MyCity » Ambulanta -> Arhiva Ambulante » Kako da ovo ocistim

Kako da ovo ocistim

Napisano na dan: 5.2.2009

Strana:
1
2

Kako da ovo ocistim

Sledeća strana

Pagination

Odgovori

Strana:
1
2

lavander Poslao: 05 Feb 2009 17:21 Idi na vrh
offline lavander Građanin Pridružio: 23 Okt 2007 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Neki virus mi se zakacio putem USB memorije i odmah je putem Skype poslao zarazu ljudima sa moje liste. Instalirao sam Spybot S&D i naso je neku zarazu koju je ocistio. Izbrisao sa Skype. Prilikom koriscenja interneta Avast AV otkrio win32:vb-kyf. Ocistim, medjutim nakon ponovne konekcije na internet ponovo nadje isti virus. Postoji li sansa da se ovo sredi, dole je log fajl Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:18:29 PM, on 05/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bug Shooting\BugShooting.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WordWeb\wweb32.exe C:\DOCUME~1\admin\LOCALS~1\Temp\638.exe C:\Program Files\Opera\Opera.exe C:\DOCUME~1\admin\LOCALS~1\Temp\850.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = advardar.com.mk/DesktopDefault.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 F3 - REG:win.ini: load=, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121608 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 3030 PCL 6" -n 1 -l 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Bug Shooting.lnk = C:\Program Files\Bug Shooting\BugShooting.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: nbosiguruvanje.org.mk O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3690314491 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5321EEEA-4361-4B08-90D5-C910A5104489}: NameServer = 62.162.32.5,62.162.32.6 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe -- End of file - 7716 bytes

Profil

dr_Bora Poslao: 05 Feb 2009 18:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pokreni HijackThis, skeniraj i čekiraj kućice ispred sledećih linija: F3 - REG:win.ini: load=, O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe Klikni Fix checked. ------------------------------------------------------------------------------------- Preuzmi program OTMoveIt3 na Desktop. Dvoklikom pokreni OTMoveIt3.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:processes C:\DOCUME~1\admin\LOCALS~1\Temp\638.exe C:\DOCUME~1\admin\LOCALS~1\Temp\850.exe :files C:\DOCUME~1\admin\LOCALS~1\Temp\638.exe C:\DOCUME~1\admin\LOCALS~1\Temp\850.exe C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe :commands [emptytemp]` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Nakon svega, postavi i svež HijackThis logfile.

Profil

lavander Poslao: 06 Feb 2009 08:54 Idi na vrh
offline lavander Građanin Pridružio: 23 Okt 2007 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Evo prvo log OTMoveIt3 Error: Unable to interpret <processes > in the current context! Error: Unable to interpret <C:\DOCUME~1\admin\LOCALS~1\Temp\638.exe > in the current context! Error: Unable to interpret <C:\DOCUME~1\admin\LOCALS~1\Temp\850.exe > in the current context! ========== FILES ========== C:\DOCUME~1\admin\LOCALS~1\Temp\638.exe moved successfully. C:\DOCUME~1\admin\LOCALS~1\Temp\850.exe moved successfully. File move failed. C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe scheduled to be moved on reboot. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\821.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_61c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_780.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_CTcJc9nqJlJ6mFH scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_EIPvYffEVnYMmed scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_PchwYhPaOkqB286 scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot. Opera cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_083946 Files moved on Reboot... C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe moved successfully. C:\DOCUME~1\admin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully. C:\DOCUME~1\admin\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully. C:\DOCUME~1\admin\LOCALS~1\Temp\Cookies\index.dat moved successfully. C:\DOCUME~1\admin\LOCALS~1\Temp\821.exe moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_61c.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_780.dat not found! C:\WINDOWS\temp\sqlite_CTcJc9nqJlJ6mFH moved successfully. C:\WINDOWS\temp\sqlite_EIPvYffEVnYMmed moved successfully. C:\WINDOWS\temp\sqlite_PchwYhPaOkqB286 moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully. C:\Documents and Settings\admin\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully. a sada log HT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:56 AM, on 06/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bug Shooting\BugShooting.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = advardar.com.mk/DesktopDefault.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121608 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 3030 PCL 6" -n 1 -l 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Bug Shooting.lnk = C:\Program Files\Bug Shooting\BugShooting.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: nbosiguruvanje.org.mk O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3690314491 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5321EEEA-4361-4B08-90D5-C910A5104489}: NameServer = 62.162.32.5,62.162.32.6 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe -- End of file - 7704 bytes Zasad nema nekih problema iako mi je pre nego sto sam napravio celu proceduru, Windows Defender otkrio TrojanProxy:Win32/Agent.HZ kojeg sam obrisao

Profil

dr_Bora Poslao: 06 Feb 2009 14:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde sada postoji drugi malware. Idemo dalje... Dvoklikom pokreni OTMoveIt3.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Service help"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt] :files C:\WINDOWS\SYSTEM32\crypts.dll` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Nakon svega, postavi i svež HijackThis logfile.

Profil

lavander Poslao: 06 Feb 2009 15:06 Idi na vrh
offline lavander Građanin Pridružio: 23 Okt 2007 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Service help not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt\\ not found. ========== FILES ========== File/Folder C:\WINDOWS\SYSTEM32\crypts.dll not found. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_150114 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:02:51 PM, on 06/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bug Shooting\BugShooting.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WordWeb\wweb32.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = advardar.com.mk/DesktopDefault.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121608 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 3030 PCL 6" -n 1 -l 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Bug Shooting.lnk = C:\Program Files\Bug Shooting\BugShooting.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: nbosiguruvanje.org.mk O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3690314491 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5321EEEA-4361-4B08-90D5-C910A5104489}: NameServer = 62.162.32.5,62.162.32.6 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe -- End of file - 7608 bytes Napomena, pri prvom pokusaju OTMoveIt3 se srusio pa je gornji log iz drugog pokusaja, ako to uopste nesto znaci ?!

Profil

dr_Bora Poslao: 06 Feb 2009 15:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je privremeno isključiti Windows Defender: Pokrenite Windows Defender. Kliknite na Tools Kliknite na General Settings. Kliknite na Real Time Protection Options. Destiklirajte Turn on Real Time Protection (recommended). Kliknite na Save Zatvorite Windows Defender. Nemojte zaboraviti da ponovo ukljucite ovu opciju kada zavrsimo ciscenje. Zatim pokreni HijackThis, skeniraj i čekiraj kućicu ispred sledeće linije: O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-0768205387-7184275239-814809237-6306\winservices.exe Klikni Fix checked. Restartuj PC i postavi novi HT logfile.

Profil

lavander Poslao: 06 Feb 2009 16:10 Idi na vrh
offline lavander Građanin Pridružio: 23 Okt 2007 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:53:28 PM, on 06/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bug Shooting\BugShooting.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = advardar.com.mk/DesktopDefault.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121608 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 3030 PCL 6" -n 1 -l 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Bug Shooting.lnk = C:\Program Files\Bug Shooting\BugShooting.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: nbosiguruvanje.org.mk O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3690314491 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5321EEEA-4361-4B08-90D5-C910A5104489}: NameServer = 62.162.32.5,62.162.32.6 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe -- End of file - 7491 bytes Ovaj Log fajl je napravljen sa iskljucenim Defenderom i iskljucenom konekcijom. Nakon njihovog aktiviranja, napravio sam opet scan i famozne linije 04 nije bilo. Primetio sam da pri dvokliku na disk C: koji ima sada ikonu kao Folder pojavljuje se sledeca poruka "Windows cannot find 'vshost.exe'. Make sure you tiped the name corectly, and try again. To search for a file, klik the Start button, and then click Search." Mogu je otvoriti jedino sa desnim klikom i Explore. Drugo pitanje je kako ocistiti USB preko kojeg sam se zarazio, sa AV programom ili nekim antispywerom ili necim drugim.

Profil

dr_Bora Poslao: 06 Feb 2009 20:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I otvaranje particija i čišćenje flash-a ćemo sada rešiti... Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

lavander Poslao: 09 Feb 2009 18:18 Idi na vrh
offline lavander Građanin Pridružio: 23 Okt 2007 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo me. Ovo je log fajl, koristim samo 1 USB memoriski uredjaj kojeg sam uspeo da ocistim sa antivirusom no dali je bas tako pogledajte. USBNoRisk by bobby Started at 09/02/2009 6:12:23 PM Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {a43460df-e189-11dc-bd81-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- autorun.inf found on C: ---------------------------------------- File C:\autorun.inf renamed successfully Content of C:\autorun.inf.blocked ---------------------------------------- [autorun] icon=%systemroot%\SYSTEM32\SHELL32.Dll,4 Action=Open folder to view files ShellExecute=vshost.exe ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for a43460df-e189-11dc-bd81-806d6172696f ======================================== ======================================== New device connected at 09/02/2009 6:12:33 PM Scanning for connected USB mass storage... ---------------------------------------- E: {384cecfe-e904-11dc-ab66-00196658544b} Added E: ======================================== Scanning USB mass storage for files... ---------------------------------------- Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- Sanitized 384cecfe-e904-11dc-ab66-00196658544b ======================================== ---------------------------------------- Desktop.ini on E: - None ---------------------------------------- ========================================

Profil

dr_Bora Poslao: 09 Feb 2009 18:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako da ovo ocistim

Ko je trenutno na forumu

Ukupno su 1199 korisnika na forumu :: 32 registrovanih, 5 sakrivenih i 1162 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, babaroga, bbogdan, Ben Roj, bestguarder, Bickoooo, Bobrock1, bokisha253, ccoogg123, darionis, darkangel, Duh sa sekirom, Frunze, Georgius, Krusarac, kybonacci, lord sir giga, Lucije Kvint, mean_machine, mercedesamg, Mercury, milenko crazy north, Milos ZA, milos97, MiroslavD, MrNo, proka89, samsung, Vlada1389, wolf431, yufighter, YugoSlav

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by