|
Poslao: 30 Apr 2011 00:16
|
offline
- Pridružio: 19 Sep 2007
- Poruke: 1677
|
Temu pokrecem zbog problema koji sam objasnio u ovoj temi. Ono sto sam izostavio da navedem, a sto je potrebno prema pravilima ambulante, je sledece:
* U medjuvremenu se poceo otvarati (sam od sebe) i ovaj link. Problem se ispoljava uglavnom kada koristim search na googlu ili kliknem na neki link koji zahteva otvaranje novog taba, pa se onako "usput" otvori i gore navedeni sajt.
* Nisam pokusao nikako da resim problem, jer nemam ideja sta bi moglo da bude pa iz tog razloga otvaram temu ovde.
* Konekcija je Telekom ADSL 4 MB
Slede ostali podaci:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 23:57:40,10 on 29.04.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2850 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\User\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Taskman=c:\documents and settings\user\fswagz.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTSysVol] c:\program files\creative\sb live! 24-bit\surround mixer\CTSysVol.exe /r
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1303984055468
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\8amjwo1i.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-4-28 119272]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-4-28 30392]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-28 1691480]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-28 2218600]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-04-28 08:42:35 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-04-28 08:42:35 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-28 08:42:33 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-20 01:50:12 75264 --sh--r- c:\documents and settings\user\fswagz.exe
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14:00 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14:00 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-07 20:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-24 14:03:38 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-21 15:13:34 20053096 ----a-w- c:\windows\RTHDCPL.EXE
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 15:59:23 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-03-03 15:59:16 837224 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 17:37:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 23:57:58,01 ===============
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 30 Apr 2011 00:46
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Pozdrav miki87!
Taj sistem nema instaliran Anti - Virus! Mislim, zar je potrebno da govorim o vaznosti koriscenja bilo kakvog AV resenja u danasnje vreme?
Znaci, instaliraj obavezno AV, preporucujem neko besplatno resenje ukoliko nemas legalnu licencu za komercijalni proizvod.
Izvadi sve USB memorijske uredjaje i ne ubacuj ih dok se to ne zatrazi od tebe.
Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder
Dvoklikom pokreni avenger.exe
Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:
Files to delete:
c:\documents and settings\user\fswagz.exe
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman
Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti
Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja
Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.
Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe
Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.
Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.
Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.
Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
goran9888 (AMF Tim)
|
|
|
|
|
|
|
Poslao: 30 Apr 2011 01:06
|
offline
- Pridružio: 19 Sep 2007
- Poruke: 1677
|
Napisano: 30 Apr 2011 1:05
Avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\documents and settings\user\fswagz.exe" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Malwarebytes Anti-Malware log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6475
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
30.04.2011 00:59:33
mbam-log-2011-04-30 (00-59-33).txt
Scan type: Quick scan
Objects scanned: 144525
Time elapsed: 1 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I jedno pitanje, da li moram da odradim ovaj deo koji se odnosi na USBNoRisk posto ne koristim fleske, plejere, mem. kartice, ext. diskovi itd?
Dopuna: 30 Apr 2011 1:06
* diskove
|
|
|
|
|
|
|
Poslao: 30 Apr 2011 01:07
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Posto ne koristis, svakako da ne trebas ispratiti taj korak.
Reci mi, kakvo je sada stanje sistema? Ima li vidljivih problema?
goran9888 (AMF Tim)
|
|
|
|
|
|
|
Poslao: 30 Apr 2011 01:10
|
offline
- Pridružio: 19 Sep 2007
- Poruke: 1677
|
Za sada ne, mada sam stigao da otovrim samo par sajtova...Surfovacu malo pa cu videti da li ce se ponoviti problem.
|
|
|
|
|
|
|
|
|
Poslao: 30 Apr 2011 01:31
|
offline
- Pridružio: 19 Sep 2007
- Poruke: 1677
|
Napisano: 30 Apr 2011 1:30
Vise se ne desava problem. 
Ali bih da prilozim i ovo (scan fleske sa koje sam instalirao aplikacije):
<<< MCShield v1.4.3 >>> Monitoring started at 30.04.2011 01:16:43
30.04.2011 01:19:00 > Scanning drive F: (Transcend ~4 GB, FAT32 flash drive )...
>>> F:\autorun.inf > Suspicious > Renamed.
>>> F:\autorun.inf.vir - Malware > Deleted. (11.04.30. 01.19 autorun.inf.vir.709439; MD5: 0863b21d53b52d27e398f58d0cbf54d5)
> F:\besane
> F:\besane\noci.exe (MD5: e017202c8664907d55d00bec0ce30eb7)
>>> F:\besane - Malware.Folder > Deleted. (11.04.30. 01.19 besane.765785)
=> Malicious files : 1/1 deleted.
=> Malicious folders : 1/1 deleted.
Dopuna: 30 Apr 2011 1:31
Jedino ne znam otkud ovo "besane noci" jer takav folder niti fajl ne postoji na tom flash drajvu. 
|
|
|
|
|
|
|
|
|
|
|
Poslao: 30 Apr 2011 16:35
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
NOD32 AV nije besplatan AV. On ima trial licencu koja je besplatna i traje 30 dana, nakon cega AV nije vise funkcionalan. Ne preporucujem da koristis nikakve krekove, patcheve, keygene i ostala cudesa koja zaobilaze licenciranje tog proizvoda.
Inace, potrebno je samo da update-ujes svoj AV i MCShield nece vise biti detektovan kao malware. U pitanju je FP koji je prijavljen ESET-u i ispravljen je u novijim update-ovima.
Inace, i taj AV ima svoj Exclusions (izuzetci) gde mozes namestiti foldere i fajlove koje zelis da AV ne skenira. Vise o tome na ovom linku: http://kb.eset.com/esetkb/index?page=content&id=SOLN2153
Pozdrav,
goran9888 (AMF Tim)
|
|
|
|
|
|
