MyCity » Ambulanta -> Arhiva Ambulante » Virus mi gasi AV

Virus mi gasi AV

Napisano na dan: 18.10.2011

Virus mi gasi AV
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Okt 2011 15:52
Idi na vrh
offline
  • Pridružio: 22 Apr 2011
  • Poruke: 335
  • Gde živiš: Beograd

Napisano: 18 Okt 2011 14:26

Jutros sam upalio kompjuter i na ''welcome screen-u'' su mi izasle dve greske (nisam zapisao tacno, ali nije mogao da pokrene neke fajlove, isao sam na Try Again par puta, i onda na cancel).
Podigao se sistem (na kome su bili instalirani Avast i AdAware) i nakon par sekundi su se pogasili svi procesi iz system tray-a. Kada pokrenem neki od ova dva AV-a, sve sto dobijem je blue screen of death.
Neke programe ne mogu ni da pokrenem (CCleaner, Warcraft3). Samo se pojave na sekundu i onda nestanu. Pokusao sam da uninstaliram ove AV i u pocetku nisam uspevao. Kad bih pokrenuo uninstalaciju takodje bi mi izlazio BSOD. Onda sam nekako uspeo (ne znam ni sam kako).
Pa sam instalirao MalwareBytes. Njega sam odmah update-ovao i pustio da skenira. Obrisao mi je 16 virusa iz system32. Nakon toga sam morao da restartujem kompjuter. I kada se upalio, isto se desilo i sa Malwarebytsom kao i sa prethodna dva AV-a. Trenutno skidam Aviru. Pokusacu i sa njom. Ne znam sta vise da radim. Napravicu log za par minuta, pa kacim.

Dopuna: 18 Okt 2011 14:30

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Choda at 14:27:04 on 2011-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1363 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\smsc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{18B10039-E935-4831-A9EF-15B9338AF1E0} : DhcpNameServer = 95.180.0.18 95.180.1.2
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\choda\application data\mozilla\firefox\profiles\hzgqccun.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-28 232512]
R2 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-2-12 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-2-12 390536]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]
R2 PrtSmanm;Print Spooler Monitor;c:\windows\system32\smsc.exe [2011-10-17 57871]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2011-9-23 670592]
R3 asc3360pr;asc3360pr;c:\windows\system32\drivers\jhjjsn.sys [2011-10-18 5509]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]
R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2011-9-24 1252474]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSnx;aswSnx; [x]
RUnknown aswSP;aswSP; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-28 209904]
S2 rszxjjvew;Update Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 CXFALCON;PCDVR3101_3104 Video/Audio Card;c:\windows\system32\drivers\TD3101_3104AV.sys [2011-9-25 78592]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena classic\safedrv.sys --> c:\program files\garena classic\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-28 209904]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-2-12 54928]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-18 11:53:03 5509 ----a-w- c:\windows\system32\drivers\jhjjsn.sys
2011-10-18 10:54:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 10:54:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 12:56:20 62 ---ha-w- C:\aaw7boot.cmd
2011-10-17 12:05:45 57871 ------w- c:\windows\system32\smsc.exe
2011-10-16 09:25:50 -------- d-----w- c:\program files\Garena Classic
2011-09-28 09:24:13 -------- d-----w- c:\program files\Ask.com
2011-09-28 09:23:54 -------- d-----w- c:\documents and settings\choda\local settings\application data\AskToolbar
2011-09-25 19:35:14 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-09-25 18:29:05 45056 ----a-w- c:\windows\p3xunist.exe
2011-09-25 16:57:01 61440 ----a-w- c:\windows\system32\XVID.AX
2011-09-25 16:57:01 524288 ----a-w- c:\windows\system32\XVIDCORE.DLL
2011-09-25 16:57:01 155648 ----a-w- c:\windows\system32\XVIDVFW.DLL
2011-09-25 16:57:01 -------- d-----w- c:\program files\PC DVR Guardian
2011-09-25 16:56:52 90112 ----a-w- c:\windows\system32\TVTACODEC.DLL
2011-09-25 16:56:52 86016 ----a-w- c:\windows\system32\AMD422CODEC.DLL
2011-09-25 16:56:52 413760 ----a-w- c:\windows\system32\MPG4C32.DLL
2011-09-25 16:56:52 301568 ----a-w- c:\windows\system32\L3CODECP.ACM
2011-09-25 16:56:52 129536 ----a-w- c:\windows\system32\L3CODECX.ACM
2011-09-25 16:56:52 126976 ----a-w- c:\windows\system32\TMPXVFW.DLL
2011-09-25 16:56:48 598016 ----a-w- c:\windows\system32\TVTXTDEC.DLL
2011-09-25 16:56:47 581632 ----a-w- c:\windows\system32\TMPXCORE.DLL
2011-09-25 16:55:41 78592 ----a-w- c:\windows\system32\drivers\TD3101_3104AV.sys
2011-09-25 15:22:41 -------- d-----w- c:\documents and settings\choda\local settings\application data\Help
2011-09-25 12:23:38 159744 ----a-w- c:\windows\system32\SpeexDLL.dll
2011-09-25 12:23:38 1220608 ----a-w- c:\windows\system32\VorbisDLL.dll
2011-09-25 12:20:31 1699328 ----a-w- c:\windows\system32\SLFilterDesignDLL.dll
2011-09-24 20:37:25 -------- d-----w- c:\documents and settings\choda\local settings\application data\PackageAware
2011-09-24 20:36:38 -------- d-----w- C:\lj632
2011-09-23 15:36:16 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-09-23 15:36:16 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-09-23 15:36:12 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-09-23 15:36:12 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2011-09-23 15:36:05 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-09-23 15:36:05 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-09-23 15:36:00 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-09-23 15:36:00 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-09-23 15:36:00 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-09-23 15:34:58 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2011-09-23 15:33:57 670592 ----a-w- c:\windows\system32\drivers\3xHybrid.sys
2011-09-23 15:33:57 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
.
==================== Find3M ====================
.
2011-10-18 10:33:22 26112 ----a-w- c:\windows\system32\userinit.exe
2011-08-28 13:37:03 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-28 13:16:44 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-28 12:15:53 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-28 12:05:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-27 19:08:47 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 14:28:11.87 ===============
https://www.mycity.rs/must-login.png

Dopuna: 18 Okt 2011 15:52

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Poslao: 18 Okt 2011 18:07
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav NeZnamPojma

Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti sledeće solucije:

1) Da posetiš temu Primena Live CD Rescue rešenja kako bi skenirao računar sa nekim RescueCD rešenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rešenjima. Ovo ti je najlakša solucija, ako nisi zainteresovan za reinstalaciju operativnog sistema.

2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).

3) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.

Javi za koju si se varijantu odlučio.





Sass Drake, MyCity AMF tim

Poslao: 18 Okt 2011 19:05
Idi na vrh
offline
  • Pridružio: 22 Apr 2011
  • Poruke: 335
  • Gde živiš: Beograd

Ujutru cu reinstalirati sitem. Very Happy
Hvala puno, sad bar znam da mu nema spasa.
Nije neka steta sto se tice podataka jer je sistem relativno svez, tako da je najbolje da sve to ispocetka sredim. Jos jedno pitanjce.
Koji bi mi antivirus(e) preporucio?
Posto su Avast i AdAware propustili ovo, a i drugih 16 virusa, njih cu zaobici ovaj put. Smile
Hvala jos jednom... Zagrljaj

Poslao: 18 Okt 2011 19:17
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Napisano: 18 Okt 2011 19:11

Ukoliko nemaš novca za komercijalne AV programe, imaš na raspolaganju besplatne AV programe poput Avire, Avasta, AVG, MSE, Panda Cloud itd.
Imaj na umu da nijedan AV program ne pruža 100% zaštitu i da ti se ovo moglo desiti sa bilo kojim AV programom.







Sass Drake, MyCity AMF tim

Dopuna: 18 Okt 2011 19:17

Takođe, nemoj koristiti piratske verzije AV programa.

MyCity » Ambulanta -> Arhiva Ambulante » Virus mi gasi AV

Ko je trenutno na forumu
 

Ukupno su 1079 korisnika na forumu :: 26 registrovanih, 2 sakrivenih i 1051 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: avijacija, babaroga, Bane san, bojcistv, DeerHunter, Djokislav, FOX, ikan, kbobo, kybonacci, Litostroton, Lošmi, MB120mm, Mi lao shu, milenko crazy north, naki011, Sančo, shone34, Sir Budimir, Sirius, stegonosa, Vlada78, Volkhov-M, YugoSlav, zlatkoa987, šumar bk2