Security Antivirusi, firewalli, patchevi, service packovi, updatei, ... Sve o sigurnosti vašeg računala. |
|
|
11.04.2012., 11:58
|
#41
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
pokreni tdsskiller
isto ćeš pokrenuti i aswMBR
-spremi program na desktop
-pokeni program klikom na scan
-kad završi scan klik na save log
-log kopiraj
|
|
|
11.04.2012., 14:51
|
#42
|
Registrirani korisnik
Registracija: Dec 2009.
Postova: 55
|
|
|
|
11.04.2012., 15:09
|
#43
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
suskavi kaže:
|
oba loga su ok, rootkita nema
ponovo pokreni OTL, samo što ćeš ovaj put ovo kopirati u prazno polje
Kod:
:OTL
SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Sys32V2Contoller] C:\WINDOWS\mw2mmgr32\mw2mmgr32.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012.01.08 21:10:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.08 21:10:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.08 21:10:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.08 21:10:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.08 21:10:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
:Commands
[Reboot]
|
|
|
11.04.2012., 23:35
|
#44
|
Registrirani korisnik
Registracija: Jan 2009.
Postova: 1,798
|
Bok, u zadnje vrijeme imam problema sa povezivanjem kompa s mobitelom preko USB kabla, tj. komp prepozna i otvorim removable disk ali se smrzne prilikom pokušaja kopiranja pjesama ili sam od sebe. Pokušavao dosta toga i uvjek isto, do nedavno je sve radilo u redu, ali u zadnje vrijeme nikako da normalno napravim file transfer, a uostalom i komp mi se malo čudno ponaša u zadnje vrijeme pa ako je moguće ovo pogledati bio bih zahvalan:
OTL.txt
http://pastebin.com/fQpbHjmr
Extras.txt
http://pastebin.com/sWx76ig3
Hvala unaprijed
|
|
|
12.04.2012., 13:10
|
#45
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
rap_boy kaže:
Bok, u zadnje vrijeme imam problema sa povezivanjem kompa s mobitelom preko USB kabla, tj. komp prepozna i otvorim removable disk ali se smrzne prilikom pokušaja kopiranja pjesama ili sam od sebe. Pokušavao dosta toga i uvjek isto, do nedavno je sve radilo u redu, ali u zadnje vrijeme nikako da normalno napravim file transfer, a uostalom i komp mi se malo čudno ponaša u zadnje vrijeme pa ako je moguće ovo pogledati bio bih zahvalan:
OTL.txt
http://pastebin.com/fQpbHjmr
Extras.txt
http://pastebin.com/sWx76ig3
Hvala unaprijed
|
OTL log se čini ok
još ćemo provjeriti s combofixom
skini combofix i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj
|
|
|
12.04.2012., 22:55
|
#46
|
Registrirani korisnik
Registracija: Jan 2009.
Postova: 1,798
|
|
|
|
13.04.2012., 12:51
|
#47
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
rap_boy kaže:
|
skini malwarebytes >>update>>full scan
-log kopiraj
kako sad radi računalo ?
|
|
|
13.04.2012., 22:52
|
#48
|
Registrirani korisnik
Registracija: Oct 2007.
Lokacija: Zagreb
Postova: 128
|
Pozdrav! nedavno sam rijesio ovdje problem sa jednim kompom, a vec imam drugog 'pacijenta', pa kad se nade vremena, zahvalan sam!
Ugl. zanimljiv slucaj. Win xp pro SP2. Komp se ponekad 'smrzava', ali glavni problem je s officeom 2007. Pocelo se dogadati da dokumente word, excell i dr. otvara po 5-6 min. OS i Office nisu orig., no do sada (vise godina) je sve radilo super.
Pokrenuo sam prema ranijim uputama OTL i Combofix (nešto je našao), evo prilažem log-ove, redom - OTL, Extras, ComboFix:
http://pastebin.com/p9MJUUVt
http://pastebin.com/SnqCpMtY
http://pastebin.com/k0dLMJWn
btw. ako moze jos jedno malo off pitanje: na masinu sam htio staviti avira free antivirus (download last eversion sa weba), medutim, ne dozvoljava mi instalirati, jer sada zadnja verzija zahtjeva SP3... a ovi win xp imaju SP2. Koje je rjesenje?
Hvala puno.
|
|
|
13.04.2012., 23:23
|
#49
|
Registrirani korisnik
Registracija: Jan 2009.
Postova: 1,798
|
Malwarbytes:
http://pastebin.com/Dn2n4LKv
Da removam tih 10 "problema"? 4 su automatski selektirana, nisam zasad još ništa dirao..
Pa komp radi ok, moram probati sada file transfer sa mobom.
Zahvaljujem na pomoći, pozdrav.
|
|
|
14.04.2012., 08:18
|
#50
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
rap_boy kaže:
Malwarbytes:
http://pastebin.com/Dn2n4LKv
Da removam tih 10 "problema"? 4 su automatski selektirana, nisam zasad još ništa dirao..
Pa komp radi ok, moram probati sada file transfer sa mobom.
Zahvaljujem na pomoći, pozdrav.
|
možeš ih pobrisati
izbriši combofix i OTL
otvori OTL i klik na clean up
|
|
|
14.04.2012., 08:49
|
#51
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
taxodium kaže:
Pozdrav! nedavno sam rijesio ovdje problem sa jednim kompom, a vec imam drugog 'pacijenta', pa kad se nade vremena, zahvalan sam!
Ugl. zanimljiv slucaj. Win xp pro SP2. Komp se ponekad 'smrzava', ali glavni problem je s officeom 2007. Pocelo se dogadati da dokumente word, excell i dr. otvara po 5-6 min. OS i Office nisu orig., no do sada (vise godina) je sve radilo super.
Pokrenuo sam prema ranijim uputama OTL i Combofix (nešto je našao), evo prilažem log-ove, redom - OTL, Extras, ComboFix:
http://pastebin.com/p9MJUUVt
http://pastebin.com/SnqCpMtY
http://pastebin.com/k0dLMJWn
btw. ako moze jos jedno malo off pitanje: na masinu sam htio staviti avira free antivirus (download last eversion sa weba), medutim, ne dozvoljava mi instalirati, jer sada zadnja verzija zahtjeva SP3... a ovi win xp imaju SP2. Koje je rjesenje?
Hvala puno.
|
otvori OTL i ovo kopiraj u prazno poje
Kod:
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Usluga Google ažuriranje (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate1c9d353edcff046) Usluga Google ažuriranje (gupdate1c9d353edcff046)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55111
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=101292&mntrId=4cf47047000000000000001f3c96a685&q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] Disable_By_C:\Program Files\PowerISO\PWRISOVM.EXE File not found
O4 - HKLM..\Run: [RemoveWGA] H:\RemoveWGA.exe -startup File not found
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKCU..\Run: [MSMSGS] Disable_By_"C:\Program Files\Messenger\msmsgs.exe" /background File not found
O8 - Extra context menu item: &Search - ?p=ZUfox000 File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.12.31 19:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikolina\Application Data\4CF47
[C:\WINDOWS\$NtUninstallKB53497$] -> Error: Cannot create file handle -> Unknown point type
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" =-
"1542:UDP" =-
"53:UDP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LP\6854\F3C.exe" =-
"C:\Program Files\47047\lvvm.exe" =-
"C:\Documents and Settings\Nikolina\Application Data\4CF47\96A68.exe" =-
:Files
ipconfig /flushdns /c
rmdir C:\WINDOWS\$NtUninstallKB53497$ /c
C:\Program Files\47047
C:\Program Files\LP
C:\Documents and Settings\Nikolina\Application Data\4CF47
:Commands
[Reboot]
klik na RUN FIX
-log koji dobiješ kopiraj
2.skini tdsskiler i spremi na desktop
-otvori program i klik na change parameters i sve označi
-klik na start scan
-ako program zatraži restart dozvoli
-log se obično naazi u c: i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
3.skini aswMBR i spremi na desktop
-pokreni program klikom na scan
-kad završi scan klik na save log
-log kopiraj
4.skini farbar service scanner i spremi na desktop
-sve označi i klik na scan
-log koji dobiješ kopiraj
|
|
|
14.04.2012., 09:45
|
#52
|
Registrirani korisnik
Registracija: Oct 2007.
Lokacija: Zagreb
Postova: 128
|
Quote:
dobrota kaže:
otvori OTL i ovo kopiraj u prazno poje
Kod:
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Usluga Google ažuriranje (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate1c9d353edcff046) Usluga Google ažuriranje (gupdate1c9d353edcff046)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55111
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=101292&mntrId=4cf47047000000000000001f3c96a685&q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] Disable_By_C:\Program Files\PowerISO\PWRISOVM.EXE File not found
O4 - HKLM..\Run: [RemoveWGA] H:\RemoveWGA.exe -startup File not found
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKCU..\Run: [MSMSGS] Disable_By_"C:\Program Files\Messenger\msmsgs.exe" /background File not found
O8 - Extra context menu item: &Search - ?p=ZUfox000 File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.12.31 19:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikolina\Application Data\4CF47
[C:\WINDOWS\$NtUninstallKB53497$] -> Error: Cannot create file handle -> Unknown point type
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" =-
"1542:UDP" =-
"53:UDP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LP\6854\F3C.exe" =-
"C:\Program Files\47047\lvvm.exe" =-
"C:\Documents and Settings\Nikolina\Application Data\4CF47\96A68.exe" =-
:Files
ipconfig /flushdns /c
rmdir C:\WINDOWS\$NtUninstallKB53497$ /c
C:\Program Files\47047
C:\Program Files\LP
C:\Documents and Settings\Nikolina\Application Data\4CF47
:Commands
[Reboot]
klik na RUN FIX
-log koji dobiješ kopiraj
2.skini tdsskiler i spremi na desktop
-otvori program i klik na change parameters i sve označi
-klik na start scan
-ako program zatraži restart dozvoli
-log se obično naazi u c: i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
3.skini aswMBR i spremi na desktop
-pokreni program klikom na scan
-kad završi scan klik na save log
-log kopiraj
4.skini farbar service scanner i spremi na desktop
-sve označi i klik na scan
-log koji dobiješ kopiraj
|
pozdrav!
prema traženju, dostavljam log-ove:
Otl
http://pastebin.com/u6JmvAKm
aswmbr
http://pastebin.com/i3YPVsGP
fss
http://pastebin.com/rNvr1Zc4
tdskiller
http://pastebin.com/w7QpFVq0
|
|
|
14.04.2012., 11:05
|
#53
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
taxodium kaže:
|
otvori fabar service scaner
upiši ovo u search polje
klik na Search Files
log koji dobiješ kopiraj
|
|
|
14.04.2012., 21:05
|
#54
|
Registrirani korisnik
Registracija: Oct 2007.
Lokacija: Zagreb
Postova: 128
|
Quote:
dobrota kaže:
otvori fabar service scaner
upiši ovo u search polje
klik na Search Files
log koji dobiješ kopiraj
|
evo log searcha...
http://pastebin.com/PaHQQYAJ
|
|
|
15.04.2012., 08:14
|
#55
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
taxodium kaže:
|
izbriši tu kopiju combofix-a, (povuci je s mišem u smeće), skini novu kopiju i spremi na desktop
1.otvori notepad i ovo kopiraj u notepad
Kod:
Fcopy::
C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys|C:\WINDOWS\system32\drivers\mrxsmb.sys
C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys|C:\WINDOWS\system32\dllcache\mrxsmb.sys
zatvori notepad i spremi kao CFScript na desktop
-isključi antivrus
-skriptu s mišem uvuci u combofix.exe
-log koji dobiješ kopiraj
2.izbriši kopiju aswMBR, skini novu i spremi na desktop
-pokreni program, kad završi scan klik na save log
-log kopiraj
3.skini malwarebytes >instaliraj program >update >quick scan
-log kopiraj
kako sad radi računalo ?
Zadnje uređivanje dobrota : 15.04.2012. at 08:24.
|
|
|
19.04.2012., 08:26
|
#56
|
Registrirani korisnik
Registracija: Apr 2012.
Postova: 1
|
|
|
|
19.04.2012., 12:23
|
#57
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
bitulit kaže:
|
ovaj file ti je poznat ?
otvori OTL i ovo kopiraj u prazno polje
Kod:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
FF - user.js - File not found
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2790392
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[reboot]
klik na RUN FIX
-log koji dobiješ kopiraj
2.skini combofix i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log koji dobiješ kopiraj
|
|
|
25.04.2012., 15:41
|
#58
|
Registrirani korisnik
Registracija: Jun 2009.
Postova: 236
|
pozz, laptop stari steka jako, nije bas neka konfiguracija i star je, ali naso sam dosta toga sa malwarebytes-om, nod32 nije nista nasao...
nisam sve pobrisao jer su vecinom registry u pitanju, par puta sam tako vec sjebo pa evo loga ovdje, bacit cu kasnije i otl logove
malwarebytes
http://pastebin.com/D2pZWfFd
otl logovi
http://pastebin.com/t3hqpJ26
http://pastebin.com/bGGmwUpg
Zadnje uređivanje majstor fantac : 25.04.2012. at 16:17.
|
|
|
25.04.2012., 17:31
|
#59
|
Links 2 3 4
Registracija: Jan 2008.
Lokacija: Split
Postova: 6,158
|
Quote:
majstor fantac kaže:
|
nema ni u OTL logovim ništa posebno....možda jedino
Kod:
httxp://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-0015004....
isključi malwarebytes realtime zaštitu
otvori OTL i ovo kopiraj u prazno polje
Kod:
:services
:otl
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{8C8D7C39-168C-4156-88BD-332E9997D5E1}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-001500432e3b&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.hr/about:tabsabout:tabs [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8C8D7C39-168C-4156-88BD-332E9997D5E1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{33A8D69E-6B43-496B-BD73-9065ACA65DE4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{8C8D7C39-168C-4156-88BD-332E9997D5E1}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-001500432e3b&q={searchTerms}
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-001500432e3b&q="
FF - user.js - File not found
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Nensy Fensy\Application Data\Mozilla\Firefox\Profiles\z49iwjkv.default\searchplugins\startsear.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:files
dir /s /a "C:\Documents and Settings\Nensy Fensy\Recent" /c
C:\Program Files\StartSearch plugin
C:\Program Files\McAfee Security Scan
:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]
klik na RUN FIX
-log koji dobiješ kopiraj
2.skini tdsskiller i spremi na desktop
-pokreni program>klik na change parameters
-sve označi
-klik na strat scan
-ako program zatraži restart dozvoli
-log se obično nalazi u c:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
3.skini aswMBR i spremi na desktop
-pokrni program klikom na start scan
-kad završi scan klik na save log
-log kopiraj
4.pokreni malwareytes >update>quick scan
-što pronađe možeš slobodno brisati
još ćemo provjeriti ima li slučajno koji rootkit, ako ga ova dva alata ne pronađu, onda neće biti potrebno ni combofix pokretati...
|
|
|
26.04.2012., 11:15
|
#60
|
Registrirani korisnik
Registracija: Jun 2009.
Postova: 236
|
evo otl loga
http://pastebin.com/Jifjby9B
ovaj tdsskiller otkrio 9 virusa ili kaj su vec
Unsigned file
CFSvcs
DVD-RAM_Service
meiudf
netdevio
S24EventMonitor
StarOpen
TVALZ
VMUVC
vyftUVC
svugdje pise meduim risk, kaj napravit sad sa tim, a pobrisem ili bacim u karantnenu ??
muci me to kaj su servisi u pitanju, vecina u folderu system32/drivers, imao sam jednom rootkita i isao brisat tako i sjebo sve, kaj radit ?
Zadnje uređivanje majstor fantac : 26.04.2012. at 11:29.
|
|
|
|
|
Sva vremena su GMT +2. Trenutno vrijeme je: 03:33.
|
|
|
|