MyCity » Ambulanta -> Arhiva Ambulante » windows xp 2012 virus

windows xp 2012 virus

Napisano na dan: 11.12.2011

Strana:
1
2
3

windows xp 2012 virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

cinoeye Poslao: 11 Dec 2011 17:57 Idi na vrh
offline cinoeye Zaslužni građanin MyCity Military Forum Chaplain~Verska služba Mycity foruma Pridružio: 12 Jan 2006 Poruke: 513 Gde živiš: Gde ja zivim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Od pre par sati imam problem da mi non stop iskace prozor sa 2012 WIndows XP security prozorom i navodnim upozorenjem da mi je kompijuter inficiran. Prozor se pojavljuje svaki put kada probam da otvorim bilo koj program ili internet pretrazivac i jedva sam nekako uspeo da otovrim firefox da napisem ovu poruku. Browser mi ne da da otovrim micorsof stranicu, vec me salje na neke lazne stranice. Hvala

Profil

Sass Drake Poslao: 11 Dec 2011 18:00 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Isprati upustvo u http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html i postavi potrebne izvještaje.

Profil

cinoeye Poslao: 11 Dec 2011 18:08 Idi na vrh
offline cinoeye Zaslužni građanin MyCity Military Forum Chaplain~Verska služba Mycity foruma Pridružio: 12 Jan 2006 Poruke: 513 Gde živiš: Gde ja zivim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zahvaljuje. Imam problem da otovrim DDS i Gmer, jer izlgleda da ga virus blokira i kaze da su gmer i DDS virusi!

Profil

Sass Drake Poslao: 11 Dec 2011 18:09 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preimenuj DDS i GMER u iexplore.exe i firefox.exe pa probaj opet.

Profil

cinoeye Poslao: 11 Dec 2011 18:29 Idi na vrh
offline cinoeye Zaslužni građanin MyCity Military Forum Chaplain~Verska služba Mycity foruma Pridružio: 12 Jan 2006 Poruke: 513 Gde živiš: Gde ja zivim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Dec 2011 18:15 Hvala. DDS uspeo da otvori, gmer nije- DDS log- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Balas at 12:14:08 on 2011-12-11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1173 [GMT -5:00] . AV: Norton Internet Security Disabled/Outdated {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security Disabled FW: AVG Firewall Disabled . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciServiceHost.exe C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\AceGain\LiveUpdate\aceagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Documents and Settings\Balas\Local Settings\Application Data\lel.exe C:\WINDOWS\System32\ping.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedb.....fe86171d4f StartupFolder: c:\docume~1\balas\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: mswsock.dll Trusted Zone: $talisma_url$ DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307377826593 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.7.254 TCP: Interfaces\{304DBD8A-F691-4A36-A849-BD80280C2C55} : DhcpNameServer = 192.168.7.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\balas\application data\mozilla\firefox\profiles\2hqklzjs.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z137&form=ZGAADF&install_date=20111015&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 83a1ff2d-1b1a-4075-a9df-3fb6ef81566e FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals, . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-10-15 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-10-15 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-10-15 136312] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-7-3 315392] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-10-15 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-6-6 1390976] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176] S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20111112.030\IDSXpx86.sys [2011-11-14 356280] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20111114.022\NAVENG.SYS [2011-11-14 86136] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20111114.022\NAVEX15.SYS [2011-11-14 1576312] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .exe=VQ . =============== Created Last 30 ================ . 2011-12-11 16:28:24 291840 ----a-w- c:\documents and settings\balas\local settings\application data\lel.exe 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-11-24 19:02:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-11-24 18:58:59 -------- d-----w- c:\program files\iPod . ==================== Find3M ==================== . 2011-11-15 02:20:21 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-15 02:20:14 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-15 01:56:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-27 22:49:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-16 01:21:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-10-16 01:21:23 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-30 19:37:26 17280 ----a-w- c:\windows\system32\roboot.exe 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . ============= FINISH: 12:14:33.57 =============== Dopuna: 11 Dec 2011 18:21 Rootrepeal isto tako ne mogu da otovri, odma mi iskoci prozor XP internet Security has blocked a program from accesig internet. itd... Dopuna: 11 Dec 2011 18:29 Ovako izgledaju otprilike upozorenja koje dobijam-

Profil

Sass Drake Poslao: 11 Dec 2011 20:39 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Ukoliko ne odgovorim u roku od 48h, osveži temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za više informacija o pravilima Ambulante MyCity foruma: LINK Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Preimenuj ga u iexplore.exe. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

cinoeye Poslao: 11 Dec 2011 22:39 Idi na vrh
offline cinoeye Zaslužni građanin MyCity Military Forum Chaplain~Verska služba Mycity foruma Pridružio: 12 Jan 2006 Poruke: 513 Gde živiš: Gde ja zivim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Dec 2011 22:25 Hvala. Uspeo sam da pokrenem gmer i uradim samo prvi sken, pre nego sto se program iskljucio. Ne da mi da postavim attachemnt, pa cu iskopiorati izvestaj ovde- GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-11 16:19:57 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160815AS rev.4.AAB Running: firefox.exe.exe; Driver: C:\DOCUME~1\Balas\LOCALS~1\Temp\kwaorpob.sys ---- System - GMER 1.0.15 ---- SSDT 8997D468 ZwAlertResumeThread SSDT 8997AB20 ZwAlertThread SSDT 899DC988 ZwAllocateVirtualMemory SSDT 89A4E0D0 ZwAssignProcessToJobObject SSDT 897DFC10 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8037710] SSDT 89510280 ZwCreateMutant SSDT 897C3BB8 ZwCreateSymbolicLinkObject SSDT 89A616B0 ZwCreateThread SSDT 899A40B0 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA8037990] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8037EF0] SSDT 89A20220 ZwDuplicateObject SSDT 89A0A1C0 ZwFreeVirtualMemory SSDT 8997F6F0 ZwImpersonateAnonymousToken SSDT 8997F0C8 ZwImpersonateThread SSDT 89695090 ZwLoadDriver SSDT 89A5C390 ZwMapViewOfSection SSDT 8998F0D0 ZwOpenEvent SSDT 899A0D00 ZwOpenProcess SSDT 8994E7B0 ZwOpenProcessToken SSDT 899B0780 ZwOpenSection SSDT 89A565E0 ZwOpenThread SSDT 894FD1A8 ZwProtectVirtualMemory SSDT 8996BBE0 ZwResumeThread SSDT 89953E68 ZwSetContextThread SSDT 89DE95F0 ZwSetInformationProcess SSDT 89A4E098 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8038140] SSDT 8998B950 ZwSuspendProcess SSDT 8996B198 ZwSuspendThread SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA7F9B640] SSDT 89960268 ZwTerminateThread SSDT 89950CB0 ZwUnmapViewOfSection SSDT 899FC8B8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? SYMDS.SYS The system cannot find the file specified. ! ? SYMEFA.SYS The system cannot find the file specified. ! .text mrxsmb.sys A7BB2000 32 Bytes JMP A7BB2C0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) .text mrxsmb.sys A7BB2021 18 Bytes [6A, 04, 5B, 39, 1D, 44, 01, ...] .text mrxsmb.sys A7BB2034 99 Bytes [00, 90, 90, 90, 90, 90, 8B, ...] .text mrxsmb.sys A7BB2099 24 Bytes [90, 64, 3A, 5C, 6E, 74, 5C, ...] .text mrxsmb.sys A7BB20B2 86 Bytes [5C, 73, 6D, 62, 2E, 6D, 72, ...] .text ... ? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02DE000A .text C:\Program Files\Mozilla Firefox\firefox.exe[292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02DF000A .text C:\Program Files\Mozilla Firefox\firefox.exe[292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02DD000C .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0182000A .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0183000A .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0181000C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3956] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3956] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3956] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3956] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Modules - GMER 1.0.15 ---- Module (noname) (* hidden * ) A7EB0000-A7EC6000 (90112 bytes) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\75UMBU51\InternetGatewayDevice[1].xml 4460 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8HWBYFG8\WFADevice[1].xml 1000 bytes File C:\WINDOWS\$NtUninstallKB19512$\348042483 0 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821 0 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\bckfg.tmp 851 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\cfg.ini 199 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\keywords 257 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\kwrd.dll 223744 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\L 0 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\L\enntorkd 456320 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\lsflt7.ver 5176 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U 0 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U\00000001.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U\00000002.@ 224768 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U\00000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U\80000000.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U\80000004.@ 12800 bytes File C:\WINDOWS\$NtUninstallKB19512$\3676673821\U\80000032.@ 98304 bytes ---- EOF - GMER 1.0.15 ---- Dopuna: 11 Dec 2011 22:39 Kad probam da downloadujem combofix, ne da mi da ga sacuvam. I posle jedno 30 pukusaja, uspeo sam da ga sacuvam na desktop i preimenujem, ali mi ne da da ga otvorim. Gmer sam uspeo da pokrenem tek kada sam scenirao sa superantispyware i restartovao. Tih prvih nekoliko minuta posle restarta sve radi normalno , pa onda pocne da zapinje opet. Tako cu probati opet comofix i 2 i treci gmer sken.

Profil

Sass Drake Poslao: 11 Dec 2011 23:00 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prikači uz poruku izvještaj od SuperAntispyware, za kojeg se ne sjećam da sam ti rekao da koristiš. Otvori Super Anti-Spyware -> View scan logs i okači log poslednjeg skena (ne kpiraj u poruku već ga korsiti opciju prikači fajl). Pokreni samo ComboFix, GMER nam trenutno nije potreban.

Profil

cinoeye Poslao: 11 Dec 2011 23:28 Idi na vrh
offline cinoeye Zaslužni građanin MyCity Military Forum Chaplain~Verska služba Mycity foruma Pridružio: 12 Jan 2006 Poruke: 513 Gde živiš: Gde ja zivim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 11 Dec 2011 23:13 Znam da mi niste rekli da ga koristim, ali je to jedini nacin bio da pokrenem combofix. Virus jednostavno ne da da otovrim bilo sta. Jedino radi prvih par sekundi posle pokretanja restartovanja, a posle superantispayware. Izvinjavam se. https://www.mycity.rs/must-login.png Combofix pokusava da uradi nesto, mada se ne vidi, osim ako ne kliknem na njega. onda se pojavi crno rpzor sa zelin slovima (dosta extract redova), pa onda se otovri na sekund plavi prozor i kome pise, please stand by. coombofix is preparing to run. Ali se posle toga nista ne desava. Dopuna: 11 Dec 2011 23:28 Nasao ovo rootkit.zeroaccess, rekao da restartujem

Profil

Sass Drake Poslao: 11 Dec 2011 23:29 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » windows xp 2012 virus

Ko je trenutno na forumu

Ukupno su 1060 korisnika na forumu :: 24 registrovanih, 4 sakrivenih i 1032 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Ben Roj, darkangel, dragan_mig31, dragoljub11987, FOX, Georgius, joca83, LUDI, Mercury, moldway, nenad81, operniki, Oscar, prle122, Sir Budimir, Snorks, ss10, t.mile, theNedjeljko, trajkoni018, VJ, W123, Wrangler

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by