XP Security 2012

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 18 Jun 2011 3:29

Dobro jutro
Odjednom oko pola 3 pocinje da mi iskace prozor sa gore navedenim naslovom.
Nista od programa ne mogu da pokrenem odma on iskoci, tek posle njegovog gasenja preko Task menager-a jedva mogu nesto i da pokrenem
Non stop mi iskacu neki zuti prozori dole levo pored sata i non stop pocinje nesto da skenira
koristim ADSL Telekom 1500/256
I NOD32 3.0.699.0

DDS:


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.3311 BrowserJavaVersion: 1.6.0_23
Run by Popa at 2:59:14 on 2011-06-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.416 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HTC Home\HTCHome.exe
C:\Documents and Settings\Popa\Application Data\PC Suite\ouc.exe
C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE
C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Technitium\TMACv5.0R3\TMAC.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\mbr.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [myweather] "c:\program files\myfreeweather\myweather.exe" /autorun
uRun: [HTC Home] "c:\program files\htc home\HTCHome.exe"
uRun: [HW_OPENEYE_OUC_PC Suite] "c:\program files\pc suite for android handset\updatedog\ouc.exe"
uRun: [Google Update] "c:\documents and settings\popa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
uRun: [2449023001] c:\documents and settings\popa\local settings\application data\mbr.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://ns.zigns.rs/ActiveX/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F511FD3A-398D-40FB-8648-E5EAF8FE270C} : NameServer = 192.168.1.1
TCP: Interfaces\{F511FD3A-398D-40FB-8648-E5EAF8FE270C} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\popa\application data\mozilla\firefox\profiles\xf1qdf27.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\popa\application data\mozilla\firefox\profiles\xf1qdf27.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\popa\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 WorkshopDBService;WorkshopDBService;c:\progra~1\vividw~1\worksh~1.exe -zglaxservice workshopdbservice --> c:\progra~1\vividw~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewerportable_v6.0.10194\teamviewer_service.exe --> c:\program files\teamviewerportable_v6.0.10194\TeamViewer_Service.exe [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-1-22 25728]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-1-22 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-1-22 108032]
.
=============== Created Last 30 ================
.
2011-06-18 00:19:33 344064 ----a-w- c:\documents and settings\popa\local settings\application data\mbr.exe
2011-06-10 01:25:21 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-06-10 01:25:14 -------- d-----w- c:\program files\Easy-Hide-IP
2011-06-10 00:34:28 140096 ------r- c:\windows\system32\COMDLG32.OCX
2011-06-10 00:34:28 -------- d-----w- c:\program files\Technitium
2011-06-06 00:17:32 -------- d-----w- c:\program files\Ryll MAC Changer
2011-06-05 07:32:00 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-05 07:32:00 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-06-05 07:31:42 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-06-05 07:31:42 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-06-01 23:44:08 -------- d-----w- c:\documents and settings\popa\application data\COWON
2011-06-01 23:43:17 -------- d-----w- c:\program files\common files\COWON
2011-06-01 23:43:15 -------- d-----w- c:\program files\JetAudio
.
==================== Find3M ====================
.
2011-05-15 00:51:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 2:59:58.48 ===============

mycity.rs/must-login.png

i RootRepeal:


mycity.rs/must-login.png

Dopuna: 18 Jun 2011 3:41

Evo jedna uhvacena slicica od prozora koji iskacu


Dopuna: 18 Jun 2011 3:43

I jos jedna

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav nebojsa77ns!







U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------








Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.






goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Jun 2011 7:48

Dobro jutro
Skinuo pokrenuo ispratio svo upustvo
restartovao mi se komp nista dalje nije krenulo i nema fajla na C particiji ?

Dopuna: 18 Jun 2011 7:49

Ima neki CK INFO

Dopuna: 18 Jun 2011 8:09

Pokrenuo sam ga ponovo i uspeo
evo log:

ComboFix 11-06-17.04 - Popa 18.Jun.11 8:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.634 [GMT 2:00]
Running from: c:\documents and settings\Popa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Popa\Local Settings\Application Data\mbr.exe
c:\documents and settings\Popa\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-10 01:25 . 2011-05-03 14:14 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-06-10 01:25 . 2011-06-10 01:32 -------- d-----w- c:\program files\Easy-Hide-IP
2011-06-10 00:34 . 2011-06-10 00:34 140096 ------r- c:\windows\system32\COMDLG32.OCX
2011-06-10 00:34 . 2011-06-10 00:34 -------- d-----w- c:\program files\Technitium
2011-06-06 00:17 . 2011-06-10 00:49 -------- d-----w- c:\program files\Ryll MAC Changer
2011-06-05 07:32 . 2008-02-12 01:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-05 07:32 . 2008-02-12 01:20 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-06-05 07:31 . 2008-02-12 01:20 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-06-05 07:31 . 2008-02-12 01:20 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-06-01 23:44 . 2011-06-01 23:44 -------- d-----w- c:\documents and settings\Popa\Application Data\COWON
2011-06-01 23:43 . 2011-06-01 23:43 -------- d-----w- c:\program files\Common Files\COWON
2011-06-01 23:43 . 2011-06-01 23:43 -------- d-----w- c:\program files\JetAudio
2011-06-01 23:42 . 2011-06-01 23:42 -------- d-----w- c:\documents and settings\Popa\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 00:51 . 2011-05-15 00:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31 . 2011-01-13 19:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-02-12 01:53 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37 . 2008-02-12 01:53 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-10 17:21 . 2011-05-10 17:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTC Home"="c:\program files\HTC Home\HTCHome.exe" [2011-01-30 261120]
"HW_OPENEYE_OUC_PC Suite"="c:\program files\PC Suite For Android Handset\UpdateDog\ouc.exe" [2009-10-15 110592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programi\\TeamViewerPortable\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01.Jul.08 10:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [01.Jul.08 10:02 468224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.Mar.10 14:16 753504]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.Mar.10 14:16 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewerPortable_v6.0.10194\TeamViewer_Service.exe --> c:\program files\TeamViewerPortable_v6.0.10194\TeamViewer_Service.exe [?]
S2 WorkshopDBService;WorkshopDBService;c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService --> c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [22.Jan.11 14:15 25728]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [22.Jan.11 14:15 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [22.Jan.11 14:15 108032]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-838170752-1177238915-1003Core.job
- c:\documents and settings\Popa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 20:04]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-838170752-1177238915-1003UA.job
- c:\documents and settings\Popa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F511FD3A-398D-40FB-8648-E5EAF8FE270C}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Popa\Application Data\Mozilla\Firefox\Profiles\xf1qdf27.default\
FF - prefs.js: browser.startup.homepage - google.rs
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-myweather - c:\program files\MyFreeWeather\myweather.exe
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
Notify-AtiExtEvent - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-06-18 08:05
Windows 5.1.2600 Service Pack 3, v.6055 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-18 08:07:19
ComboFix-quarantined-files.txt 2011-06-18 06:07
.
Pre-Run: 4,989,243,392 bytes free
Post-Run: 5,139,496,960 bytes free
.
- - End Of File - - 745C8BD003D13A0777E2C67C02DC1222

I da nije hteo da instalira recoveri konzolu prijavio je neku gresku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).








Kakvo je sada stanje sistema?









goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Jun 2011 16:31

Za sada nije ni jednom iskocilo evo skidam Malwarebytes Anti-Malware pa da i to odradim.

Dopuna: 18 Jun 2011 16:40

Malwarebytes' Anti-Malware 1.51.0.1200
malwarebytes.org

Verzija baze: 6887

Windows 5.1.2600 Service Pack 3, v.6055
Internet Explorer 6.0.2900.3311

18.Jun.11 16:40:59
mbam-log-2011-06-18 (16-40-59).txt

Naèin skeniranja: Brzo skeniranje
Skeniranih objekata 143557
Proteklo vreme 5 minuta(e), 8 sekundi

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 1
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronaðene)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronaðene)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu pronaðene)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronaðene)

Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Popa\Local Settings\Application Data\mbr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Inficirane fascikle:
(Maliciozne stavke nisu pronaðene)

Inficirane datoteke:
(Maliciozne stavke nisu pronaðene)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tvoj sistem je cist sto se malware-a tice.







Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.




----------------------------------------------------------



Koristis staru verziju Anti-Virusa. Obavezno je deinstaliraj i instaliraj noviju verziju ili pak instaliraj neku besplatnu varijantu Anti-Virusa (tipa Avast, Avira, AVG, Panda Cloud, MSE, itd) ukoliko nemas licencu za komercijalni AV (kao sto je tvoj NOD32).




- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html


- Poseti sledecu temu i nadogradi sve dodatke u svojim pretrazivacima (prvenstveno mislim na Java-u): http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


- Start -> Control Panel -> Add or Remove Programs -> deinstaliraj sve nepotrebne aplikacije (one koje ne koristis)

- Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Samo jos par pitanja pre nego sto nestanem
1. sta da radim sa Malwarebytes
2. Sta mislis o Aviri

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nebojsa77ns ::Samo jos par pitanja pre nego sto nestanem
1. sta da radim sa Malwarebytes
2. Sta mislis o Aviri


Malwarebytes nije Anti-Virus. To je on-demand skener (skenira iskljucivo na zahtev; nema real-time zastitu) i ne smeta Anti-Virus-u. Kompatibilan je sa svim vrstama Anti-Virusa.



O Aviri mislim isto sto i o svakom drugom AV-u. Bolje je sa njim, nego bez njega.







Pozdrav,
goran9888 (AMF Tim)