virus-kako ga obrisati

5

virus-kako ga obrisati

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pominje li se negde program za fotoaparat? Smile

Samo ti isprati uputstvo...

offline
  • Pridružio: 24 Jul 2009
  • Poruke: 204

paaaaaaaa sta da kopiram onda...ne kontam

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pokreneš program... Sačekaš desetak sekundi.

Priključiš fotoaparat i opet sačekaš desetak sekundi.

Klikneš desnim tasterom u prozor programa i izabereš Save log.

Dobijeni log iskopiraš u poruku.

offline
  • Pridružio: 24 Jul 2009
  • Poruke: 204

C:\WINDOWS\Temp\wpv481248662101.exe »RAR »install.exe - Win32/Rustock.NKP trojan
ovaj virus mi nasao nod i opet ne mogu da ga brisem ni u run

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kada se to dogodilo i šta si radila u trenutku detekcije?

offline
  • Pridružio: 24 Jul 2009
  • Poruke: 204

Napisano: 02 Avg 2009 19:12

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 8/2/2009 7:11:44 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {d33e72bd-d6b0-11dd-8707-806d6172696f}
E: {d33e72be-d6b0-11dd-8707-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d33e72bd-d6b0-11dd-8707-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for d33e72be-d6b0-11dd-8707-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 8/2/2009 7:11:56 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {0df2cba4-0a78-11de-9eae-00e04d9d35ae}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

----------------------------------------
Could not open F:\autorun.inf.blocked to read the content
File lock detected:
USBNoRisk cannot find what locked the file
----------------------------------------

No mountpoint found for 0df2cba4-0a78-11de-9eae-00e04d9d35ae
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Dopuna: 02 Avg 2009 19:14

za virus...nista primetila sam da mi screen saver radi sa kocenjem.tj zastajkuje na ekranu...taj kopirani virus je aktivan a 4 su u karantinu...uspela sam obrisati...obicno mi posle prebacivanja slika komp bude mpun virusa

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 24 Jul 2009
  • Poruke: 204

Napisano: 02 Avg 2009 23:37

ComboFix 09-08-01.09 - Administrator 08/02/2009 23:30.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1176 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\APPLIC~1\wiaserva.log
c:\documents and settings\Administrator\Application Data\wiaserva.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_glaide32


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 16:16 . 2009-08-02 17:12 -------- d-----w- C:\USBNoRisk
2009-07-28 13:20 . 2009-07-28 13:22 83568 ----a-w- c:\windows\system\knps.dll
2009-07-28 13:20 . 2009-07-28 13:22 5792 ----a-w- c:\windows\system\ibmjoy.drv
2009-07-28 13:20 . 2009-07-28 13:22 54976 ----a-w- c:\windows\system\knpg.dll
2009-07-28 13:20 . 2009-07-28 13:22 30544 ----a-w- c:\windows\system\dib.drv
2009-07-28 13:20 . 2009-07-28 13:20 -------- d-----w- c:\windows\GAMES
2009-07-25 15:01 . 2009-07-25 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-25 10:56 . 2009-07-25 15:00 -------- d-----w- c:\windows\ERDNT(2)
2009-07-20 19:27 . 2009-07-20 19:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2009-07-20 19:27 . 2009-07-20 19:50 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\MSNInstaller
2009-07-20 19:15 . 2009-07-20 19:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-07-20 19:15 . 2009-07-20 19:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Yahoo!
2009-07-20 19:15 . 2009-07-20 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-20 19:10 . 2009-07-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-20 19:10 . 2009-07-20 19:22 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 21:34 . 2008-12-30 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-08-02 21:34 . 2008-12-30 18:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Skype
2009-08-02 19:51 . 2008-12-30 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-08-02 19:51 . 2008-12-30 18:52 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\skypePM
2009-07-27 19:26 . 2009-03-19 17:50 -------- d-----w- c:\program files\Opera
2009-07-01 18:08 . 2008-12-30 14:25 71096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:04 . 2009-07-01 12:06 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 17:30 . 2009-02-09 19:32 -------- d-----w- c:\program files\YouTube Downloader
2009-07-01 17:26 . 2009-07-01 17:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-07-01 17:26 . 2009-07-01 17:01 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\GetRightToGo
2009-07-01 17:24 . 2009-07-01 14:15 -------- d-----w- c:\program files\KeepV Converter
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\program files\Real
2009-07-01 12:05 . 2008-12-30 18:20 -------- d-----w- c:\program files\Google
2009-06-12 11:49 . 2009-06-12 11:49 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-02 15:00 . 2009-06-02 14:50 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-02 14:50 . 2009-06-02 14:50 8 --sh--r- c:\documents and settings\All Users\Application Data\E2E70C80C3.sys
2009-07-24 20:28 . 2009-01-11 19:56 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-11-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-30 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-11-27 99840]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ikowin32.exe [2008-11-27 22016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\AntiVirusDisableNotify!=dword:0]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/9/2009 11:17 PM 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12/30/2008 4:29 PM 15424]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 gupdate1c9fa4440203a06;Google Update Service (gupdate1c9fa4440203a06);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 2:05 PM 133104]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [3/19/2009 3:58 PM 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [3/19/2009 3:58 PM 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [3/19/2009 3:58 PM 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [3/19/2009 3:58 PM 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [3/19/2009 3:58 PM 83344]
.
Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 12:05]

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 12:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\ct7awr84.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 23:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-02 23:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 21:35

Pre-Run: 29,898,113,024 bytes free
Post-Run: 29,854,384,128 bytes free

171

Dopuna: 02 Avg 2009 23:38

nisam iskljucila nod pri pokretanju....smeta li

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ikowin32.exe

Driver::
soqwx32



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 24 Jul 2009
  • Poruke: 204

joj ja deinstalirala combofix

Ko je trenutno na forumu
 

Ukupno su 1010 korisnika na forumu :: 25 registrovanih, 3 sakrivenih i 982 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ccoogg123, Dogma21, dragoljub11987, FileFinder, Hans Gajger, Kubovac, laurusri, mane123, mean_machine, Mercury, milenko crazy north, milutin134, Mirage 2000N, nebojsag, Nemanja.M, procesor, Sirius, skvara, ss10, stegonosa, vaso1, vathra, voja64, VP6919