Problem sa lap topom

1

Problem sa lap topom

offline
  • Pridružio: 20 Maj 2009
  • Poruke: 17

Problem je nastao kada sam pokusao da download-ujem nesto i izabrao sam pogrešno dugme download na jednom od sajtova i to je bilo to. Zakaèio sam nesto sigurno tada, ima vec par dana. U pitanju je laptop, sada samo moze da se podigne sistem, ali odmah zakuca, ne mogu nista sa njim. Pokrenem ga u safe modu i tamo uradim system restore i opet nista. Skinem malwarebytes i uradim sken i pronaðe nesto, to kao stavim u karantin i pokusam opet da udjem u windows i opet nista. Na njemu je ESET NOD32 ali od njega slabe vajde izgleda, ne mogu ni njega da pokrenem.

Pa sam razmisljao da skinem AVAST i uradim sken u safe modu.

E sada logove nisam postavio jer ne znam smijem li i ima li smisla da to uradim u safe modu.
U pitanju je bezicni internet

Hvala

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Napisano: 28 Mar 2013 18:25


Postavi ih iz safe mode-a.

offline
  • Pridružio: 20 Maj 2009
  • Poruke: 17

Napisano: 29 Mar 2013 10:58

Ovo je sve sto sam uspio uraditi, s tim sto sam uspio da pokrenem dss u normalnom modu, tamo sak ga i skenirao.
+ DDS

Dopuna: 29 Mar 2013 11:05

Isto dobijem kada sam ga skenirao i u safe mode-u.

Dopuna: 29 Mar 2013 11:07

Izvinjavam se, izgleda da sam više puta postovao kopirani log.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi DDS sa ovog linka i uradi to isto.

http://download.bleepingcomputer.com/sUBs/dds.com

offline
  • Pridružio: 20 Maj 2009
  • Poruke: 17

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17105 BrowserJavaVersion: 1.6.0_20
Run by pc at 11:45:58 on 2013-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2974.1520 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
C:\Windows\System32\slui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZJxpt039YYba&ptb=86DA62E6-EE0A-4A75-A35D-0DC2191FE7E5&si=XXXXXXXXXX
uURLSearchHooks: <No Name>: {cc2e2b99-14d3-4516-883c-9ea147f594ef} - c:\program files\zwinky_5q\bar\1.bin\5qSrcAs.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {27488090-768a-4d20-a938-f223f71c344c} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Search Assistant BHO: {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - c:\program files\zwinky_5q\bar\1.bin\5qSrcAs.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Zwinky: {3033124F-06BF-4829-873A-310A125B4D4C} - c:\program files\zwinky_5q\bar\1.bin\5qbar.dll
TB: Zwinky: {3033124f-06bf-4829-873a-310a125b4d4c} - c:\program files\zwinky_5q\bar\1.bin\5qbar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TaskTray] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 81.93.64.9 192.168.3.1
TCP: Interfaces\{2A246062-D5F0-4C92-9A7F-0B5E4ADC0043} : DHCPNameServer = 81.93.64.9 192.168.3.1
TCP: Interfaces\{2A246062-D5F0-4C92-9A7F-0B5E4ADC0043}\164637C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A246062-D5F0-4C92-9A7F-0B5E4ADC0043}\25144494F4029474F4B45414 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\cawq0yk5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=86DA62E6-EE0A-4A75-A35D-0DC2191FE7E5&n=77ed9a36&ind=2012060214&id=ZJxpt039YYba&ptnrS=ZJxpt039YYba&si=XXXXXXXXXX&searchfor=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\zwinky_5q\bar\1.bin\NP5qStub.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
.
============= SERVICES / DRIVERS ===============
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/15 09:40:10];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-6-3 162912]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-6-3 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-6-3 103112]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-10-15 2358656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Zwinky_5qService;ZwinkyService;c:\progra~1\zwinky~2\bar\1.bin\5qbarsvc.exe --> c:\progra~1\zwinky~2\bar\1.bin\5qbarsvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-9-30 62464]
S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset nod32 antivirus\EShaSrv.exe [2011-6-3 183904]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-10-28 101248]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-9-30 15872]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-10-15 197224]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-9-30 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-9-30 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-9-30 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-9-30 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-9-30 112640]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-03-28 13:44:03 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{91cdda20-2928-456a-81b7-ed137e7472ea}\mpengine.dll
2013-03-28 07:28:38 -------- d-----w- c:\users\pc\appdata\roaming\Malwarebytes
2013-03-28 07:28:30 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 07:28:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-28 07:28:18 -------- d-----w- c:\users\pc\appdata\local\Programs
2013-03-26 08:48:30 -------- d-----w- c:\programdata\CLSoft LTD
2013-03-26 08:48:21 -------- d-----w- c:\programdata\Premium
2013-03-26 08:48:19 -------- d-----w- c:\program files\MagniPic
2013-03-26 08:47:53 -------- d-----w- c:\programdata\InstallMate
2013-03-26 08:46:31 -------- d-----w- c:\users\pc\appdata\roaming\BitTorrent
.
==================== Find3M ====================
.
.
============= FINISH: 11:46:19,48 ===============

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi RogueKiller i saèuvaj ga na Desktop

Dvoklikom pokreni RogueKiller i prièekaj da se inicijalno skeniranje završi.
Klikni na dugme Scan.
Po završenom skeniranju, biæe kreiran izveštaj na desktopu pod nazivom RKreport.txt
Sadržaj tog loga iskopiraj u temi..

offline
  • Pridružio: 20 Maj 2009
  • Poruke: 17

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : geekstogo.com/forum/files/file/413-roguekiller/
Website : tigzy.geekstogo.com/roguekiller.php
Blog : tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1, v.721) 32 bits version
Started in : Normal mode
User : pc [Admin rights]
Mode : Scan -- Date : 04/01/2013 12:36:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3275GSX ATA Device +++++
--- User ---
[MBR] 6dd29fc654a88673be8c5e3aa3fdd001
[BSP] 04318d6ca4b35b7d2f43914d5ca40b35 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 149899 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307200000 | Size: 155244 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04012013_02d1236.txt >>
RKreport[1]_S_04012013_02d1236.txt

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Pridružio: 20 Maj 2009
  • Poruke: 17

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokreni ponovo DDS i postavi mi log fajl.

Kakvo je stanje sada?

Ko je trenutno na forumu
 

Ukupno su 1172 korisnika na forumu :: 37 registrovanih, 3 sakrivenih i 1132 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., black sabah, bladesu, Bloody, cenejac111, Centauro, dankisha, Darko8, Djokkinen, Japidson, Karla, Koridor, Kubovac, kunktator, Litostroton, maiden6657, Miki01, Milometer, mnn2, Nemanjasrb, Nikola00, novator, pein, Prašinar, risima, robertino, Romibrat, sabac015555m, samsung, shaja1, Srki94, Srle993, suponik, User98, Volkhov-M, wolf431