Pomoc okoinfekcije

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Zdravo i veliki pozdrav za vas tim imam jedan problem oko infekcije,ortak me zamolio da mu reinstaliram sistem i pozalio mi se kako mu komp sporo radi.Primetio sam kad ukljucujem mozillu da cpu ide u 100 %,e sad kad sam reinstalirao sistem i vracajuci neke njegove glupe programe zakacio sam neki potencijalno opasan virus a sigurno i on sam poseduje u d ili e neke opasne viruse.Moj problem je sto kad pokusm da instaliram antivirus recimo kaspersky ili bitdefender fajl pokusa da se ekstraktuje ali samo izbaci error u tempu,bukvalno kao da je temp odsecen od windowsa?Znaci nikako ne mogu pokrenuti antvirus da bih skenirao sistem.Imam internet adsl 4mb.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Administrator at 12:56:42 on 2012-08-15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.767.279 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Users\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uWindow Title = IE
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [NewUser] c:\windows\lastxp\NewUser.cmd
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5EBFBDB5-781D-462D-B13F-65D2C802422D} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\application data\mozilla\firefox\profiles\zpd2rfai.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2012-8-15 21144]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-8-15 242240]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-8-15 913792]
R2 Skype C2C Service;Skype C2C Service;c:\users\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-15 113120]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-15 01:20:53 32768 ----a-w- c:\windows\~DF6C44.tmp
2012-08-14 23:54:05 295 ----a-w- c:\windows\system32\StartAU.cmd
2012-08-14 17:20:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-08-14 16:28:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 16:28:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 16:09:47 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-14 15:43:21 40 ----a-w- c:\users\administrator\SetupS.reg
2012-08-14 15:43:21 0 ----a-w- c:\users\administrator\SetupS.cmd
2012-08-14 15:43:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2012-08-02 22:01:00 545 ----a-w- c:\windows\UC.PIF
2012-08-02 22:01:00 545 ----a-w- c:\windows\RAR.PIF
2012-08-02 22:01:00 545 ----a-w- c:\windows\PKZIP.PIF
2012-08-02 22:01:00 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-08-02 22:01:00 545 ----a-w- c:\windows\LHA.PIF
2012-08-02 22:01:00 545 ----a-w- c:\windows\ARJ.PIF
2012-07-23 05:59:24 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-05 12:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 12:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:57:08.68 ===============



[Link mogu videti samo ulogovani korisnici]



[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi program CatchMe.

Dvoklikom pokreni catchme.exe i klikni na tab Script.
U (beli) prozor programa iskopiraj sledeći tekst:

files:
c:\windows\lastxp\NewUser.cmd
c:\windows\~DF6C44.tmp
c:\users\administrator\SetupS.reg
c:\users\administrator\SetupS.cmd

Klikni na dugme Run.

Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK.

Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip.
Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme:
[Link mogu videti samo ulogovani korisnici]




Opiši malo bolje problem, napravi ss greške koju dobiješ pri pokretanju.
Kako napraviti screenshot: [Link mogu videti samo ulogovani korisnici]




Ivance95 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 15 Avg 2012 14:22



Dopuna: 15 Avg 2012 14:25

Ovo je screenshoot ali sam ga lose uradio preko painta posto nece nesto lepo da se pokrene greenshoot ali se poruka vidi sta pise a kad uradim ovo sto si mi odgovorio pise Script command not found???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj mi fajlove preko sledeće forme:

[Link mogu videti samo ulogovani korisnici]

Klikneš na Browse, pronađeš fajl i ideš sa Upload.

Ove fajlove:


c:\users\administrator\SetupS.reg
c:\users\administrator\SetupS.cmd
c:\windows\lastxp\NewUser.cmd
c:\windows\~DF6C44.tmp


Ukoliko neki fajlova ne postoji, uključi prikaz skrivenih fajlova, i pokušaj ponovo:

Klikni Start taster (u levom donjem uglu).
Izaberi My Computer.
Selektuj Tools meni i klikni na Folder Options.
Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders.
Skini kvačicu sa Hide file extensions for known types.
Skini kvačicu sa Hide protected operating system files (recommended).
Klikni YES.
Klikni OK.



Ivance95 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

jesam uploadovao

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deinstaliraj sledeće programe: Lavasoft Ad-Aware i Spybot - Search & Destroy, nakon toga restartuj računar.



Kaspersky nije besplatan AV, ne preporučujem ti da ga instaliraš osim ako nisi kupio licencu. Probaj sa instalacijom nekog od ovih: Avira, AVG, Avast, MSE.



Da li si uspeo?



Ivance95 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nisam ali sad samo da bekapujem neke bitne podatke i formatiram hard da vidim dal ce tad da zeza nance li mu njegovo pozz brate i hvala na trudu i izgubljenom vremenu!