MyCity » Ambulanta -> Arhiva Ambulante » Avast detektovao malware ali ne moze da ga ukloni

Avast detektovao malware ali ne moze da ga ukloni

Napisano na dan: 18.12.2009

Avast detektovao malware ali ne moze da ga ukloni
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Dec 2009 14:26
Idi na vrh
offline
  • Pridružio: 16 Mar 2009
  • Poruke: 147

Od pre tri dana Avast mi izbacuje poruku da je detektovao Malware koji se nalazi u:
C://windows/system32/drivers/zzcyqsfq.sys
Svaki put preporuci da ga izbrisem sto ja i ucinim ali brisanje ne uspe odnosto Avast nije u stanju da ga izbrise.
Primecujem usopren rad racunara od kad se virus pojavio.
Skinuo sam DDS i skenirao racunar. Sledi log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by korisnik1 at 14:18:11,53 on pet 18.12.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.516 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 091218-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\korisnik1\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon toolbar\BabylonIEToolBar.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [sysgif32] c:\windows\temp\~TMC.tmp
StartupFolder: c:\documents and settings\korisnik1\start menu\programs\startup\siszyd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-19 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-19 352920]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-6-15 193840]

=============== Created Last 30 ================

2009-12-17 23:14:03 0 d-sh--w- c:\documents and settings\korisnik1\IECompatCache
2009-12-17 23:12:14 0 d-sh--w- c:\documents and settings\korisnik1\PrivacIE
2009-12-17 22:57:27 0 d-sh--w- c:\documents and settings\korisnik1\IETldCache
2009-12-17 22:49:41 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-17 22:49:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-17 22:49:41 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-17 22:49:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-17 22:49:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-17 22:49:40 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-17 22:47:05 0 d-----w- c:\windows\ie8updates
2009-12-17 22:44:13 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-17 22:15:53 0 dc-h--w- c:\windows\ie8
2009-12-12 22:12:19 697856 ----a-w- c:\windows\system32\drivers\zzcyqsfq.sys
2009-12-12 22:11:39 16 ----a-w- c:\docume~1\korisn~1\applic~1\fvgqad.dat
2009-12-12 22:11:28 4 ----a-w- c:\docume~1\korisn~1\applic~1\avdrn.dat
2009-12-07 15:12:36 0 d-----w- c:\program files\Ask.com

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll

============= FINISH: 14:19:47,31 ===============

mycity.rs/must-login.png

Poslao: 18 Dec 2009 14:48
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Aman..jel citas kako se otvara tema...daj mi gmer ili rootrepeal logove...Ja mogu i bez njih al ko ce posle da bude kriv ako ti srusim sistem?

Poslao: 18 Dec 2009 15:34
Idi na vrh
offline
  • Pridružio: 16 Mar 2009
  • Poruke: 147

Skinuo sam Gmer i napravio logove.
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 18 Dec 2009 15:49
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

 
Files to delete:
c:\windows\temp\~TMC.tmp
c:\documents and settings\korisnik1\start menu\programs\startup\siszyd32.exe
c:\windows\system32\drivers\zzcyqsfq.sys
c:\docume~1\korisn~1\applic~1\fvgqad.dat
c:\docume~1\korisn~1\applic~1\avdrn.dat

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | sysgif32

Drivers to delete:
zzcyqsfq

Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.

Poslao: 18 Dec 2009 16:34
Idi na vrh
offline
  • Pridružio: 16 Mar 2009
  • Poruke: 147

Napisano: 18 Dec 2009 16:32

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\temp\~TMC.tmp" deleted successfully.
File "c:\documents and settings\korisnik1\start menu\programs\startup\siszyd32.exe" deleted successfully.
File "c:\windows\system32\drivers\zzcyqsfq.sys" deleted successfully.
File "c:\docume~1\korisn~1\applic~1\fvgqad.dat" deleted successfully.
File "c:\docume~1\korisn~1\applic~1\avdrn.dat" deleted successfully.
Driver "zzcyqsfq" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysgif32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dopuna: 18 Dec 2009 16:34

Koliko vidim izbrisao ga je uspesno. Treba li sad nesto od ovih koriscenjih programa da deinstaliram?

Poslao: 18 Dec 2009 17:30
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jednostavno ih obrisi

MyCity » Ambulanta -> Arhiva Ambulante » Avast detektovao malware ali ne moze da ga ukloni

Ko je trenutno na forumu
 

Ukupno su 896 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 849 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aleksmajstor, Atomski čoban, Ben Roj, bestguarder, Brana01, cavatina, cenejac111, crnitrn, darionis, darkojbn, Dimitrise93, DragoslavS, galijot, gasha, Georgius, jackreacher011011, Kibice, Krusarac, ladro, Leonov, mercedesamg, moldway, naki011, nenad81, nenooo, NikolaGTR, ozzy, procesor, Skywhaler, Srle993, styg, uruk, vathra, vladetije, vobo, x9, yrraf, zeo, Zerajic, 79693