MyCity » Ambulanta -> Arhiva Ambulante » brisanje virusa

brisanje virusa

Napisano na dan: 17.11.2007

brisanje virusa
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Nov 2007 16:33
Idi na vrh
offline
  • MELJO 
  • Novi MyCity građanin
  • Pridružio: 17 Nov 2007
  • Poruke: 2

nne mogu da obrisem ovaj virus detected: Trojan program Trojan-Spy.Win32.BZub.btx File: C:\WINDOWS\SYSTEM32\DEVENU.DLL
Logfile of HijackThis v1.99.1
Scan saved at 16:31:22, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Operater123\Desktop\čistač.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D4115FE2-9A0F-47A6-A0FA-AD826FB182F1} - C:\WINDOWS\system32\devenu.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C979B3B3-0BA2-45B6-ABAD-0A10C1AE5F80}: NameServer = 91.150.69.129,212.200.139.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFDBCF7-EFAD-484F-85FD-4265D67DE504}: NameServer = 91.150.69.129,212.200.139.132
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Poslao: 17 Nov 2007 16:56
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Ukoliko ovaj komp koristis za bitne stvari (pristup tvom bankovnom racunu), preporucio bih ti da sto je pre moguce sa drugog racunara, koji nije inficiran, promenis sve lozinke koje koristis za te vazne stvari koje obavljas putem interneta.
Ovaj trojanac je posebno napravljen za kradju lozinki za pristup racunima u bankama (normalno, online pristup racunu).

Poslao: 17 Nov 2007 19:37
Idi na vrh
offline
  • MELJO 
  • Novi MyCity građanin
  • Pridružio: 17 Nov 2007
  • Poruke: 2

ComboFix 07-11-08.1 - Operater123 2007-11-17 17:30:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1008 [GMT 1:00]
Running from: C:\Documents and Settings\Operater123\Local Settings\Temporary Internet Files\Content.IE5\QB61YDG5\ComboFix[4].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Operater123\Application Data\install.dat
C:\Documents and Settings\Operater123\ravmonlog
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry1.bs
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\devenu.dll
C:\WINDOWS\system32\dllh8jkd1q8(2).exe
C:\WINDOWS\system32\dllh8jkd1q8(3).exe
C:\WINDOWS\system32\drivers\jwoxwojj.dat
C:\WINDOWS\system32\drivers\vswzpvnv.dat
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsub.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NEVMZAZH
-------\nevmzazh
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 17:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 19:27 3,499 --a------ C:\WINDOWS\mozver.dat
2007-11-06 17:11 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-06 17:11 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-06 17:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-06 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-06 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-06 17:10 4,118,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-06 17:10 43,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-06 17:09 <DIR> d-------- C:\kav
2007-11-06 16:35 <DIR> d---s---- C:\Documents and Settings\Operater123\UserData
2007-11-06 15:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-06 14:07 15,360 --a------ C:\WINDOWS\system32\drivers\NetMotCM.sys
2007-11-06 13:14 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-06 13:14 <DIR> d-------- C:\Documents and Settings\Operater123\Application Data\Thunderbird
2007-11-06 13:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-05 14:07 1 --a------ C:\WINDOWS\system32\rc.dat
2007-11-05 14:07 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-11-05 14:07 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-10-22 17:04 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-22 17:04 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-17 13:04 <DIR> d-------- C:\Program Files\Milka
2007-10-17 13:04 4,096 --a------ C:\WINDOWS\d3dx.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 17:00 59,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 17:00 5,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-05 13:25 --------- d-----w C:\Program Files\Microsoft Visual FoxPro 9
2007-11-05 13:25 --------- d-----w C:\Program Files\Microsoft Visual FoxPro 7
2007-11-05 13:24 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-05 13:24 --------- d-----w C:\Program Files\HTML Help Workshop
2007-11-05 13:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 15:02 --------- d-----w C:\Documents and Settings\Operater123\Application Data\Image Zone Express
2007-10-14 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
2007-10-14 12:05 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2007-10-14 12:05 --------- d-----w C:\Program Files\Barbie(TM)
2007-10-14 09:37 --------- d-----w C:\Program Files\EA GAMES
2007-10-13 13:55 --------- d-----w C:\Documents and Settings\Operater123\Application Data\Media Player Classic
2007-10-13 12:38 --------- d-----w C:\Documents and Settings\Operater123\Application Data\HP
2007-10-13 12:11 --------- d-----w C:\Program Files\HP
2007-10-13 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-13 12:10 --------- d-----w C:\Program Files\Common Files\HP
2007-10-13 12:09 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-13 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-13 10:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 10:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-13 10:39 --------- d-----w C:\Documents and Settings\Operater123\Application Data\InstallShield
2007-10-09 16:02 --------- d-----w C:\Documents and Settings\Operater123\Application Data\CyberLink
2007-10-09 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-09 16:01 --------- d-----w C:\Program Files\CyberLink
2007-10-07 10:59 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-10-07 10:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 10:59 --------- d-----w C:\Documents and Settings\Operater123\Application Data\TuneUp Software
2007-10-07 10:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-07 10:47 --------- d-----w C:\Documents and Settings\Operater123\Application Data\Canon
2007-10-01 15:26 --------- d-----w C:\Program Files\Genie-Soft
2007-09-27 17:33 --------- d-----w C:\Documents and Settings\Operater123\Application Data\Ahead
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 16:06 C:\WINDOWS\system32\ptipbmf.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 16:58]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07157305-3d1a-11dc-adda-806d6172696f}]
\Shell\AutoRun\command - E:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 16:16:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-11-17 18:01:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 18:02:29 - machine was rebooted
.
--- E O F ---

Dopuna: 17 Nov 2007 19:37

Veliko hvala i Vama i Dubari,koji me uputio na Vas!
Rijesili ste moj problem.
Veliki pozdrav iz Doboja!

MELJO

MyCity » Ambulanta -> Arhiva Ambulante » brisanje virusa

Ko je trenutno na forumu
 

Ukupno su 862 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 858 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Avalon015, JanaH, Koridor, vladetije