win32:zlob i mobilni telefon

win32:zlob i mobilni telefon

offline
  • Pridružio: 20 Okt 2008
  • Poruke: 5

Mobilni telefon Nokia 6120 Clasic više od pola vremena se ponača kao da nije u mreyi. Ubrzo po propuštenim pozoivima, network me obavestava o njima. U isto vreme u foderu ''instalations'' u kome su fajlovi koji se odnose na Nokijin progam ''PC suit'' Avast mi je prijavio Win 32:zlob. Kasnije ga je nasao u jos nekoliko fajlova u istom folderu, nije uspeo da ga izbrise pa sam deinstalirala ''Nokia pc suit'' i brutalno na ''delete'' izbrisala folder sa fajlovima koji se na njega odnose i koji su sadrzavali trojanca. Da li je moguce da se ovaj trojanac nalazi i u telefonu i da pravi opisane probleme? Kako se on brise iz telefona ako je tamo? Da li ovaj Hijack log file daje neku informaciju od koristi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:10 PM, on 10/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Documents and Settings\user\Desktop\New Folder\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7267 bytes

Hvala,
Dragana

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Pomenuti problem sa mob. telefonom teško da ima veze sa malware-om, no u logu postoje tragovi malware-a na kompjuteru.
A to možemo da rešimo...



Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 20 Okt 2008
  • Poruke: 5

Javlja mi da nemam ''windows recovery console'' i pita da li hocu da instaliram.
Da li da instaliram?

Dopuna: 20 Okt 2008 18:58

PS rec je o racunaru na poslu sa legalnim OS

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

To neće naškoditi bilo čemu. No, ukoliko smatraš da ne bi trebalo da instaliraš RC (obzirom na to da nije tvoj kompjuter), odbij instalaciju.

offline
  • Pridružio: 20 Okt 2008
  • Poruke: 5

Evo ga :

ComboFix 08-10-19.04 - user 2008-10-20 19:24:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.425 [GMT 2:00]
Running from: C:\Documents and Settings\user\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\ShoppingReport
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
.

2008-10-19 12:13 . 2008-10-19 12:18 275 --a------ C:\Shortcut to zajednicko.lnk
2008-10-18 13:56 . 2008-10-18 13:56 <DIR> d-------- C:\film
2008-10-15 11:19 . 2008-10-15 11:19 <DIR> d-------- C:\Documents and Settings\user\Phone Browser
2008-10-15 11:17 . 2008-10-15 11:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\Nokia
2008-10-15 11:16 . 2008-10-20 15:08 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-10-15 11:16 . 2008-10-20 15:44 <DIR> d-------- C:\Program Files\Nokia
2008-10-15 11:16 . 2008-10-15 11:17 <DIR> d-------- C:\Program Files\DIFX
2008-10-15 11:16 . 2008-10-15 11:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\PC Suite
2008-10-15 11:16 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-10-15 11:16 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-10-15 11:16 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-15 11:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-10-15 11:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-10-15 11:16 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-10-15 11:14 . 2008-10-20 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-14 20:41 . 2008-10-14 20:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-06 18:01 . 2008-10-06 18:01 <DIR> d-------- C:\VundoFix Backups
2008-09-22 13:38 . 2008-09-22 13:38 <DIR> d-------- C:\Program Files\Duplicate File Cleaner
2008-09-22 13:38 . 2008-09-22 13:38 42 --a------ C:\WINDOWS\system32\DuplicateFileCleaner.lie

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 06:52 --------- d-----w C:\Documents and Settings\user\Application Data\OpenOffice.org2
2008-10-18 14:18 --------- d-----w C:\Program Files\SPSSEVAL
2008-10-12 16:03 --------- d-----w C:\Program Files\downloads
2008-09-19 18:30 --------- d-----w C:\Program Files\SpirXPlorer
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 11:29 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-09-13 11:09 --------- d-----w C:\Program Files\Winamp Toolbar
2008-09-13 11:09 --------- d-----w C:\Program Files\Winamp
2008-09-08 10:01 --------- d-----w C:\Documents and Settings\user\Application Data\ZoomBrowser EX
2008-09-08 10:01 --------- d-----w C:\Documents and Settings\user\Application Data\CameraWindowDC
2008-09-06 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-09-06 14:01 --------- d-----w C:\Program Files\IVT Corporation
2008-09-03 19:33 --------- d-----w C:\Program Files\arj
2008-09-03 07:40 --------- d-----w C:\Program Files\Symantec
2008-09-03 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-02 19:24 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 14:31 --------- d-----w C:\Program Files\Eurogrowth
2008-08-31 15:54 --------- d-----w C:\Program Files\FreeCommander
2008-08-31 15:19 --------- d-----w C:\Program Files\DBF Viewer 2000
2008-08-31 15:04 --------- d-----w C:\Documents and Settings\user\Application Data\AD ON Multimedia
2008-08-31 15:03 2,508,665 ----a-w C:\fc_setup_.zip
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-24 05:39 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-08-24 05:38 --------- d-----w C:\Program Files\iTunes
2008-08-24 05:38 --------- d-----w C:\Program Files\iPod
2008-08-24 05:38 --------- d-----w C:\Program Files\Bonjour
2008-08-24 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-24 05:37 --------- d-----w C:\Program Files\QuickTime
2008-08-24 05:37 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 05:36 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-24 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-22 20:44 --------- d-----w C:\Documents and Settings\user\Application Data\MSNInstaller
2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 94208]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 661776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Server.V.0.2-XiLiNCE\\bin\\WoWemu.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 28416]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = <local>;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 -: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
C:\WINDOWS\Downloaded Program Files\FSINT.dll

O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
C:\WINDOWS\Downloaded Program Files\SGCMSCCD.DLL
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-20 19:24:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-10-20 19:25:48
ComboFix-quarantined-files.txt 2008-10-20 17:25:45

Pre-Run: 21,137,383,424 bytes free
Post-Run: 21,392,486,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

183 --- E O F --- 2008-10-15 21:10:35

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Da li je na ovom kompjuteru bio instaliran Norton antivirus?

Ako nije, onda upload-uj sledeći file na proveru: C:\WINDOWS\system32\NavLogon.dll

offline
  • Pridružio: 20 Okt 2008
  • Poruke: 5

Bio je instaliran pa je skinut jer je bio nelegalan kad smo se odlucili za skroz legalan softver

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pomoću ovog programa je moguće ukloniti ostatke Norton-a sa kompjutera:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039



Anyway... Ovde nema malware-a (ono što je bilo je uklonjeno).

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore





Što se tiče telefona, stvarno ne znam šta bih ti rekao (sem da je serviser verovatno prava osoba za rešavanje tog problema, no to ti i nije od neke pomoći).

offline
  • Pridružio: 20 Okt 2008
  • Poruke: 5

Hvala ti, mnogo si mi pomogao i sa ovim.
Divno je da nesto ovako postoji
(do sada nisam bila ninakakvom forumu i pravi sam pocetnik u tome).
Pozdrav Dragana Smile)

Ko je trenutno na forumu
 

Ukupno su 498 korisnika na forumu :: 27 registrovanih, 4 sakrivenih i 467 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., awathorn, Cirkon, DARKMEN22, djordje92sm, doktor1964, Gama, Giša, havoc995, JankoS, MarKhan, Marko Marković, Mercury, MikeHammer, Mikulino, Milan A. Nikolic, milos.cbr, mnn2, nenad81, pedja2506, S-lash, Smiljke, suton, Toni, vlvl, voja64, Živković