Provera infekcije

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav svima! Juce sam izvrsio komplet skeniranje malwer bytes programom i nasao je jedan detektovan fajl. Nije mi se to desavalo ranije a bas cesto skeniram racunar, jednom nedeljno komplet a svaki drugi dan izvrsim brzo skeniranje . Tu datoteku sam obrisao i zatim sam skenirao racunar dds-om.Evo izvestaja.
Hvala unapred na pomoci.
mycity.rs/must-login.png

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by RSFC at 17:42:16 on 2013-04-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.381.2074.18.1644.706 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.100.252
TCP: Interfaces\{66950247-2063-475E-80BE-EF8817862D17} : DHCPNameServer = 192.168.100.252
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-2-25 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-2-25 38016]
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-2-25 22600]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-5 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-5 178624]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-5 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-5 377920]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2012-12-26 29672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-5 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-5 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-5 45248]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-2-25 1809920]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-4 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-4 682344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-4 24176]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-2-25 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-25 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-2-25 1143400]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-5 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-25 247400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-5 57856]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-7 1255736]
.
=============== Created Last 30 ================
.
2013-04-10 09:01:37 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 09:01:32 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 09:01:30 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 09:01:18 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 09:01:12 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 09:01:11 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 09:01:08 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 09:01:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 09:01:05 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-05 13:12:52 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-04-05 13:12:49 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-04-05 13:12:48 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-04-05 13:12:47 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-04-05 13:12:44 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-05 13:11:41 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-05 12:57:16 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-04-04 10:33:19 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-04 10:33:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-03 11:53:54 -------- d-----w- C:\Users\RSFC\AppData\Local\Programs
.
==================== Find3M ====================
.
2013-04-12 06:20:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 06:20:02 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-20 16:20:41 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-20 16:20:33 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-20 16:20:33 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-03-13 10:06:06 0 ----a-w- C:\Windows\SysWow64\sho2614.tmp
2013-03-06 22:33:20 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 17:44:40,02 ===============



mycity.rs/must-login.png



mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, MedocH


Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo konacno izvestaja
mycity.rs/must-login.png


mycity.rs/must-login.png



mycity.rs/must-login.png

• 1Ovo se svidja korisniku: virked
  
  Registruj se da bi pohvalio/la poruku!

Preuzmi SecurityCheck na Desktop.

* klikni dva puta kako bi ga pokrenuo.
* kada se pojavi crni CMD prozor, pritisni bilo koji taster na tastaturi.
* nakon zavrsetka skeniranja, u Notepad-u ces dobiti izvestaj, kopiraj mi sadrzaj u temu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvestaj Security Check

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware verzija 1.70.0.1100
Adobe Flash Player 11.7.700.169
Adobe Reader 10.1.6 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Racunar je čist što se malware-a tiče. Potrebno je da ispratiš sledeće korake...



Iz Control Panel-a obrisi sledece programe:

- Adobe Reader

preuzmi i instaliraj najnoviju verziju sa sledeceg linka --> http://get.adobe.com/reader/

- Java 7 Update 17

preuzmi i instaliraj najnoviju verziju sa linka --> http://java.com/en/download/index.jsp



Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html



Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



TwinHeadedEagle (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pre svega Twin Headed Eagle hvala najlepse na trudu i strpljenju.
Koristim McShield,kada startujem racunar ja ga ukljucim . Mada jednom u godini dana koristim usb uredjaje.
Jutros mi avast izbaci da uradim update za Javu i uradio sam to. Skinuo sam i instalirao.
Ali uradicu sve ponovo sa tvojih linkova. Mnogo mi znaci vasa pomoc,jer se stvarno trudim da zastitim racunar koliko god je to moguce.
Sa njegovim radom nemam problema,jedino sto mi smeta a ne umem da popravim je ta sto nece da uradi restartovanje sistema. Primer,kad god restartujem,on uradi sve do ponovnog paljenja,i tada stoji onako iskljucen sa upaljenim obema lampicama.Jedini nacin koji ja koristim je taj da duze drzim dugme za iskljucivanje pa ga ponovo ukljucim.

Hvala jos jednom,sve najbolje zelim vama i vasem timu. Pozdrav!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

MCShield je neprimetan i neosetljiv, a mozes i da ga podesis da te ne ometa i da sve radi "necujno"...

Sto se tice ostalih problema, slobodno postavi temu u Windows potforumu i tamo iznesi problem, jer u Ambulanti resavamo samo probleme uzrokovane malware-om.

Pozdrav