Windows personal doctor

1

Windows personal doctor

offline
  • Pridružio: 01 Nov 2011
  • Poruke: 89

Pročitao sam da je virus, ima li leka.
Pišem sa drugog kompa jer sa zaraženog mi prekine svaku aplikaciju program, browser, sve Razz

Novi sistem ili lek postoji?

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav Doctor NO

probaj da udjes u safe mode with networking (ukoliko ne znas kako se ulazi u safe mode, postoji uputsvo),i da iz Safe Modea preuzmes DDS i GMER,i da nakon izvrsenog skeniranja,dostavis potrebne logove.


NIx Car (AMF Tim)

offline
  • Pridružio: 01 Nov 2011
  • Poruke: 89

Evo može iz safe moda Wink

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by MILE I VITKA at 21:02:58 on 2012-03-08
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.1791.1337 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\mile i vitka\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Inspector] c:\users\mile i vitka\appdata\roaming\Protector-pjb.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TNod UP] "f:\kljucev i zanod\kljucevi\TNODUP.exe" /i
mRun: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
mRun: [BigDogPath] c:\windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL)
mRun: [Domino] c:\windows\Domino.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{68D1CB86-3361-45C5-AC91-E8FDE7110BAE} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mile i vitka\appdata\roaming\mozilla\firefox\profiles\v0qu3qm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - plugin: c:\users\mile i vitka\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-10-21 327784]
S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2012-03-07 17:05:47 -------- d-----w- c:\users\mile i vitka\appdata\local\ElevatedDiagnostics
2012-03-07 13:59:26 1994240 ----a-w- c:\users\mile i vitka\appdata\roaming\Protector-pjb.exe
2012-02-18 16:01:25 -------- d-----w- c:\programdata\GRETECH
2012-02-18 16:00:53 -------- d-----w- c:\program files\GRETECH
2012-02-18 15:47:34 -------- d-----w- c:\users\mile i vitka\appdata\roaming\Rovio
2012-02-17 19:57:35 -------- d-----w- c:\users\mile i vitka\appdata\local\Google
2012-02-17 19:57:19 -------- d-----w- c:\users\mile i vitka\appdata\local\Deployment
2012-02-17 19:57:19 -------- d-----w- c:\users\mile i vitka\appdata\local\Apps
.
==================== Find3M ====================
.
.
============= FINISH: 21:03:05.06 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za više informacija o pravilima Ambulante MyCity foruma: LINK



Arrow

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:

Obavezno preimenuj ComboFix.exe u iexplore.exe
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 01 Nov 2011
  • Poruke: 89

Napisano: 09 Mar 2012 15:53

ComboFix 12-03-09.05 - MILE I VITKA 03/09/2012 15:45:00.1.1 - x86 NETWORK
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.1791.1368 [GMT 1:00]
Running from: c:\users\MILE I VITKA\Desktop\iexplore.exe.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MILE I VITKA\AppData\Roaming\Protector-pjb.exe
c:\users\MILE I VITKA\AppData\Roaming\result.db
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 14:47 . 2012-03-09 14:47 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\temp
2012-03-09 14:47 . 2012-03-09 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 20:23 . 2012-03-08 20:23 -------- d-----w- c:\users\MILE I VITKA\AppData\Roaming\TeamViewer
2012-03-08 20:22 . 2012-03-08 20:22 -------- d-----w- c:\program files\TeamViewer
2012-03-07 17:05 . 2012-03-07 17:05 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\ElevatedDiagnostics
2012-02-18 16:01 . 2012-02-18 16:01 -------- d-----w- c:\programdata\GRETECH
2012-02-18 16:01 . 2012-02-18 16:01 -------- d-----w- c:\users\MILE I VITKA\AppData\Roaming\GRETECH
2012-02-18 16:00 . 2012-02-18 16:00 -------- d-----w- c:\program files\GRETECH
2012-02-18 15:47 . 2012-02-18 15:47 -------- d-----w- c:\users\MILE I VITKA\AppData\Roaming\Rovio
2012-02-17 19:57 . 2012-02-17 19:58 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\Google
2012-02-17 19:57 . 2012-02-17 19:57 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\Deployment
2012-02-17 19:57 . 2012-02-17 19:57 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 07:09 . 2011-10-21 03:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17762440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VM30xSnap"="VM30xSnap.exe Vimicro USB PC Camera (ZC030x)" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-12 10025576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R3 VM30xx86;Vimicro USB PC Camera (ZC0301);c:\windows\system32\Drivers\vm30xx86.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-10-28 08:11]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186251625-1572455836-906267748-1000Core.job
- c:\users\MILE I VITKA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 19:57]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186251625-1572455836-906267748-1000UA.job
- c:\users\MILE I VITKA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MILE I VITKA\AppData\Roaming\Mozilla\Firefox\Profiles\v0qu3qm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Inspector - c:\users\MILE I VITKA\AppData\Roaming\Protector-pjb.exe
HKLM-Run-TNod UP - f:\kljucev i zanod\KLJUCEVI\TNODUP.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-09 15:48:42
ComboFix-quarantined-files.txt 2012-03-09 14:48
.
Pre-Run: 138,593,619,968 bytes free
Post-Run: 138,718,068,736 bytes free
.
- - End Of File - - 82DA9534BFED9402DF0EDFD10565175B

Dopuna: 09 Mar 2012 18:46

Ne mogu isključiti anti virus u safe modu.
Nije uključen a vidim da u izveštaju je enabled.
Nema ikonice dole a kada idem start, all programs tu mi samo nudi da skeniram, ništa više

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Pokreni ComboFix iz normalnog mode-a (nema više potrebe koristiti safe mode) i kopiraj u poruku izvještaj koji ćeš dobiti.

offline
  • Pridružio: 01 Nov 2011
  • Poruke: 89

ComboFix 12-03-09.05 - MILE I VITKA 03/10/2012 9:52.2.1 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.1791.1091 [GMT 1:00]
Running from: c:\users\MILE I VITKA\Desktop\iexplore.exe.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 08:55 . 2012-03-10 08:57 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\temp
2012-03-08 20:23 . 2012-03-08 20:23 -------- d-----w- c:\users\MILE I VITKA\AppData\Roaming\TeamViewer
2012-03-08 20:22 . 2012-03-08 20:22 -------- d-----w- c:\program files\TeamViewer
2012-03-07 17:05 . 2012-03-07 17:05 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\ElevatedDiagnostics
2012-02-18 16:01 . 2012-02-18 16:01 -------- d-----w- c:\programdata\GRETECH
2012-02-18 16:01 . 2012-02-18 16:01 -------- d-----w- c:\users\MILE I VITKA\AppData\Roaming\GRETECH
2012-02-18 16:00 . 2012-02-18 16:00 -------- d-----w- c:\program files\GRETECH
2012-02-18 15:47 . 2012-02-18 15:47 -------- d-----w- c:\users\MILE I VITKA\AppData\Roaming\Rovio
2012-02-17 19:57 . 2012-02-17 19:58 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\Google
2012-02-17 19:57 . 2012-02-17 19:57 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\Deployment
2012-02-17 19:57 . 2012-02-17 19:57 -------- d-----w- c:\users\MILE I VITKA\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 07:09 . 2011-10-21 03:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17762440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VM30xSnap"="VM30xSnap.exe Vimicro USB PC Camera (ZC030x)" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-12 10025576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 VM30xx86;Vimicro USB PC Camera (ZC0301);c:\windows\system32\Drivers\vm30xx86.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-10-28 08:11]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186251625-1572455836-906267748-1000Core.job
- c:\users\MILE I VITKA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 19:57]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186251625-1572455836-906267748-1000UA.job
- c:\users\MILE I VITKA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MILE I VITKA\AppData\Roaming\Mozilla\Firefox\Profiles\v0qu3qm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-03-10 09:58:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 08:58
ComboFix2.txt 2012-03-09 14:48
.
Pre-Run: 138,821,337,088 bytes free
Post-Run: 138,592,628,736 bytes free
.
- - End Of File - - DC6520B16D2FE008D38322576DB60DEF

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Da obavimo još jednu provjeru. Postavi mi svježe GMER izvještaje iz normalnog moda (pročitaj opet upustvo za otvaranje teme ukoliko bude potrebno).

offline
  • Pridružio: 01 Nov 2011
  • Poruke: 89

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by MILE I VITKA at 10:43:23 on 2012-03-10
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.1791.1090 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\VM301Snap.exe
C:\Windows\Domino.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
mRun: [BigDogPath] c:\windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL)
mRun: [Domino] c:\windows\Domino.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{68D1CB86-3361-45C5-AC91-E8FDE7110BAE} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mile i vitka\appdata\roaming\mozilla\firefox\profiles\v0qu3qm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - plugin: c:\users\mile i vitka\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-8 2886528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-10-21 327784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2012-03-10 09:01:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d26090b-218d-4540-b4f3-7f72584de62c}\offreg.dll
2012-03-10 08:58:24 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-10 08:55:44 -------- d-----w- c:\users\mile i vitka\appdata\local\temp
2012-03-09 14:44:18 98816 ----a-w- c:\windows\sed.exe
2012-03-09 14:44:18 518144 ----a-w- c:\windows\SWREG.exe
2012-03-09 14:44:18 256000 ----a-w- c:\windows\PEV.exe
2012-03-09 14:44:18 208896 ----a-w- c:\windows\MBR.exe
2012-03-08 20:23:09 -------- d-----w- c:\users\mile i vitka\appdata\roaming\TeamViewer
2012-03-08 20:22:42 -------- d-----w- c:\program files\TeamViewer
2012-03-07 17:05:47 -------- d-----w- c:\users\mile i vitka\appdata\local\ElevatedDiagnostics
2012-02-18 16:01:25 -------- d-----w- c:\programdata\GRETECH
2012-02-18 16:00:53 -------- d-----w- c:\program files\GRETECH
2012-02-18 15:47:34 -------- d-----w- c:\users\mile i vitka\appdata\roaming\Rovio
2012-02-17 19:57:35 -------- d-----w- c:\users\mile i vitka\appdata\local\Google
2012-02-17 19:57:19 -------- d-----w- c:\users\mile i vitka\appdata\local\Deployment
2012-02-17 19:57:19 -------- d-----w- c:\users\mile i vitka\appdata\local\Apps
.
==================== Find3M ====================
.
.
============= FINISH: 10:43:48.24 ===============
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U logovima nema više tragova aktivne infekcije. Potrebno je još da uradiš sljedeće korake:


Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Exclamation

Koristiš piratsku i staru verziju ESET NOD32 AV programa.
Deinstaliraj ga preko Start -> Control Panel -> Programs and Features.
Isprati ovo upustvo za uklanjanje ostataka ESET NOD32 v4 AV programa.

Instaliraj neki AV program po tvom izboru.

Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
Nemoj koristiti piratske verzije AV programa!!!



Exclamation

Koristiš staru verziju Adobe Reader programa koja je ujedno i kritična zbog sigurnosnih propusta.
Preporučujem ti da instaliraš najnoviju verziju X 10.1.2. ili da pređeš na alternativu tipa Foxit Reader, Sumatra PDF Reader, itd.

Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Idea

- Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html

Facebook stranica MCShield-a: http://www.facebook.com/MCShield




Pozdrav. Smile

Ko je trenutno na forumu
 

Ukupno su 1045 korisnika na forumu :: 29 registrovanih, 3 sakrivenih i 1013 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, amaterSRB, bigfoot, bobomicek, Bobrock1, Boris BM, darkangel, Dežurni_Automatičar, Fog of War, ivan1973, jackreacher011011, Kibice, Koca Popovic, kybonacci, mean_machine, milutin134, Neutral-M, Nikola70, nikoladim, Oscar, Prometeus, Ripanjac, shlauf, stagezin, Vlada1389, WOLF96, zlatkoa987, |_MeD_|