Pomoc

1

Pomoc

offline
  • Zeljana
  • Pridružio: 12 Sep 2011
  • Poruke: 38

Samo da vas pitam, je li moguce da mi je neko hakovao racunar..jer nisam mogla misem da upravljam...jedva sam iskljucila net...i ukljucila sam antivirus..i pronasao je Trojan.Agent.ck , i neki virus PULL.brain... koji sam uspjela da izbrisem...ako sam dobro napisala...Sad mi je racunar mnogo usporen... Znaci racunar se ponasao isto kao kad dopustim nekome da mi udje u racunar pomocu TeamViewer-a...


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by xxx at 22:06:46 on 2013-01-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.2038.980 [GMT 1:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=115881&tt=4512_3&babsrc=HP_ss&mntrId=04db62cf00000000000000197eef1311
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.allgameshome.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{93836CDE-C9C6-481C-AB8E-B9BBD7247DCC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{93836CDE-C9C6-481C-AB8E-B9BBD7247DCC}\5525F435 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{93836CDE-C9C6-481C-AB8E-B9BBD7247DCC}\A5F4E414020516C6560283 : DHCPNameServer = 10.0.0.1 87.250.98.250 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-6-14 50664]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-29 18544]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-6-14 171168]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-6-14 33696]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-6-14 1288104]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-29 475136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OS Selector;Acronis OS Selector activator;c:\users\xxx\documents\acr\oss\reinstall_svc.exe --> c:\users\xxx\documents\acr\oss\reinstall_svc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-1-12 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-3 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-1-3 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-3 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-1-3 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
.
=============== Created Last 30 ================
.
2013-01-23 20:58:13 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 20:58:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 20:56:08 -------- d-----w- c:\program files\CCleaner
2013-01-23 15:49:38 -------- d-----w- c:\users\xxx\appdata\local\Programs
2013-01-23 14:38:48 -------- d-----r- c:\program files\Skype
2013-01-22 10:44:30 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0469199a-10c4-41d7-883d-be9a39f88280}\mpengine.dll
2013-01-19 11:35:01 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-01-19 11:35:01 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-01-19 11:34:57 562032 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor13.dll
2013-01-15 18:04:57 -------- d-----w- c:\users\xxx\appdata\roaming\Windows Live Writer
2013-01-15 18:04:57 -------- d-----w- c:\users\xxx\appdata\local\Windows Live Writer
2013-01-14 23:46:41 -------- d-----w- C:\bd4967e6109fb225017b811ea467
2013-01-14 09:27:43 -------- d-----w- C:\a6fa87dbf028e4f5306c97902bdd50
2013-01-13 10:56:36 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-13 10:56:35 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 10:56:32 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-13 10:54:06 46592 ----a-w- c:\windows\system32\fpb.rs
2013-01-13 10:53:21 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-13 10:53:16 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-12 22:05:53 -------- d-----w- c:\program files\Mozilla Firefox.bak
2013-01-12 22:04:18 -------- d-----w- c:\users\xxx\Tracing
2013-01-12 21:51:58 -------- d-----w- c:\windows\en
2013-01-12 21:51:31 49664 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-01-12 21:50:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-12 21:49:18 -------- d-----w- c:\windows\PCHEALTH
2013-01-12 21:47:43 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-12 21:47:43 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-12 21:47:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-12 21:46:57 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-12 21:46:23 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-12 21:45:29 5659096 -c--a-w- c:\program files\common files\windows live\.cache\e63256571cdf10d03\skydrivesetup.exe
2013-01-12 21:45:29 -------- d-----w- c:\program files\Microsoft SkyDrive
2013-01-12 21:45:24 -------- d-----r- c:\users\xxx\SkyDrive
2013-01-12 21:44:56 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-12 21:44:03 89944 -c--a-w- c:\program files\common files\windows live\.cache\ee79e7801cdf10d05\DSETUP.dll
2013-01-12 21:44:03 537432 -c--a-w- c:\program files\common files\windows live\.cache\ee79e7801cdf10d05\DXSETUP.exe
2013-01-12 21:44:03 1801048 -c--a-w- c:\program files\common files\windows live\.cache\ee79e7801cdf10d05\dsetup32.dll
2013-01-12 21:43:44 525656 -c--a-w- c:\program files\common files\windows live\.cache\dfd251011cdf10d02\DXSETUP.exe
2013-01-12 21:43:44 1691480 -c--a-w- c:\program files\common files\windows live\.cache\dfd251011cdf10d02\dsetup32.dll
2013-01-12 21:43:43 94040 -c--a-w- c:\program files\common files\windows live\.cache\dfd251011cdf10d02\DSETUP.dll
2013-01-12 21:43:33 537432 -c--a-w- c:\program files\common files\windows live\.cache\d9fb05ac1cdf10d01\DXSETUP.exe
2013-01-12 21:43:32 1801048 -c--a-w- c:\program files\common files\windows live\.cache\d9fb05ac1cdf10d01\dsetup32.dll
2013-01-12 21:43:31 89944 -c--a-w- c:\program files\common files\windows live\.cache\d9fb05ac1cdf10d01\DSETUP.dll
2013-01-12 21:43:24 -------- d-----w- c:\users\xxx\appdata\local\Windows Live
2013-01-12 21:43:13 -------- d-----w- c:\program files\common files\Windows Live
2013-01-03 13:24:12 166976 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-01-03 12:53:04 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-03 12:53:04 247808 ----a-w- c:\windows\system32\schannel.dll
2013-01-03 12:53:04 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-03 12:53:03 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-03 12:53:00 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-31 21:16:43 -------- d-----w- c:\programdata\4shared Desktop
2012-12-29 11:15:04 -------- d-----w- c:\users\xxx\appdata\roaming\SYSTEMAX Software Development
2012-12-29 11:15:04 -------- d-----w- c:\programdata\SYSTEMAX Software Development
.
==================== Find3M ====================
.
2013-01-09 13:38:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 13:38:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-28 09:35:22 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 22:07:52,61 ===============

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozdrav, potrebno je da dostavis i GMER izvestaje...kao i Attach.txt

offline
  • Zeljana
  • Pridružio: 12 Sep 2011
  • Poruke: 38

Napisano: 23 Jan 2013 22:28

imam problema oko Gmer-a//nece da se pokrene skeniranje kad klinem autostart...

Dopuna: 23 Jan 2013 22:29

Evo i Attach.txt
mycity.rs/must-login.png

Dopuna: 23 Jan 2013 22:41

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 23 Jan 2013 22:43

Problem je sa trecim Gmer-om...ima li ko da mi pomogne ?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow Imas ostatke Avast antivirusa, koje je potrebno uklonite jer usled prisustva dva antivirusa na sistemu moze doci do problema, kao na primer usporavanje rada sistema.

- Preuzmi aswclear.exe na Desktop.

- Restartuj sistem u Safe Mode po ovom uputstvu.

- Pokreni aswclear.exe, odaberi verziju koja je bila instalirana, a nakon toga klikni na Uninstall.

- Kada postupak bude zavrsen, restartuj racunar.




Arrow Nakon toga postavi Screen Shot detekcija koje je Eset prijavio.

Kako postaviti Screen Shot --> http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html

offline
  • Zeljana
  • Pridružio: 12 Sep 2011
  • Poruke: 38

Napisano: 24 Jan 2013 11:50

Ne mogu da udjem u Safe Mode, nikako..Sad nemam ni neta...samo crna podloga na monitoru...i ogromne ikonice..Ne ynam sad ovo objasniti...

Dopuna: 24 Jan 2013 12:03

Sad je sve u redu...ja sam pogresno procitala...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

To je normalno, nemas internet i rezolucija je takva, zato sto samo vitalni servisi rade u Safe Mode...

Koncentrisi se samo na postupak

offline
  • Zeljana
  • Pridružio: 12 Sep 2011
  • Poruke: 38

Napisano: 24 Jan 2013 15:29

Odradila sam i to..ESET je detektovao 3 neka virusa...ili sta vec...Ne razumijem se bas u racunare..i ako nesto lupim..ne zamjerite Smile

Dopuna: 24 Jan 2013 15:31

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Zeljana
  • Pridružio: 12 Sep 2011
  • Poruke: 38

Evo i to odradjeno...Sta je u pitanju ?
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Na racunaru nije prisutan malware, niti neki vid hakovanja. Uklonili smo moguce uzroke problema. Ima li poboljsanja?



Arrow Postavi mi jos jednom svez DDS.txt za proveru...

Ko je trenutno na forumu
 

Ukupno su 284 korisnika na forumu :: 16 registrovanih, 4 sakrivenih i 264 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., browser, Drug pukovnik, goxin, ikan, Ilija Cvorovic, indja2, JovanaMilivojević, Kubovac, miodrag3, raketaš, shaja1, Srki94, Trpe Grozni, W123, yrraf