MyCity » Ambulanta -> Arhiva Ambulante » Ako moze provera

Ako moze provera

Napisano na dan: 5.12.2008

Ako moze provera
Sledeća strana Pagination

Idi na vrh

Poslao: 05 Dec 2008 05:20
Idi na vrh
offline
  • Pridružio: 20 Jul 2008
  • Poruke: 4682

Negde sam navukao nekih gluposti,zadnja dva dana mi se za nijansu sporije palio komp,i nisam mogao iz prvog puta da abdejtujem malwarebytes i a-squared free, nego sam ponavljao po nekoliko puta cekiranje. Medjutim nesto sam pobrisao sa raznim programima,pa me interesuje imali jos sta,evo i sta je obrisano.

Malwarebytes
Malwarebytes' Anti-Malware 1.31
Verzija baze podataka: 1460
Windows 5.1.2600 Service Pack 3

5.12.2008 2:17:13
mbam-log-2008-12-05 (02-17-13).txt

Tip skeniranja: Kompletno Skeniranje (C:\|D:\Smajli
Skeniranih objekata: 84755
Proteklo vreme: 14 minute(s), 27 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 2

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\Documents and Settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0011404.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Norman antimalware

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/12/03 00:08:32

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/12/03 00:08:32, Variants: 2261035

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: USPON-FF51FA5A3\Administrator

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scan started: 05/12/2008 04:16:03


Scanning running processes and process memory...

Number of processes/threads found: 1370
Number of processes/threads scanned: 1370
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 32s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Administrator\Favorites\Automobili\AUTOBAT Polovna vozila Nova vozila Auto Foto Oglasi Auto placevi Polovni automobili Testovi Poredenja Dokumenta.url (Error opening file: Not found)

C:\Documents and Settings\Administrator\Favorites\Automobili\Nacionalna Klasa - Najcitaniji srpski elektronski auto i moto casopis.url (Error opening file: Not found)

C:\Documents and Settings\Administrator\Favorites\Automobili\www.AutoMotoTrke.net Formula 1 MotoGP WRC DTM Domaci AutoMoto sport A1GP GP2 WSR Dakar rally ChampCar IRL.url (Error opening file: Not found)

C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0010365.exe (Infected with Malware.EFWV)
Deleted file

C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0010378.exe (Infected with Malware.DOVN)
Deleted file

C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0010405.exe (Infected with Malware.EKQO)
Deleted file

C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0010427.exe (Infected with Malware.EMWG)
Deleted file

C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0010428.exe (Infected with Malware.EKQO)
Deleted file

C:\System Volume Information\_restore{EE547D8D-DE88-4466-B703-4986CBAEECD5}\RP44\A0010436.exe (Infected with Malware.EMWG)
Deleted file

Scanning: D:\*.*

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 73036
Number of archives unpacked: 348
Number of files scanned: 72975
Number of files not scanned: 61
Number of files skipped due to exclude list: 0
Number of infected files found: 6
Number of infected files repaired/deleted: 6
Number of infections removed: 6
Total scanning time: 21m 50s

Posto spyware doctor ne dozvoljava kopiranje loga,morao sam ovako




A evo i Hijackthis loga
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:47, on 5.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Administrator\Desktop\z-f\TR3.exe..exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6718 bytes

Cekam dalja uputstva,hvala unapred.

Poslao: 05 Dec 2008 17:45
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Log izgleda ok, no proverićemo još nešto.



Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Poslao: 05 Dec 2008 19:11
Idi na vrh
offline
  • Pridružio: 20 Jul 2008
  • Poruke: 4682

Evo logova,valjda sam dobro odradio.


https://www.mycity.rs/must-login.png

Dopuna: 05 Dec 2008 19:10

Ne radi mi opcijaprikaci fajl,da bi okacio drugi fajl

Dopuna: 05 Dec 2008 19:11

https://www.mycity.rs/must-login.png

Dopuna: 05 Dec 2008 19:11

Evo proradi,greska je bila do mene,izvinjavam se

Poslao: 05 Dec 2008 20:39
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovde nema malware-a...

Poslao: 05 Dec 2008 20:49
Idi na vrh
offline
  • Pridružio: 20 Jul 2008
  • Poruke: 4682

Drago mi je da to cujem,hvala puno,pozzz.

MyCity » Ambulanta -> Arhiva Ambulante » Ako moze provera

Ko je trenutno na forumu
 

Ukupno su 1061 korisnika na forumu :: 53 registrovanih, 4 sakrivenih i 1004 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., adamantadv, bladesu, Bokiboks, ccoogg123, darkojbn, Dorcolac, drimer, dule10savic, Frunze, Gosha101980, goxsys, havoc995, ikan, Istman, ivan1973, Kandrbandrdzilo, Komentator, Kubovac, kybonacci, ladro, laki_bb, ljuba, MaksicZoran, Metanoja, mikrimaus, Mixelotti, nextyamb, nikoladim, nuke92, Oscar2, ozzy, panzerwaffe, procesor, randja26, S1Mk3, scimitar19, slonic_tonic, Smiljke, solic, sombrero, SR-3m, Stefan M, Stoilkovic, Tas011, Tvrtko I, uruk, Vlad000, voja64, vukovi, YugoSlav, ZetaMan