problem C:\resycled\ntldr.com

1

problem C:\resycled\ntldr.com

offline
  • Pridružio: 21 Jan 2009
  • Poruke: 33

Molim pomoc.
nisam mogao da udjem sa dvostrukim klikom na diskove, to sam rijesio sa autorun eaterom i mogu sada da ulazim, ali nastali su slijedeci problemi na task manager mi se cini da je startao norton 2009, ali ne mogu da udjem niti ima ikone njegov na task baru, niti mi da da ga deinstaliram, isto tako javu ne mogu da instaliram na IE, u adaware 2008 mi ne da uraditi update govori mi da nema konekcije iako sam konektovan. Pomagajte vec sam zbog ovoga formatirao disk

evo logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49, on 2009-01-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\DAP\DAP.EXE
D:\AMBULANTA\TR3.EXE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3D54ADA-5E5F-4731-8BEF-3543E3FFDAE7}: NameServer = 77.238.208.3 77.238.208.4
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6075 bytes

Dopuna: 21 Jan 2009 11:03

samo da dopunim iako sam na nekim forumima na engleskom jeziku pronasao combofix nisam mogao da nastavim sa njim jer nisam mogao ugasiti norton

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

* Klikni desnim tasterom na Norton Antivirus ikonicu () u donjem, desnom uglu ekrana i izaberi Disable Auto Protect.
* Zatim izaberi željeno trajanje (npr. 5 sati) i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Taj stari Combofix obrisi i uradi sledece :

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Jan 2009
  • Poruke: 33

problem je sto te ikonice u donjem desnom uglu na taskbaru nema niti ne mogu na bilo koji nacin pokrenem norton, a deinstalacija traje i traje i traje ali se nista ne dogadja

Dopuna: 21 Jan 2009 13:19

ova stari combo fix mi javlja da je norton tu, ali evo sad cu da skinem stari stavim ovaj za koji ste mi dali link pa cemo vidjeti

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Probaj ovu proceduru :

http://service1.symantec.com/support/nip.nsf/docid.....nus_con_br

offline
  • Pridružio: 21 Jan 2009
  • Poruke: 33

mislim da je odlicno. Hvala puuuuuuno. izbrisao stari pokrenuo novi combo fix i sada se cini sve uredu

ComboFix 09-01-20.05 - Administrator 2009-01-21 13:23:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.766.420 [GMT 1:00]
Running from: e:\programi\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\resycled\ntldr.com
c:\windows\system32\drivers\gaopdxiplvhxid.sys
c:\windows\system32\gaopdxqvptbber.dll
D:\resycled
d:\resycled\ntldr.com
E:\resycled
e:\resycled\ntldr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 10:31 . 2009-01-21 10:31 <DIR> d-------- c:\program files\Lavasoft
2009-01-21 10:31 . 2009-01-21 10:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-21 09:55 . 2009-01-21 10:21 <DIR> d-------- c:\program files\Autorun Eater
2009-01-21 09:43 . 2009-01-21 09:43 0 --a------ C:\del
2009-01-21 01:05 . 2009-01-21 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-21 00:57 . 2009-01-21 00:57 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-21 00:53 . 2009-01-21 00:53 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-21 00:47 . 2009-01-21 00:47 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-21 00:45 . 2009-01-21 02:14 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-20 23:01 . 2009-01-21 13:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-20 23:01 . 2009-01-20 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-01-20 23:01 . 2009-01-21 00:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Download Manager
2009-01-20 23:00 . 2009-01-20 23:02 <DIR> d-------- c:\program files\DAP
2009-01-20 23:00 . 2009-01-20 23:00 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-01-20 23:00 . 2009-01-20 23:00 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-01-20 23:00 . 2009-01-20 23:00 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-20 22:31 . 2009-01-20 22:34 <DIR> d-------- c:\program files\BitLord
2009-01-20 21:19 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-20 21:18 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2009-01-20 21:17 . 2009-01-20 21:17 <DIR> d-------- c:\program files\Microsoft Works
2009-01-20 21:16 . 2009-01-20 21:16 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-20 21:13 . 2009-01-20 21:13 <DIR> d-------- c:\windows\SHELLNEW
2009-01-20 21:12 . 2009-01-20 21:12 <DIR> dr-h----- C:\MSOCache
2009-01-20 21:12 . 2009-01-20 21:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-20 11:04 . 2009-01-21 11:23 <DIR> d-------- c:\documents and settings\Administrator\Tracing
2009-01-20 11:03 . 2009-01-20 11:03 <DIR> d-------- c:\program files\Microsoft
2009-01-20 11:02 . 2009-01-20 11:02 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-20 11:02 . 2009-01-20 11:03 <DIR> d-------- c:\program files\Windows Live
2009-01-20 11:02 . 2009-01-20 11:02 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-20 11:01 . 2009-01-20 11:01 <DIR> d-------- c:\program files\Real
2009-01-20 11:01 . 2009-01-20 11:01 <DIR> d-------- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 10:01 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-01-20 09:49 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 09:49 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-20 09:49 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 09:49 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 09:44 63,673 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-20 09:44 6,120 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-20 09:44 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-20 09:29 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-12 03:28 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-14 13:45 248,344 ----a-w c:\windows\system32\Prounstl.exe
.

------- Sigcheck -------

2008-05-11 10:00 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:\windows\system32\drivers\tcpip.sys

2008-04-14 05:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe
2008-04-14 05:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\system32\dllcache\explorer.exe

2008-04-14 05:42 100864 bd0d8a40d28a07db96913d6da2e6b5a3 c:\windows\system32\wuauclt.exe
2008-04-14 05:42 100864 bd0d8a40d28a07db96913d6da2e6b5a3 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Autorun Eater"=c:\program files\Autorun Eater\oldmcdonald.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [1/20/2009 5:56:28 PM 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [1/20/2009 5:56:28 PM 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSxpx86.sys [1/20/2009 10:56:42 AM 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/20/2009 5:56:40 PM 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [1/20/2009 5:56:15 PM 115560]
S4 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [1/20/2009 10:52:49 AM 281625]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
mStart Page = hxxp://home.sweetim.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-21 13:27:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948-)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-01-21 13:30:09
ComboFix-quarantined-files.txt 2009-01-21 12:30:06

Pre-Run: 29,139,374,080 bytes free
Post-Run: 29,505,871,872 bytes free

161

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

offline
  • Pridružio: 21 Jan 2009
  • Poruke: 33

odlicno hvala puuuuuuno. sad zasad sve radi kako treba.

Ovo mi se vec dva puta desava sta bih mogao uraditi da zastitim kompjuter jer ocigledno norton 2009 ovo propusta?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Rekao bih da je infekcija dosla preko nekog USB uredjaja...

Hajde da to proverimo :

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 21 Jan 2009
  • Poruke: 33

evo ga

USBNoRisk by bobby

Started at 21.1.2009 14:23:02

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {e3385b6a-e6d2-11dd-baf6-806d6172696f}
E: {e3385b6b-e6d2-11dd-baf6-806d6172696f}
D: {e3385b6c-e6d2-11dd-baf6-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for e3385b6a-e6d2-11dd-baf6-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for e3385b6c-e6d2-11dd-baf6-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for e3385b6b-e6d2-11dd-baf6-806d6172696f
========================================

========================================



New device connected at 21.1.2009 14:23:16

Scanning for connected USB mass storage...
----------------------------------------
H: {9bd5e850-e7b8-11dd-8679-00096be19cb8}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 9bd5e850-e7b8-11dd-8679-00096be19cb8
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 21.1.2009 14:23:46

Scanning for connected USB mass storage...
----------------------------------------
H: {9bd5e850-e7b8-11dd-8679-00096be19cb8}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 9bd5e850-e7b8-11dd-8679-00096be19cb8
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 21.1.2009 14:24:34

Scanning for connected USB mass storage...
----------------------------------------
H: {9bd5e850-e7b8-11dd-8679-00096be19cb8}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 9bd5e850-e7b8-11dd-8679-00096be19cb8
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 21.1.2009 14:25:09

Scanning for connected USB mass storage...
----------------------------------------
H: {9bd5e850-e7b8-11dd-8679-00096be19cb8}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 9bd5e850-e7b8-11dd-8679-00096be19cb8
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

========================================
Removed H:
========================================

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

OK USb uredjaji su ti cisti......

POmislio sam da nije infekcija dosla preko njih posto pominjes da si vise puta imao istih problema....

Uradi jos i ovo :


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


PozZz

Ko je trenutno na forumu
 

Ukupno su 681 korisnika na forumu :: 20 registrovanih, 7 sakrivenih i 654 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Apok, bbogdan, caesar, Cobi026, DH, dragon986, indja, MB120mm, mercedesamg, MiroslavD, oddsock, raskoljnikov, sajbervulf, Smiljke, stegonosa, stug, vobo, Yellow Pinky