . 2009-03-25 22:52 <DIR> d-------- c:\programdata\Corel
2009-03-25 22:52 . 2009-03-25 22:52 <DIR> d-------- c:\program files\Common Files\Protexis
2009-03-25 22:49 . 2009-03-25 23:07 <DIR> d-------- c:\program files\Google
2009-03-25 22:46 . 2009-03-25 22:46 <DIR> d-------- c:\program files\Common Files\Corel
2009-03-25 22:45 . 2009-03-25 22:45 <DIR> d-------- c:\program files\Corel
2009-03-25 22:44 . 2009-03-25 22:44 <DIR> d-------- c:\users\veljko\AppData\Roaming\InstallShield
2009-03-25 22:42 . 2009-03-25 22:42 <DIR> d-------- c:\program files\AnswerWorks 4.0
2009-03-25 22:41 . 2009-03-25 22:41 <DIR> d-------- c:\users\veljko\AppData\Roaming\Autodesk
2009-03-25 22:41 . 2009-03-25 22:41 <DIR> d-------- c:\users\All Users\Autodesk
2009-03-25 22:41 . 2009-03-25 22:41 <DIR> d-------- c:\programdata\Autodesk
2009-03-25 22:41 . 2009-03-25 22:43 <DIR> d-------- c:\program files\AutoCAD 2007
2009-03-25 22:40 . 2009-03-25 22:42 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-03-25 22:40 . 2009-03-25 22:40 <DIR> d-------- c:\program files\Autodesk
2009-03-25 22:38 . 2009-03-25 22:38 <DIR> d-------- C:\install
2009-03-25 22:19 . 2009-03-25 22:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-25 22:18 . 2009-03-26 14:21 <DIR> d-------- c:\users\All Users\Adobe
2009-03-25 22:16 . 2009-03-25 22:16 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-25 22:15 . 2009-03-26 14:21 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-25 22:05 . 2009-03-25 22:05 <DIR> d-------- c:\program files\Print3D Corporation
2009-03-25 22:04 . 2009-03-25 22:04 <DIR> d-------- c:\program files\progeSOFT
2009-03-25 22:04 . 2009-01-10 18:54 1,645,320 --a------ c:\windows\System32\gdiplus.dll
2009-03-25 22:03 . 2009-03-25 22:03 155,655,543 --a------ c:\windows\System32\xa17798622.exe
2009-03-25 22:03 . 2009-03-25 22:03 155,655,543 --a------ c:\windows\System32\xa17772616.exe
2009-03-25 20:56 . 2009-03-25 20:56 <DIR> d-------- c:\users\veljko\AppData\Roaming\GRETECH
2009-03-25 20:55 . 2009-03-25 20:55 <DIR> d-------- c:\program files\GRETECH
2009-03-25 17:23 . 2009-03-25 17:23 <DIR> d-------- C:\lupo
2009-03-25 02:07 . 2009-03-26 14:48 <DIR> d-------- c:\windows\Debug
2009-03-25 02:05 . 2009-03-25 02:09 <DIR> d-------- c:\windows\Panther
2009-03-25 02:05 . 2009-03-26 20:42 <DIR> d--hs---- C:\Boot
2009-03-25 02:05 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr
2009-03-24 20:02 . 2009-03-27 16:07 <DIR> d-------- c:\users\veljko\.gimp-2.6
2009-03-24 20:02 . 2009-03-24 20:02 <DIR> d-------- c:\users\veljko\.gegl-0.0
2009-03-24 20:01 . 2009-03-24 20:01 <DIR> d-------- c:\program files\Gimp-2.0
2009-03-24 19:59 . 2009-03-24 19:59 <DIR> d-------- c:\users\All Users\ACD Systems
2009-03-24 19:59 . 2009-03-24 19:59 <DIR> d-------- c:\programdata\ACD Systems
2009-03-24 19:59 . 2009-03-24 19:59 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-24 19:59 . 2009-03-24 19:59 <DIR> d-------- c:\program files\ACD Systems
2009-03-24 19:51 . 2009-03-26 16:38 <DIR> d--hs---- c:\windows\Installer
2009-03-24 19:05 . 2009-03-24 19:05 <DIR> d-------- c:\program files\Trend Micro
2009-03-24 19:01 . 2009-03-24 19:02 <DIR> d-------- c:\program files\Counter-Strike 1.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 18:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-10 17:58 89,360 ----a-w c:\windows\System32\vb5db.dll
2009-01-10 17:58 61,440 ----a-w c:\windows\System32\wintab32.dll
2009-01-10 17:58 1,060,864 ----a-w c:\windows\System32\mfc71.dll
2009-01-10 17:57 40,960 ----a-w c:\windows\System32\vbame.dll
2009-01-10 17:57 1,146,184 ----a-w c:\windows\System32\fm20.dll
2009-01-10 17:55 73,728 ----a-w c:\windows\System32\skeydrv.dll
2009-01-10 17:55 2,134,016 ----a-w c:\windows\System32\cdintf251.dll
2009-01-10 17:55 132,392 ----a-w c:\windows\System32\skeyinst.dll
2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASuite"="c:\users\veljko\Desktop\Lupo PenSuite v6.70 Full\Launcher\ASuite.exe" [2008-05-24 457728]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-11-16 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-11-15 2850816]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^veljko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\veljko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 116592 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASuite]
--a------ 2008-05-24 21:26 457728 d:\lupo pensuite v6.70 full\Launcher\ASuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-03-24 18:36 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3955040 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-01-03 22:26 13515296 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-03 22:26 86016 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2008-01-03 22:26 90112 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2006-11-02 13:33 1196032 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemExplorer]
--a------ 2008-08-25 20:36 569344 c:\users\veljko\Desktop\Lupo PenSuite v6.70 Full\Apps\System Explorer\System Explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-02 13:32 1004136 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:32 2159104 c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-207583750-273483801-176882428-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4FBA1554-4C0B-4F97-B742-834EC9EF4D89}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{C2AC0505-42EC-4C28-AAF5-E4F8416FADF6}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{837A3202-8FA0-4C46-822E-BF2EB543A431}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{27F9BCA3-7ABB-44D4-9B68-D3AE6D033D8B}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{126C18EE-9920-40A5-8A96-5BCA753BC3C9}"= UDP:5353:Adobe CSI CS4
"{A39A8FA3-35D2-4A0C-B3F0-28B77CA81780}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{BC7FCD52-15C1-497D-86A9-1FDC0F3ABA35}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {CD5C267B-C272-4234-9173-4D5552C39DCE}
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"d:\\Igre\\Warcraft III\\Frozen Throne.exe"= d:\igre\Warcraft III\Frozen Throne.exe:*:Enabled:ipsec
"c:\\Windows\\system32\\Dwm.exe"= c:\windows\system32\Dwm.exe:*:Enabled:ipsec
"d:\\Instalacije\\ACDSee Photo Manager 2009 v11.0.85\\ACDSee Photo Manager 2009 v11.0.85\\setup.exe"= d:\instalacije\ACDSee Photo Manager 2009 v11.0.85\ACDSee Photo Manager 2009 v11.0.85\setup.exe:*:Enabled:ipsec
"c:\\Windows\\system32\\MsiExec.exe"= c:\windows\system32\MsiExec.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\Desktop\\Warcraft III\\Frozen Throne.exe"= c:\users\veljko\Desktop\Warcraft III\Frozen Throne.exe:*:Enabled:ipsec
"c:\\Program Files\\Runtime Software\\GetDataBack for NTFS\\gdbnt.exe"= c:\program files\Runtime Software\GetDataBack for NTFS\gdbnt.exe:*:Enabled:ipsec
"c:\\Windows\\system32\\CF16409.exe"= c:\windows\system32\CF16409.exe:*:Enabled:ipsec
"d:\\Instalacije\\ostali programi vazni\\Avast 4.8 srb home.exe"= d:\instalacije\ostali programi vazni\Avast 4.8 srb home.exe:*:Enabled:ipsec
"d:\\Instalacije\\ostali programi vazni\\blender-2.45-windows.exe"= d:\instalacije\ostali programi vazni\blender-2.45-windows.exe:*:Enabled:ipsec
"d:\\Instalacije\\ostali programi vazni\\AdbeRdr90_en_US.exe"= d:\instalacije\ostali programi vazni\AdbeRdr90_en_US.exe:*:Enabled:ipsec
"d:\\Instalacije\\ostali programi vazni\\CCleaner 2.10.618.exe"= d:\instalacije\ostali programi vazni\CCleaner 2.10.618.exe:*:Enabled:ipsec
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= c:\program files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec
"c:\\Windows\\VFIND.exe"= c:\windows\VFIND.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\Desktop\\Lupo PenSuite v6.70 Full\\Apps\\System Explorer\\System Explorer.exe"= c:\users\veljko\Desktop\Lupo PenSuite v6.70 Full\Apps\System Explorer\System Explorer.exe:*:Enabled:ipsec
"c:\\Windows\\system32\\taskeng.exe"= c:\windows\system32\taskeng.exe:*:Enabled:ipsec
"c:\\Program Files\\ACD Systems\\ACDSee\\11.0\\ACDSeeQV11.exe"= c:\program files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\dmvqq.exe"= c:\users\veljko\AppData\Local\Temp\dmvqq.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winigsu.exe"= c:\users\veljko\AppData\Local\Temp\winigsu.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winmwqcw.exe"= c:\users\veljko\AppData\Local\Temp\winmwqcw.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\qalkf.exe"= c:\users\veljko\AppData\Local\Temp\qalkf.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winbvkdq.exe"= c:\users\veljko\AppData\Local\Temp\winbvkdq.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winpdnx.exe"= c:\users\veljko\AppData\Local\Temp\winpdnx.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winiwsmn.exe"= c:\users\veljko\AppData\Local\Temp\winiwsmn.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winftmop.exe"= c:\users\veljko\AppData\Local\Temp\winftmop.exe:*:Enabled:ipsec
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"= c:\program files\Counter-Strike 1.6\hlds.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winnqrex.exe"= c:\users\veljko\AppData\Local\Temp\winnqrex.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winjlnsl.exe"= c:\users\veljko\AppData\Local\Temp\winjlnsl.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\winpxgerc.exe"= c:\users\veljko\AppData\Local\Temp\winpxgerc.exe:*:Enabled:ipsec
"c:\\Users\\veljko\\AppData\\Local\\Temp\\obdlu.exe"= c:\users\veljko\AppData\Local\Temp\obdlu.exe:*:Enabled:ipsec

R3 NPF;Netgroup Packet Filter;c:\windows\System32\drivers\npf.sys [2005-08-02 32512]
R3 PAC207;i-Look 110;c:\windows\System32\drivers\PFC027.SYS [2009-03-26 618112]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2009-03-26 9446]
R3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);c:\windows\System32\drivers\wfeaglxt.sys [2009-03-26 405632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dab7d4e-18d9-11de-a2db-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\veljko\AppData\Roaming\Mozilla\Firefox\Profiles\umn96b4m.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 09:17:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-27 9:18:43
ComboFix-quarantined-files.txt 2009-03-27 08:18:41

Pre-Run: 2,853,806,080 bytes free
Post-Run: 2,820,476,928 bytes free

269

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Džaba ti formatiraš disk, ako ćeš da koristiš inficirane instalacije, kr*kove napakovane malware-om i sl.

Znači, potrebno je da očistiš PC i da ga ne inficiraš nanovo. A to nije tako komplikovano - samo treba da se odrekneš te svoje kolekcije softvera.

Opet ponavljam; možeš pokušati sa formatiranjem jedne particije i instalacijom Windows-a a zatim bez da pristupaš ostalim particijama, izvršiti skeniranje svojim AV-om i kao dodatne provere koristiti CureIt, Norman Malware Cleaner ili online skeniranja.

Ali i nakon toga neće biti 100% sigurno da je sve čisto i bezbedno za upotrebu. Razmisli da li se isplati - pogledaj koliko vremena si već do sada izgubio na ovo.

Stvarno je vreme da ovo rešiš (ti si taj koji ovo mora da reši - ja mogu ovako da piskaram do besvesti, ali ti ne mogu dati konkretnu pomoć).

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Ako mora mora.Imam josh jedno pitanje da li se sality bezuje samo za fajlove samo sa exe ekstenzijom.Ako se vezuje da ne brisem i muziku i klipove i tako to Sad.Odrecicu se svoje kolekcije softvera(
Ono sto ostaje na kompu jednino sto mi je vazno je warcraft3 ali ne ne znam da li je on inficiran.Eto dovoljan mi je samo on Sad.I njega bi brisao ali..nemam vise cd-ove?
Kad mi dogovorish odoh u linux da raspalim po formatiranju Sad Sad

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Samo izvršni file-ovi (exe, scr, ...) mogu biti problematični.

Čisto da se razumemo - ovo ovde ne mora biti Sality (i ne izgleda tako, bar ne ovo što je na Visti).
Ponavljam: možeš formatirati jednu particiju i skenirati sve ostalo sa nekoliko različitih skenera. Prvi put je to upalilo (inficirao si se sasvim drugim HDD-om).

Ako se odlučiš za tu varijantu:

-instaliraj jedan od AV-ova:

http://www.avast.com/eng/home_edition.html
http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
http://free.avg.com/download-avg-anti-virus-free-edition

Odradi skeniranje.

Dodatne provere:

http://www.freedrweb.com/cureit/
http://www.norman.com/Virus/Virus_removal_tools/24789/en


Ako imaš i neki flash - treba ga formatirati.

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Ok onda da pokusamo josh jednom.Evo me u xp safe modu(Pomocu cf sam trenutno otklonio virus)I skeniracu sa dr web ciure it

Dopuna: 28 Mar 2009 14:13

Program.PcExec.170
Win32.sector.17
i modification of win32 sector.5
On se negde na 75% skeniranja zabagovao ali znam da je SKENIRAO celu c particiju i pola F PARTICIJE.pa cu ja opet skenirati tu f particiju pomocu custom scan..
Log ne mogu prikaciti jer su mi sve opcije sive(onemogucene)

Dopuna: 28 Mar 2009 14:14

Zaboravih da napomenem ovo gore su nazivi koje je detektovao( detektovao je oko 2300 virusa)sad cu pokrenuti scan na F patiicji

Dopuna: 28 Mar 2009 14:48

Ne mgou vise.Okoncavam ovo Smile.Nesto malo filmova muzike i 3 xex fajla sam prebacio na fles od 8gb.CEO HARD DISK cu da fomratiram a eksterni cu posle ja lepo formatirati iz linuxa....Mozda su ta dva-3 najvaznija exe fajla sa flesa zarazena.Ovao cu nece otvarati fles vec cu odmah ga porskenirati sa dr web cure it.Odoh da sve formatiram pa ti se javljam...

Dopuna: 28 Mar 2009 14:50

Ps sorry za pravopis..Uglavnom na flesu su 4 fajla sa exe ekstenzijom i ti je to.Pre nego sto otvorim usb ja cu lepo usb proskeniati sa dr web cire it i to bi trebalo da vidi da li su zarazeni

Dopuna: 28 Mar 2009 17:12

Ok.
-Xp je instaliran i radi..
Moja 'kolekicja' softvera je na eksernog hardu.
Evo sta sam uradio za sad.Usao sam u linux i odatle sa usb prebacio nesto tipa (war3 photoshop open office 2-3filma malo muzike i neka dokumenta).Onda sam usao u windows i odatle bez otvaranja particije sve skenirao sa DR web cure it....Nasao je dva win32.sector.17 i za oba je pisalo cured...Tako da mislim da sam tih 7.5gb oistio.Kasnije kad malo sredim xp idem natrag linux da prebacim sve filmove muziku i ostale fajlove koji nemaju exe ekstenziju.
A za ove sa exe sam razmisljao.
Ako ja njih prebacim sa linuxa na particiju(oko nekih 15gb)verovatno bih mogao da opet skeniram sa dr web cure it i da i on njih izleci(cured)
Sta mislis da li je to moguce

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Moguće je (samo imaj na umu da je kod tebe bilo i drugog malware-a, nije samo sality - obavezno skeniraj i svojim AV-om i CureIt-om).

Ko je trenutno na forumu
 

Ukupno su 641 korisnika na forumu :: 16 registrovanih, 2 sakrivenih i 623 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ctrl x, Georgius, GveX, ladro, laze2, Mr.G., operniki, pavle_pzs, repac, shone34, Smd, sombrero, stegonosa, suton, Trpe Grozni