windows xp 2012 virus

2

windows xp 2012 virus

offline
  • MyCity Military Forum Chaplain~Verska služba Mycity foruma
  • Pridružio: 12 Jan 2006
  • Poruke: 513
  • Gde živiš: Gde ja zivim...

Napisano: 11 Dec 2011 23:35

Posle restarta, combofix zavrsio complited stage 1 to 5 ali mi sad ne radi internet, pa koristim telefon.

Dopuna: 11 Dec 2011 23:51

Evo ga, zavrsio.
ComboFix 11-12-11.02 - Balas 12/11/2011 17:32:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1424 [GMT -5:00]
Running from: c:\documents and settings\Balas\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Balas\Application Data\Mozilla\Firefox\Profiles\2hqklzjs.default\searchplugins\bing-zugo.xml
c:\documents and settings\Balas\Local Settings\Application Data\lel.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 17:16 . 2011-12-11 17:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-11-24 19:02 . 2011-11-24 19:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-11-24 19:01 . 2011-11-24 19:02 -------- d-----w- c:\program files\QuickTime
2011-11-24 18:58 . 2011-11-24 18:58 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 02:20 . 2011-10-27 22:49 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-15 02:20 . 2011-10-27 22:49 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-15 01:56 . 2011-06-06 17:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 22:49 . 2011-10-27 22:49 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-16 01:21 . 2011-10-15 22:01 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-16 01:21 . 2011-10-15 22:01 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-15 19:07 . 2011-10-15 19:07 388096 ----a-r- c:\documents and settings\Balas\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-10 14:22 . 2011-06-06 16:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-30 19:37 . 2011-10-15 18:59 17280 ----a-w- c:\windows\system32\roboot.exe
2011-09-30 17:36 . 2011-09-30 17:36 18944 ----a-r- c:\documents and settings\Balas\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-12 23:52 . 2011-10-15 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-08-19 16:45 790304 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-05 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
"AceGain LiveUpdate"="c:\program files\AceGain\LiveUpdate\LiveUpdate.exe" [2004-01-01 417792]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedb.....1d4f" [?]
.
c:\documents and settings\Balas\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-10 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [10/15/2011 8:21 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [10/15/2011 8:21 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [11/14/2011 2:28 PM 819320]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [10/15/2011 8:21 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/3/2011 9:28 AM 315392]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [10/15/2011 8:21 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 5:53 AM 106104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/6/2011 11:13 AM 1390976]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2011 4:25 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2011 4:25 PM 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111112.030\IDSXpx86.sys [11/14/2011 9:16 PM 356280]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 21:25]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 21:25]
.
2011-12-10 c:\windows\Tasks\Norton Security Scan for Balas.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-27 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\documents and settings\Balas\Application Data\Mozilla\Firefox\Profiles\2hqklzjs.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z137&form=ZGAADF&install_date=20111015&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 83a1ff2d-1b1a-4075-a9df-3fb6ef81566e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-AceGain_LiveUpdate - c:\windows\iun6002.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 17:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-12-11 17:40:23
ComboFix-quarantined-files.txt 2011-12-11 22:40
.
Pre-Run: 128,162,435,072 bytes free
Post-Run: 129,051,697,152 bytes free
.
- - End Of File - - 545DF6AD0AEAC696B085EF343B09EFD1

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pokreni opet GMER i priloži mi samo GMER1 izvještaj (onaj prvi u upustvu koji si već napravio).
Internet ti sada radi koliko mogu primjetiti?

offline
  • MyCity Military Forum Chaplain~Verska služba Mycity foruma
  • Pridružio: 12 Jan 2006
  • Poruke: 513
  • Gde živiš: Gde ja zivim...

Napisano: 12 Dec 2011 0:32

Da, radi internet. pokrenuo gmer i postavljam prvi sken cim zavrsi. Hvala puno!

Dopuna: 12 Dec 2011 2:02

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Da napravimo još jednu provjeru. Restartuj sistem, ponovo pokreni ComboFix i postavi mi novi izvještaj. Ovaj put kad ga pokreneš pusti ga da završi i ne diraj ništa drugo.

offline
  • MyCity Military Forum Chaplain~Verska služba Mycity foruma
  • Pridružio: 12 Jan 2006
  • Poruke: 513
  • Gde živiš: Gde ja zivim...

U redu, evo ga! Hvala!
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Otvoriti Notepad i iskopirati sledeći tekst:

DeQuarantine::
C:\Qoobox\Quarantine\C\Windows\iun6002.exe.vir
C:\Qoobox\Quarantine\C\documents and settings\All Users\Application Data\Tarma Installer
Quit::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.

offline
  • MyCity Military Forum Chaplain~Verska služba Mycity foruma
  • Pridružio: 12 Jan 2006
  • Poruke: 513
  • Gde živiš: Gde ja zivim...

Evo narudzbine-
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U sistemu nemaš više tragova aktivne infekcije. Međutim, potrebno je da još uradiš sljedeće korake.

Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow

Na sistemu imaš Norton AV kome je istekla licenca i kao takav nije u mogućnosti da vrši update i da te štiti od novog malware-a. Preporučujem ti da ga deinstaliraš. Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj ga odatle, a potom preuzmi Norton Removal Tool, pokreni i prati upustva na ekranu.

Nakon toga, instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput AVG Free, Avast Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
Nemoj koristiti piratske verzije AV programa!!!




Arrow

Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Arrow

- Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield. Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.

Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obavještenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html




Pozdrav.

offline
  • MyCity Military Forum Chaplain~Verska služba Mycity foruma
  • Pridružio: 12 Jan 2006
  • Poruke: 513
  • Gde živiš: Gde ja zivim...

Napisano: 15 Dec 2011 2:23

Imam losu vest. Ostavio sam komp ukljucen kada sam otisao na posao i kada sam se vratio, onaj isti zlosutni prozor windows Xp me je opet docekao!!! isto tako me je iznenadilo da je Word PAD bio otvoren,a u njemu izvestaj-
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-11 20:01:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160815AS rev.4.AAB
Running: firefox.exe.exe; Driver: C:\DOCUME~1\Balas\LOCALS~1\Temp\kwaorpob.sys


---- System - GMER 1.0.15 ----

SSDT 891DAAB0 ZwAlertResumeThread
SSDT 89485350 ZwAlertThread
SSDT 89189608 ZwAllocateVirtualMemory
SSDT 892FAE88 ZwAssignProcessToJobObject
SSDT 89657090 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8740710]
SSDT 8934B498 ZwCreateMutant
SSDT 891E73E8 ZwCreateSymbolicLinkObject
SSDT 8914BFB0 ZwCreateThread
SSDT 892FAF48 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA8740990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8740EF0]
SSDT 891DF3A0 ZwDuplicateObject
SSDT 89151A18 ZwFreeVirtualMemory
SSDT 8934B568 ZwImpersonateAnonymousToken
SSDT 891DA9F0 ZwImpersonateThread
SSDT 896C3090 ZwLoadDriver
SSDT 8911FF70 ZwMapViewOfSection
SSDT 89ADC498 ZwOpenEvent
SSDT 8920BDE8 ZwOpenProcess
SSDT 8930A218 ZwOpenProcessToken
SSDT 8998D4E8 ZwOpenSection
SSDT 891DF470 ZwOpenThread
SSDT 891E74B8 ZwProtectVirtualMemory
SSDT 89485410 ZwResumeThread
SSDT 892650D0 ZwSetContextThread
SSDT 89943458 ZwSetInformationProcess
SSDT 8998D3E0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8741140]
SSDT 8998D5A8 ZwSuspendProcess
SSDT 894AA878 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA86A4640]
SSDT 894AA938 ZwTerminateThread
SSDT 89943528 ZwUnmapViewOfSection
SSDT 89189538 ZwWriteVirtualMemory

Code \??\C:\DOCUME~1\Balas\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CB4 80504550 8 Bytes [E8, 73, 1E, 89, B0, BF, 14, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DCC 80504668 8 Bytes CALL 98D9672A
.text ntkrnlpa.exe!ZwCallbackReturn + 2DD8 80504674 4 Bytes CALL C8D9DF4D
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Balas\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2244] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2244] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2244] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2244] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01262EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\00000812 \GLOBAL??\db25971d 89457880

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\EfaData\SYMEFA.DB-journal 512 bytes

---- EOF - GMER 1.0.15 ----

Dopuna: 15 Dec 2011 2:27

Ponovo mi ne da da otvaram programe i da kacim fajlove sa logovima na forum.
Probao sam i uspeo da pokrenem dds i postavlja, ga kao dds-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Balas at 20:24:18 on 2011-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1290 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Balas\Local Settings\Application Data\kch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedb.....fe86171d4f
StartupFolder: c:\docume~1\balas\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307377826593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{304DBD8A-F691-4A36-A849-BD80280C2C55} : DhcpNameServer = 192.168.7.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\balas\application data\mozilla\firefox\profiles\2hqklzjs.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z137&form=ZGAADF&install_date=20111015&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 83a1ff2d-1b1a-4075-a9df-3fb6ef81566e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-10-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-10-15 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-10-15 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-7-3 315392]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-10-15 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-6-6 1390976]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20111112.030\IDSXpx86.sys [2011-11-14 356280]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20111114.022\NAVENG.SYS [2011-11-14 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20111114.022\NAVEX15.SYS [2011-11-14 1576312]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.exe=f8
.
=============== Created Last 30 ================
.
2011-12-15 01:13:19 333824 ----a-w- c:\documents and settings\balas\local settings\application data\kch.exe
2011-12-14 00:30:35 -------- d-s---w- C:\ComboFix
2011-12-14 00:24:06 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-12-14 00:24:05 729088 ----a-w- c:\windows\iun6002.exe
2011-12-11 22:18:42 -------- d-sha-r- C:\cmdcons
2011-12-11 22:15:44 98816 ----a-w- c:\windows\sed.exe
2011-12-11 22:15:44 518144 ----a-w- c:\windows\SWREG.exe
2011-12-11 22:15:44 256000 ----a-w- c:\windows\PEV.exe
2011-12-11 22:15:44 208896 ----a-w- c:\windows\MBR.exe
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-24 18:58:59 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-11-15 02:20:21 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-15 02:20:14 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-15 01:56:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 22:49:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-16 01:21:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-16 01:21:23 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-30 19:37:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 20:24:43.31 ===============

Dopuna: 15 Dec 2011 3:54

Uradio Gmer, opet nasao isti virus-

https://www.mycity.rs/must-login.png

Dopuna: 15 Dec 2011 5:34

Restartovao komp i sad ne mogu da otvirim nista. Ako probam da otvirim firefox, pita me koj program ocu da koristim da ga otvorim. Ne mogu da otvorim ni my computer. Sad pisem sa telefona:(

Dopuna: 15 Dec 2011 6:07

Uspeo da pokrenem combofix, koj je opet nasao isti virus i sad skenira posle restarta. Kao sto vidis, probao sam da ponovim sve korake koje smo vec uradil, samo mi nije jasno zasto se virus vratio i odakle dolazi u moj sistem?

Dopuna: 15 Dec 2011 6:16

Combofix log
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj Norton, a potom preuzmi Norton Removal Tool, pokreni i prati upustva na ekranu.

Nakon toga, instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput AVG Free, Avast Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
Nemoj koristiti piratske verzije AV programa!!!



Arrow

Nakon što to obaviš, restartuj računar, ponovo pokreni CF i postavi mi njegov izvještaj.

Ko je trenutno na forumu
 

Ukupno su 645 korisnika na forumu :: 8 registrovanih, 0 sakrivenih i 637 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojank, DPera, dragoljub11987, gorantrojka, hyla, Krvava Devetka, Lord Nem, opt1