Natrag   Forum.hr > Informatička tehnologija > IT Help service > Security
Učitaj ponovno ovu stranicu Nema ništa??

Security Antivirusi, firewalli, patchevi, service packovi, updatei, ... Sve o sigurnosti vašeg računala.

Odgovor
 
Tematski alati Opcije prikaza
Old 11.08.2010., 13:26   #1
Nema ništa??
Napravim scan sa malwarebytesom i antivirusom (oba full scan)..i prvi ne pokaže ništa, a drugi kao jedan virus (trojan) koji bude uspješno obrisan, kao. Ali men laptop u zadnja dva dana radi sporije i staalno mi na internetu otvara sam od sebe neke stranice, i to još neke koje mi wot, hvala bogu, pokaže da su crvene. Nikad mi se prije to nije pojavljivalo, neki je virus 1oo%. Da napravim one OTL logove ?
Lanchetoo is offline  
Odgovori s citatom
Old 11.08.2010., 13:28   #2
napravi
dobrota is offline  
Odgovori s citatom
Old 11.08.2010., 15:15   #3
probaj i ccleaner, on će ti očistiti svo smeće što usporava komp
__________________
Do I need this?
AmyMirka is offline  
Odgovori s citatom
Old 11.08.2010., 21:36   #4
OTL: http://pastebin.com/VWQh4fKi

Extras: http://pastebin.com/SaAuZJvJ
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 12:57   #5
Quote:
Lanchetoo kaže: Pogledaj post
otvori OTL i ovo kopiraj u prazno polje
Kod:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=ayxPU3ZNhHxTByyx5tkUQQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
[2009.10.22 23:17:27 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Dora\Application Data\Mozilla\Firefox\Profiles\c3l6p3b9.default\searchplugins\mywebsearch.xml
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Dora\Application Data\ngjax.exe) - C:\Documents and Settings\Dora\Application Data\ngjax.exe (Hex-Rays SA)
O33 - MountPoints2\{17c56ece-a3f7-11df-9d57-001a73aab864}\Shell\AutoRun\command - "" = I:\kazna\tujeled.exe -- File not found
O33 - MountPoints2\{17c56ece-a3f7-11df-9d57-001a73aab864}\Shell\explore\command - "" = I:\kazna\\tujeled.exe -- File not found
O33 - MountPoints2\{17c56ece-a3f7-11df-9d57-001a73aab864}\Shell\open\command - "" = I:\kazna\\tujeled.exe -- File not found
O33 - MountPoints2\{896f2b54-bf10-11de-9b6a-001a73aab864}\Shell\AutoRun\command - "" = update.exe
O33 - MountPoints2\{e1a2ed7a-dd0a-11de-9baa-001a73aab864}\Shell\AutoRun\command - "" = I:\kazna\tujeled.exe -- File not found
O33 - MountPoints2\{e1a2ed7a-dd0a-11de-9baa-001a73aab864}\Shell\explore\command - "" = I:\kazna\\tujeled.exe -- File not found
O33 - MountPoints2\{e1a2ed7a-dd0a-11de-9baa-001a73aab864}\Shell\open\command - "" = I:\kazna\\tujeled.exe -- File not found
[2010.08.09 23:36:15 | 000,149,504 | RHS- | C] (Hex-Rays SA) -- C:\Documents and Settings\Dora\Application Data\ngjax.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.08.01 19:19:26 | 000,149,504 | RHS- | M] (Hex-Rays SA) -- C:\Documents and Settings\Dora\Application Data\ngjax.exe



:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
klik na runfix
log koji dobiješ kopiraj na forum

2. skini combofix sa ove stranice http://www.bleepingcomputer.com/down...virus/combofix
-spremi na desktop
-pokreni combofix i na sve što traži odgovori potvrdno
-kada combofix završi izbacit će log kojeg ćeš kopirat na pastebin
dobrota is offline  
Odgovori s citatom
Old 12.08.2010., 16:50   #6
Dobrota, Otl mi neradi, tj. zapne na onoj prvoj stavci i piše not responding. Ma koliko čekala..ništa. Svaki put moram "na silu" ugasiti i ponovo upaliti laptop. Probala više puta
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 16:53   #7
Quote:
Lanchetoo kaže: Pogledaj post
Dobrota, Otl mi neradi, tj. zapne na onoj prvoj stavci i piše not responding. Ma koliko čekala..ništa. Svaki put moram "na silu" ugasiti i ponovo upaliti laptop. Probala više puta
pokreni combofix...malware brani da se OTL pokrene...nakon combofixa će se pokenut

nastavi sa combofixom
dobrota is offline  
Odgovori s citatom
Old 12.08.2010., 17:25   #8
Combofix je izbacio ovo: http://pastebin.com/cc1X790j

Sad idem ponovo pokušati OTL.
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 17:38   #9
Ništa još od ovog OTL-a, barem zasad. Što kažeš na combofix-ov rezultat?
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 17:44   #10
sad bi trebalo biti ok.....još je ostalo nekih sitnica od mywebsearch...to će malwarebytes pobrisati

za OTL

jesi kopirala sve ? jeli zatvoren web preglednik prilikom pokretanja OTL skripte ?

ako zapinje na prvoj stavci....izbriši je.....
combofix je pobrisa većinu stvari

pokreni malwarebytes....update i odaberi full scan
log kopiraj na forum
dobrota is offline  
Odgovori s citatom
Old 12.08.2010., 18:02   #11
E j**i ga ..ja ostavila internet uključen dok sam to pokušavala, sory . Sad ću ja to dvoje sredit. (btw. di je nestao ovakav smajlić, samo bez jednog zuba?!?)
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 19:08   #12
Napokon..morala sam izbrisati prvu stavku, i onda je htjelo.
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
C:\Documents and Settings\Dora\Application Data\Mozilla\Firefox\Profiles\c3l6p3b9.default\sea rchplugins\mywebsearch.xml moved successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan not found.
File C:\Documents and Settings\Dora\Application Data\ngjax.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{17c56ece-a3f7-11df-9d57-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17c56ec e-a3f7-11df-9d57-001a73aab864}\ not found.
File I:\kazna\tujeled.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{17c56ece-a3f7-11df-9d57-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17c56ec e-a3f7-11df-9d57-001a73aab864}\ not found.
File I:\kazna\\tujeled.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{17c56ece-a3f7-11df-9d57-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17c56ec e-a3f7-11df-9d57-001a73aab864}\ not found.
File I:\kazna\\tujeled.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{896f2b54-bf10-11de-9b6a-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{896f2b5 4-bf10-11de-9b6a-001a73aab864}\ not found.
File update.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{e1a2ed7a-dd0a-11de-9baa-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1a2ed7 a-dd0a-11de-9baa-001a73aab864}\ not found.
File I:\kazna\tujeled.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{e1a2ed7a-dd0a-11de-9baa-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1a2ed7 a-dd0a-11de-9baa-001a73aab864}\ not found.
File I:\kazna\\tujeled.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{e1a2ed7a-dd0a-11de-9baa-001a73aab864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1a2ed7 a-dd0a-11de-9baa-001a73aab864}\ not found.
File I:\kazna\\tujeled.exe not found.
File C:\Documents and Settings\Dora\Application Data\ngjax.exe not found.
C:\WINDOWS\002598_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
File C:\Documents and Settings\Dora\Application Data\ngjax.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Dora
->Temp folder emptied: 1600 bytes
->Temporary Internet Files folder emptied: 5599342 bytes
->FireFox cache emptied: 89444639 bytes
->Flash cache emptied: 47170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 93268 bytes

Total Files Cleaned = 91,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Dora
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.9.1 log created on 08122010_181716

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6e0.dat not found!

Registry entries deleted on Reboot...
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 19:14   #13
Ovo je od Malwarea:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzija baze podataka: 4422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.8.2010 18:58:48
mbam-log-2010-08-12 (18-58-48).txt

Tip provjere: Kompletna provjera (C:\|D:\|)
Provjereni objekti: 182608
Vrijeme trajanja: 36 minuta, 36 sekundi

Zaraženi procesi u memoriji: 0
Zaraženi moduli u memoriji: 0
Zaraženi ključevi u registru: 0
Zaražene vrijednosti u registru: 0
Zaraženi podaci u registru: 0
Zaraženi direktoriji: 0
Zaražene datoteke: 0

Zaraženi procesi u memoriji:
(Zloćudne stavke nisu otkrivene)

Zaraženi moduli u memoriji:
(Zloćudne stavke nisu otkrivene)

Zaraženi ključevi u registru:
(Zloćudne stavke nisu otkrivene)

Zaražene vrijednosti u registru:
(Zloćudne stavke nisu otkrivene)

Zaraženi podaci u registru:
(Zloćudne stavke nisu otkrivene)

Zaraženi direktoriji:
(Zloćudne stavke nisu otkrivene)

Zaražene datoteke:
(Zloćudne stavke nisu otkrivene)


Btw..ima par razlika nego prije. Pri svakom pokretanju dođu mi dvje opcije kao Windows recovery i Windows profesional i on sam automatski odabere ovo drugo. A kad se podigne sve, dođe mi upozorenje od DEAMONA i piše da taj program zahtjeva bar windowse 2ooo (wtf?) sa nekim SPTD 1,6 ili novijim, i da kernel debugger treba biti deaktiviran.
Lanchetoo is offline  
Odgovori s citatom
Old 12.08.2010., 19:50   #14
ok

izbriši combofix

start /run / combofix /uninstall-potvrdi, sa ok

1.ovo prvo što se javlja je recovery console....to ćeš izbrisati ovako
-skini ovaj program
-spremi na desktop i dvoklikom ga pokreni
-odaberi opciju 1 i klik na enter...recovery console će biti uklonjena

2. za daemon
-skini defogger i spremi na desktop
-dvoklikom pokreni program
-klik na Re-enable
-klik na Yes
-DeFogger će tražiti restart, dozvoli restart, nakon restarta bi trebalo biti sve ok

3.otvori OTL i klik na clean up

-kako sada radi računalo ?
-otvaraju li ti se stranice ao prije ?
dobrota is offline  
Odgovori s citatom
Old 12.08.2010., 21:26   #15
Uspješno sam deinstalirala combofix, i recovery se više ne pojavljuje pri paljenju. OTL sam zadala clean-up i maknio je sam sebe . Ne, ne pojavljuju se više stranice, a i update za windovse i AV je proradio. Ono u vezi DEAMONa.. sve sam napravila kao što si reko, ali se poslje onoga klika na yes pojavio error. Doslovno je sam to pisalo, i izašla sam iz tog, nije tražio restart, ali se više nakon paljenja ne javlja ona greška..jel to dobro onda? Puuno hvala na svemu .
Lanchetoo is offline  
Odgovori s citatom
Old 13.08.2010., 14:45   #16
jel sad sve ok ?
dobrota is offline  
Odgovori s citatom
Old 13.08.2010., 20:20   #17
To sam ja tebe htjela pitat, ali kad ti pitaš onda je valjda sve gotovo. I neema problema višee
P.S. valjda nisam bila naporna..
Lanchetoo is offline  
Odgovori s citatom
Odgovor

« Prethodna tema | Sljedeća tema »

Tematski alati
Opcije prikaza
Linearni mod Linearni mod

Kreni na podforum




Sva vremena su GMT +2. Trenutno vrijeme je: 02:25.