XP Security 2012

XP Security 2012

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 141
  • Gde živiš: SRBIJA

Napisano: 18 Jun 2011 3:29

Dobro jutro
Odjednom oko pola 3 pocinje da mi iskace prozor sa gore navedenim naslovom.
Nista od programa ne mogu da pokrenem odma on iskoci, tek posle njegovog gasenja preko Task menager-a jedva mogu nesto i da pokrenem
Non stop mi iskacu neki zuti prozori dole levo pored sata i non stop pocinje nesto da skenira
koristim ADSL Telekom 1500/256
I NOD32 3.0.699.0

DDS:


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.3311 BrowserJavaVersion: 1.6.0_23
Run by Popa at 2:59:14 on 2011-06-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.416 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HTC Home\HTCHome.exe
C:\Documents and Settings\Popa\Application Data\PC Suite\ouc.exe
C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE
C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Technitium\TMACv5.0R3\TMAC.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\mbr.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Popa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [myweather] "c:\program files\myfreeweather\myweather.exe" /autorun
uRun: [HTC Home] "c:\program files\htc home\HTCHome.exe"
uRun: [HW_OPENEYE_OUC_PC Suite] "c:\program files\pc suite for android handset\updatedog\ouc.exe"
uRun: [Google Update] "c:\documents and settings\popa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
uRun: [2449023001] c:\documents and settings\popa\local settings\application data\mbr.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://ns.zigns.rs/ActiveX/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F511FD3A-398D-40FB-8648-E5EAF8FE270C} : NameServer = 192.168.1.1
TCP: Interfaces\{F511FD3A-398D-40FB-8648-E5EAF8FE270C} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\popa\application data\mozilla\firefox\profiles\xf1qdf27.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\popa\application data\mozilla\firefox\profiles\xf1qdf27.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\popa\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 WorkshopDBService;WorkshopDBService;c:\progra~1\vividw~1\worksh~1.exe -zglaxservice workshopdbservice --> c:\progra~1\vividw~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewerportable_v6.0.10194\teamviewer_service.exe --> c:\program files\teamviewerportable_v6.0.10194\TeamViewer_Service.exe [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-1-22 25728]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-1-22 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-1-22 108032]
.
=============== Created Last 30 ================
.
2011-06-18 00:19:33 344064 ----a-w- c:\documents and settings\popa\local settings\application data\mbr.exe
2011-06-10 01:25:21 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-06-10 01:25:14 -------- d-----w- c:\program files\Easy-Hide-IP
2011-06-10 00:34:28 140096 ------r- c:\windows\system32\COMDLG32.OCX
2011-06-10 00:34:28 -------- d-----w- c:\program files\Technitium
2011-06-06 00:17:32 -------- d-----w- c:\program files\Ryll MAC Changer
2011-06-05 07:32:00 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-05 07:32:00 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-06-05 07:31:42 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-06-05 07:31:42 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-06-01 23:44:08 -------- d-----w- c:\documents and settings\popa\application data\COWON
2011-06-01 23:43:17 -------- d-----w- c:\program files\common files\COWON
2011-06-01 23:43:15 -------- d-----w- c:\program files\JetAudio
.
==================== Find3M ====================
.
2011-05-15 00:51:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 2:59:58.48 ===============

mycity.rs/must-login.png

i RootRepeal:


mycity.rs/must-login.png

Dopuna: 18 Jun 2011 3:41

Evo jedna uhvacena slicica od prozora koji iskacu


Dopuna: 18 Jun 2011 3:43

I jos jedna

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav nebojsa77ns!







U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------





Arrow


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.







goran9888 (AMF Tim)

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 141
  • Gde živiš: SRBIJA

Napisano: 18 Jun 2011 7:48

Dobro jutro
Skinuo pokrenuo ispratio svo upustvo
restartovao mi se komp nista dalje nije krenulo i nema fajla na C particiji ?

Dopuna: 18 Jun 2011 7:49

Ima neki CK INFO

Dopuna: 18 Jun 2011 8:09

Pokrenuo sam ga ponovo i uspeo
evo log:

ComboFix 11-06-17.04 - Popa 18.Jun.11 8:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.634 [GMT 2:00]
Running from: c:\documents and settings\Popa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Popa\Local Settings\Application Data\mbr.exe
c:\documents and settings\Popa\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-10 01:25 . 2011-05-03 14:14 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-06-10 01:25 . 2011-06-10 01:32 -------- d-----w- c:\program files\Easy-Hide-IP
2011-06-10 00:34 . 2011-06-10 00:34 140096 ------r- c:\windows\system32\COMDLG32.OCX
2011-06-10 00:34 . 2011-06-10 00:34 -------- d-----w- c:\program files\Technitium
2011-06-06 00:17 . 2011-06-10 00:49 -------- d-----w- c:\program files\Ryll MAC Changer
2011-06-05 07:32 . 2008-02-12 01:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-05 07:32 . 2008-02-12 01:20 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-06-05 07:31 . 2008-02-12 01:20 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-06-05 07:31 . 2008-02-12 01:20 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-06-01 23:44 . 2011-06-01 23:44 -------- d-----w- c:\documents and settings\Popa\Application Data\COWON
2011-06-01 23:43 . 2011-06-01 23:43 -------- d-----w- c:\program files\Common Files\COWON
2011-06-01 23:43 . 2011-06-01 23:43 -------- d-----w- c:\program files\JetAudio
2011-06-01 23:42 . 2011-06-01 23:42 -------- d-----w- c:\documents and settings\Popa\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 00:51 . 2011-05-15 00:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31 . 2011-01-13 19:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-02-12 01:53 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37 . 2008-02-12 01:53 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-10 17:21 . 2011-05-10 17:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTC Home"="c:\program files\HTC Home\HTCHome.exe" [2011-01-30 261120]
"HW_OPENEYE_OUC_PC Suite"="c:\program files\PC Suite For Android Handset\UpdateDog\ouc.exe" [2009-10-15 110592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programi\\TeamViewerPortable\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01.Jul.08 10:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [01.Jul.08 10:02 468224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.Mar.10 14:16 753504]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.Mar.10 14:16 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewerPortable_v6.0.10194\TeamViewer_Service.exe --> c:\program files\TeamViewerPortable_v6.0.10194\TeamViewer_Service.exe [?]
S2 WorkshopDBService;WorkshopDBService;c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService --> c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [22.Jan.11 14:15 25728]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [22.Jan.11 14:15 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [22.Jan.11 14:15 108032]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-838170752-1177238915-1003Core.job
- c:\documents and settings\Popa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 20:04]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-838170752-1177238915-1003UA.job
- c:\documents and settings\Popa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F511FD3A-398D-40FB-8648-E5EAF8FE270C}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Popa\Application Data\Mozilla\Firefox\Profiles\xf1qdf27.default\
FF - prefs.js: browser.startup.homepage - google.rs
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-myweather - c:\program files\MyFreeWeather\myweather.exe
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
Notify-AtiExtEvent - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-06-18 08:05
Windows 5.1.2600 Service Pack 3, v.6055 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-18 08:07:19
ComboFix-quarantined-files.txt 2011-06-18 06:07
.
Pre-Run: 4,989,243,392 bytes free
Post-Run: 5,139,496,960 bytes free
.
- - End Of File - - 745C8BD003D13A0777E2C67C02DC1222

I da nije hteo da instalira recoveri konzolu prijavio je neku gresku.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).





Arrow


Kakvo je sada stanje sistema?









goran9888 (AMF Tim)

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 141
  • Gde živiš: SRBIJA

Napisano: 18 Jun 2011 16:31

Za sada nije ni jednom iskocilo evo skidam Malwarebytes Anti-Malware pa da i to odradim.

Dopuna: 18 Jun 2011 16:40

Malwarebytes' Anti-Malware 1.51.0.1200
malwarebytes.org

Verzija baze: 6887

Windows 5.1.2600 Service Pack 3, v.6055
Internet Explorer 6.0.2900.3311

18.Jun.11 16:40:59
mbam-log-2011-06-18 (16-40-59).txt

Naèin skeniranja: Brzo skeniranje
Skeniranih objekata 143557
Proteklo vreme 5 minuta(e), 8 sekundi

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 1
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronaðene)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronaðene)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu pronaðene)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronaðene)

Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Popa\Local Settings\Application Data\mbr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Inficirane fascikle:
(Maliciozne stavke nisu pronaðene)

Inficirane datoteke:
(Maliciozne stavke nisu pronaðene)

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj sistem je cist sto se malware-a tice.




Arrow


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.




----------------------------------------------------------



Koristis staru verziju Anti-Virusa. Obavezno je deinstaliraj i instaliraj noviju verziju ili pak instaliraj neku besplatnu varijantu Anti-Virusa (tipa Avast, Avira, AVG, Panda Cloud, MSE, itd) ukoliko nemas licencu za komercijalni AV (kao sto je tvoj NOD32).




- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html



- Poseti sledecu temu i nadogradi sve dodatke u svojim pretrazivacima (prvenstveno mislim na Java-u): http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


- Start -> Control Panel -> Add or Remove Programs -> deinstaliraj sve nepotrebne aplikacije (one koje ne koristis)

- Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.










offline
  • Pridružio: 04 Jan 2009
  • Poruke: 141
  • Gde živiš: SRBIJA

Samo jos par pitanja pre nego sto nestanem
1. sta da radim sa Malwarebytes
2. Sta mislis o Aviri

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

nebojsa77ns ::Samo jos par pitanja pre nego sto nestanem
1. sta da radim sa Malwarebytes
2. Sta mislis o Aviri



Malwarebytes nije Anti-Virus. To je on-demand skener (skenira iskljucivo na zahtev; nema real-time zastitu) i ne smeta Anti-Virus-u. Kompatibilan je sa svim vrstama Anti-Virusa.



O Aviri mislim isto sto i o svakom drugom AV-u. Bolje je sa njim, nego bez njega.







Pozdrav,
goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 828 korisnika na forumu :: 53 registrovanih, 8 sakrivenih i 767 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Rade, A.R.Chafee.Jr., amaterSRB, ArmyBoss, babaroga, Bane san, Bogoslov, bojank, Brankoni, cenejac111, Cigi, crnitrn, darcaud, djordje92sm, dragon986, Drug pukovnik, Faki-Valjevo, Filip Marinković, galijot, goxin, Hoegaarden, ivica976, Lošmi, manda87, MB120mm, meelosh64, mercedesamg, Mercury, MikeHammer, Milan A. Nikolic, milos.cbr, misa1xx, Morocco, pein, Recce, rovac, royst33, sakota79, Sale.S, Smd, Smiljke, Sr.Stat., Srle993, uruk, vasa.93, VJ, Vlad000, Vlada1389, Voivoda, voja64, xJeremijAx, |_MeD_|