Nisam dovršio čišćenje računara !

Nisam dovršio čišćenje računara !

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

Pošto sam bio kod brata za slavu kod Rume počeo sam mu ovde koliko sam stigao očistiti računar od malvera ali bio sam samo jedan dan Sad .
Sada me zanima kako da nastavim kada dođem tamo da mu to sve sredimo pošto od danas sam na godišnjem pa ću imati vremena da mu to poradim pošto on oko toga nije mnogo zainteresovan.On kaže brat će to srediti Very Happy .
Bila je tema ovde na forumu i našao sam je u arhivi ambulante

http://www.mycity.rs/Arhiva-Ambulante/Lose-mi-radi-sistem.html

Čekam daljnja upustva od AMF Tima Exclamation

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Poz, kad dodjes kod brata isprati ponovo uputstvo za otvaranje teme, posto je proslo skoro mesec dana...

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Nastavljamo u ovoj temi. Izvestaje postavi ovde.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

Napisano: 17 Jul 2012 21:12

Pozdrav TwinHeadedEagle !
Evo stigao sam kod brata i procitao upustvo,znaci idemo od pocetka.
Sve sam nanovo odradio sta treba za otvaranje teme ovde !
Pa da krenemo


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Dejan at 20:54:33 on 2012-07-17
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.507 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 1.9.125\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.125\program\soffice.BIN
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\dejan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\dejan\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dejan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 1.9.125\program\quickstart.exe
StartupFolder: c:\docume~1\dejan\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{D97DB9A8-24DE-4604-964B-EE0E360AC6DD} : NameServer = 10.5.0.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dejan\application data\mozilla\firefox\profiles\f4tmaagw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
FF - plugin: c:\documents and settings\dejan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dejan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dejan\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\dejan\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=171011_prot~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 546e289900000000000000fd07a2dfd9
FF - user.js: extensions.BabylonToolbar_i.hardId - 546e289900000000000000fd07a2dfd9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15434
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:40:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-5 66616]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-29 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-6-28 1691480]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-6 113120]
S4 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2008-9-8 72478]
.
=============== Created Last 30 ================
.
2012-07-06 04:55:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-06 04:55:13 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-06 04:55:13 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-06 04:55:13 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-07-06 04:55:13 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-06-29 19:17:00 -------- d-----w- C:\_OTL
2012-06-29 18:14:24 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-06-29 18:14:20 -------- d-----w- c:\program files\McAfee Security Scan
2012-06-29 18:14:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 18:14:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 15:00:58 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-06-28 15:00:56 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-06-28 15:00:49 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2012-06-28 13:53:48 98816 ----a-w- c:\windows\sed.exe
2012-06-28 13:53:48 518144 ----a-w- c:\windows\SWREG.exe
2012-06-28 13:53:48 256000 ----a-w- c:\windows\PEV.exe
2012-06-28 13:53:48 208896 ----a-w- c:\windows\MBR.exe
2012-06-28 13:10:42 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-28 13:02:43 359016 ----a-w- c:\windows\vncutil.exe
2012-06-28 13:02:42 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-06-28 13:02:42 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-06-28 13:02:42 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-06-28 13:02:35 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-06-28 13:02:34 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-06-28 13:02:32 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-06-28 12:46:13 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-28 12:31:50 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-06-28 12:27:47 -------- d-----w- c:\documents and settings\dejan\local settings\application data\Yahoo
2012-06-28 12:27:36 -------- d-----w- c:\program files\Yahoo!
2012-06-28 12:26:09 -------- d-----w- c:\documents and settings\dejan\application data\IObit
2012-06-28 12:25:57 -------- d-----w- c:\program files\IObit
2012-06-28 12:13:12 -------- d-----w- c:\program files\SpeedFan
2012-06-20 19:55:25 -------- d-sha-r- C:\cmdcons
.
==================== Find3M ====================
.
2012-06-19 14:54:20 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00:32 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06:00 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 08:15:00 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 20:55:09,57 ===============






https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 18 Jul 2012 18:54

Arrow Jeli treba jos sta da odradim ili je ovo uredu Question

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Poz Smile
Bio sam zauzet danas nesto, pa ti nisam odgovorio Smile


Arrow Računar je čist što se malware-a tiče.


Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Arrow Ponovo pokreni OTL i klikni na dugme CleanUp, sacekaj da se proces deinstalacije zavrsi.


Arrow Na racunaru je instalirana prastara Java(TM) 6 Update 26, što pretstavlja sigurnosni rizik. Obriši je iz Control Panel-a, sa linka preuzmi novu i instaliraj.


Arrow Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


TwinHeadedEagle (AMF Tim)

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

Arrow Odradio sam po zadatom uputstvu,sada me zanima dali fali koji drajver ili nesta u sistemu da mu i to sredim Wink
Ziveli

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

U Ambulanti resavamo samo probleme prouzrokovane malware-om, za sva ostala pitanja imas potforum Windows... Smile

Ko je trenutno na forumu
 

Ukupno su 403 korisnika na forumu :: 25 registrovanih, 3 sakrivenih i 375 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, branko7, Cobi026, danilopu2, duskovuk63, Gama, goxin, greenmachine, Joja, JOntra2, kybonacci, Mercury2, mige, milijarder, MiljanXD, NenadG, Oluj2.1, pein, sekretar, SsssssNOVI, vasa.93, vukovi, zixmix, 187