Poslao: 14 Jan 2012 20:45
|
offline
- Master Boot
- Počasni građanin
- Pridružio: 21 Avg 2011
- Poruke: 810
- Gde živiš: Sibir
|
Pozdrav.
Prije nekoliko dana poceo je da se javlja problem na racunaru.Pocinje naglo da koci i neke programe nece da pokrene.
Antivirus je nsao hrpu virusa al nedozvoljava mi da otvorim karantin i da ih izbirsem.
Nisam mogao da ostavim GMER log je racunar nece da ga pokrene a takodje ni zamjenu za njega nece da otvori.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Kiboa at 20:39:31 on 2012-01-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.105 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: UnThreat AntiVirus *Enabled/Updated* {E21B95D2-03E5-11E1-8297-2D7D4824019B}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Kiboa\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\secpro.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UnThreat AntiVirus\utsvc.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kiboa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=make
mStart Page = hxxp://home.sweetim.com
mSearchAssistant = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
BHO: bflix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No File
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [F.lux] "c:\documents and settings\kiboa\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Google Update] "c:\documents and settings\kiboa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [SBRegRebootCleaner] "c:\program files\unthreat antivirus\SBRC.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvremo~1.lnk - c:\program files\terminator\tv7131 utilities\P3XRCtl.exe
uPolicies-system: disableregistrytools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
TCP: Interfaces\{24DAF792-1CA6-44A6-98F9-3F3BF5AAE365} : DhcpNameServer = 213.133.31.202 213.133.31.203 109.122.98.116 109.122.98.117
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2037-8-20 64512]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2082-7-8 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2023-1-1 239168]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-1-10 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2037-8-20 101720]
R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-12-21 74752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2037-10-28 652872]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2023-1-1 632792]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-1-10 74968]
R2 SecStore;Secure Storage;c:\windows\system32\secpro.exe [2037-11-1 61440]
R2 UTSvcManager3;UnThreat Service Manager;c:\program files\unthreat antivirus\utsvc.exe [2012-1-10 2308480]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2082-7-25 685824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2037-10-28 20464]
S1 AVSoftwareUTFirewall;UnThreat Monitor Library;\??\c:\program files\unthreat antivirus\drv\utdf32.sys --> c:\program files\unthreat antivirus\drv\UTDF32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 PSGenUn;Panda Security Generic Uninstaller;c:\smclpav\smclpav.exe /logc:\docume~1\admini~1\locals~1\temp\pslogs\smclpav_77.log /runservice --> c:\smclpav\SMCLpav.exe [?]
S3 amsint32;amsint32;\??\c:\windows\system32\drivers\kpjrij.sys --> c:\windows\system32\drivers\kpjrij.sys [?]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\kpjrij.sys --> c:\windows\system32\drivers\kpjrij.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-14 40776]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-1-10 94040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2082-07-25 16:45:26 306688 ----a-w- c:\windows\IsUninst.exe
2082-07-25 16:43:40 32768 ----a-w- c:\windows\p3xunist.exe
2082-07-25 16:43:28 685824 ----a-r- c:\windows\system32\drivers\Cap713x.sys
2082-07-25 16:43:20 57344 ----a-r- c:\windows\system32\Prop713x.dll
2082-07-25 16:43:12 -------- d-----w- c:\program files\Terminator
2082-07-25 16:43:06 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2082-07-25 16:43:05 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2082-07-25 16:43:05 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2082-07-25 16:43:05 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2082-07-25 16:43:05 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2082-07-25 16:43:05 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2082-07-25 16:43:05 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2082-07-25 16:43:04 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2082-07-17 19:26:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2082-07-17 19:26:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2082-07-17 19:26:43 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2082-07-17 19:26:43 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
==================== Find3M ====================
.
2037-11-24 14:20:43 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2037-10-29 21:58:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2037-10-27 12:45:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2037-08-20 12:36:14 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2037-08-20 12:35:19 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2023-01-05 21:19:09 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2023-01-01 15:01:15 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-14 19:15:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-14 18:27:48 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2012-01-13 19:00:13 103140 ----a-w- C:\vjpgi.exe
2011-12-24 22:52:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35:20 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 20:41:54,42 ===============
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 14 Jan 2012 21:16
|
offline
- ivance95
- AMF pripravnik
- Pridružio: 04 Jul 2011
- Poruke: 5424
|
Pozdrav,
Preuzmi Rootkit Unhooker na Desktop.
Dvoklikom pokreni program;
odaberi Report karticu;
klikni Scan i u prozoru koji se otvori štrikliraj stavke:
SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.
Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.
Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.
|
|
|
|
|
Poslao: 14 Jan 2012 22:02
|
offline
- ivance95
- AMF pripravnik
- Pridružio: 04 Jul 2011
- Poruke: 5424
|
Pozdrav MISTER UNSU,
Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti sledeće solucije:
1) Da posetiš temu Primena Live CD Rescue rešenja kako bi skenirao računar sa nekim RescueCD rešenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rešenjima. Ovo ti je najlakša solucija, ako nisi zainteresovan za reinstalaciju operativnog sistema.
2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).
3) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.
4) Mozemo probati dezinfekciju Sality Killerom, ali je to dosta duga procedura, i nema garancije da cemo uspeti da uklonimo malware.
Javi za koju si se varijantu odlučio.
|
|
|
|
Poslao: 14 Jan 2012 22:11
|
offline
- Master Boot
- Počasni građanin
- Pridružio: 21 Avg 2011
- Poruke: 810
- Gde živiš: Sibir
|
Odlucio sam za 4 varijantu.Ako ne uspijemo sa njom probacu sa 1 opcijom.
|
|
|
|
|
Poslao: 15 Jan 2012 10:07
|
offline
- Master Boot
- Počasni građanin
- Pridružio: 21 Avg 2011
- Poruke: 810
- Gde živiš: Sibir
|
Ne mogu skinem sality killer jer pretrazivaci mi kazu da ne mogu da pronadju ovu adresu.
Probao sam sa Google Chrome i sa IE ali ne mogu da pronadju.
|
|
|
|
|
|
Poslao: 21 Jan 2012 14:14
|
offline
- ivance95
- AMF pripravnik
- Pridružio: 04 Jul 2011
- Poruke: 5424
|
Ovako...
Neće ići to sa Salitz Killer-om, sistem ti je u lošem stanju, kao i dobar deo izvršnih fajlova. Ostaje:
Citat:Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.
Dakle sačuvaj bitnije podatke, i reinstaliraj sistem, nema ti druge.
|
|
|
|