Poslao: 04 Jun 2007 22:40
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
no lop log:
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\-Mario-\Desktop
[4.6.2007]
[22:36:41]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\AD90E59692D39D6A.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\-mario-\Application Data\Acd Systems
C:\Documents and Settings\-mario-\Application Data\Acid 64 Live
C:\Documents and Settings\-mario-\Application Data\Adobe
C:\Documents and Settings\-mario-\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Ahead
C:\Documents and Settings\-mario-\Application Data\Apple Computer
C:\Documents and Settings\-mario-\Application Data\Autopoweron
C:\Documents and Settings\-mario-\Application Data\Farstone
C:\Documents and Settings\-mario-\Application Data\Google
C:\Documents and Settings\-mario-\Application Data\Identities
C:\Documents and Settings\-mario-\Application Data\Imvu
C:\Documents and Settings\-mario-\Application Data\Lavasoft
C:\Documents and Settings\-mario-\Application Data\Limewire
C:\Documents and Settings\-mario-\Application Data\Locktime
C:\Documents and Settings\-mario-\Application Data\Macromedia
C:\Documents and Settings\-mario-\Application Data\Mailfrontier
C:\Documents and Settings\-mario-\Application Data\Metacafe
C:\Documents and Settings\-mario-\Application Data\Microsoft
C:\Documents and Settings\-mario-\Application Data\Mozilla
C:\Documents and Settings\-mario-\Application Data\Opera
C:\Documents and Settings\-mario-\Application Data\Orbit
C:\Documents and Settings\-mario-\Application Data\Pop Peeper
C:\Documents and Settings\-mario-\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Real
C:\Documents and Settings\-mario-\Application Data\Skype
C:\Documents and Settings\-mario-\Application Data\Sony
C:\Documents and Settings\-mario-\Application Data\Trojanhunter
C:\Documents and Settings\-mario-\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Acd Systems
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Metacafe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Maki\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Acd Systems
C:\Documents and Settings\Nevenka\Application Data\Adobe
C:\Documents and Settings\Nevenka\Application Data\Divx
C:\Documents and Settings\Nevenka\Application Data\Google
C:\Documents and Settings\Nevenka\Application Data\Identities
C:\Documents and Settings\Nevenka\Application Data\Locktime
C:\Documents and Settings\Nevenka\Application Data\Mailfrontier
C:\Documents and Settings\Nevenka\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Mozilla
C:\Documents and Settings\Nevenka\Application Data\Opera
C:\Documents and Settings\Nevenka\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Real
C:\Documents and Settings\Nevenka\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Sony
C:\Documents and Settings\Nevenka\Application Data\Sun
novi hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 22:43:53, on 4.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\-Mario-\Desktop\t3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Mario-\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
|
|
Poslao: 04 Jun 2007 23:42
|
offline
- DEMIAN
- Legendarni građanin
- Pridružio: 25 Mar 2005
- Poruke: 3706
- Gde živiš: The darkest place on earth..
|
Sacuvaj [url=https://www.mycity.rs/must-login.png fajl[/url] na desktop-u i pokreni ga. Iskopiraces mi sadrzaj fajla po imenu folder_list.txt u sledeci post.
Zatim pokreni HijackThis pronadji ovu liniju ispod i kada je budes stiklirao klikni na "Fix checked".
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
Restartuj racunar. Postavi mi ono prvo sto sam trazio od tebe i svez HijackThis log.
|
|
|
|
Poslao: 05 Jun 2007 00:04
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Jos jedna stvar na c particiji mi je ostalo nolopbackups i u njemu je fajl pod exstenzijom "infected file",da li da obrisem to...??
folder list:
Volume in drive C has no label.
Volume Serial Number is 48CF-A55B
Directory of C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb
03.06.2007 13:10 <DIR> .
03.06.2007 13:10 <DIR> ..
03.06.2007 13:10 554.496 GreyLies.exe
1 File(s) 554.496 bytes
2 Dir(s) 1.316.614.144 bytes free
novi log:
Logfile of HijackThis v1.99.1
Scan saved at 0:03:45, on 5.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\-Mario-\Desktop\t3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Mario-\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
|
|
Poslao: 05 Jun 2007 00:22
|
offline
- DEMIAN
- Legendarni građanin
- Pridružio: 25 Mar 2005
- Poruke: 3706
- Gde živiš: The darkest place on earth..
|
Taj bekap brisi slobodno a kompletan folder "C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb" salji na upload.
Log izgleda cisto ali ovaj folder i njegov sadrzaj mi je bas sumnjiv. Daj to da proverim. Zipuj/raruj i salji preko onog linka za upload.
|
|
|
|
Poslao: 05 Jun 2007 00:31
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Evo uploadovao sam ti taj folder...Pa,ocigledno i jeste cist kada mi vise ne zapucava do sada bi vec provereno zapucao i vec bih ga min 5x restartovao...Ja odoh na spavanje a ti proveri taj folder...Navraticu sutra da vidim sta je...I,hvala ti..pozz
|
|
|
|
Poslao: 05 Jun 2007 00:36
|
offline
- DEMIAN
- Legendarni građanin
- Pridružio: 25 Mar 2005
- Poruke: 3706
- Gde živiš: The darkest place on earth..
|
Svi fajlovi koje si upload-ovao su ti maliciozni. Posle ciscenja programom No Lop potrebno je da ih obrises zajedno sa folderima u kojima se nalaze jer ako to ne uradis postoji verovatnoca da ti se infekcija povrati.
Znaci brises kompletno:
C:\Documents and Settings\-mario-\Application Data\Acid 64 Live
C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb
Takodje bih ti predlozio da preskeniras racunar online preko ovog linka:
http://www.bitdefender.com/scan8/ie.html
Za to ti treba Internet Explorer sa ukljucenim Active X kontrolama.
Dopuna: 05 Jun 2007 0:36
Pisali smo u isto vreme.
|
|
|
|
Poslao: 05 Jun 2007 23:26
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Pa,valjda se nece vratiti...A,ne kontam ni sta je konkretno bilo u pitanju??
Foldere sam obrisao...A,komp sam preskenirao preko tog bit defender online scannera...Ali,prvi put kada sam ga skenirao nasao je oko 10 Trojanaca(Clicker,Obfus-ili tako nesto,i jedan Vb.AMD),ali je nestala struja...a sada kada sam ga skenirao nasao je samo onaj Trojan.VB.AMD,u jednom zapakovanom fajlu gde sam skidao acd9 ali ga je obrisao...a to je dobro...jel on sigurno poklao one prethodne,pisalo je da jeste(a pri drugom skenu niju nasao)...Uglavnom mashina lepo radi...Nema "abnormalnog usporavanja",a to je super...zahvaljujem se na trudu...pozz
|
|
|
|
|
Poslao: 06 Jun 2007 15:20
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Evo cisto predstroznosti radi...Posto sam stvarno mrzovoljan na te viruschije:
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 15:18:26, on 6.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\-Mario-\Desktop\t3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Mario-\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
NoLop log:
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\-Mario-\Desktop
[6.6.2007]
[15:19:06]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
C:\Documents and Settings\-mario-\Application Data\Acd Systems
C:\Documents and Settings\-mario-\Application Data\Adobe
C:\Documents and Settings\-mario-\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Ahead
C:\Documents and Settings\-mario-\Application Data\Apple Computer
C:\Documents and Settings\-mario-\Application Data\Autopoweron
C:\Documents and Settings\-mario-\Application Data\Farstone
C:\Documents and Settings\-mario-\Application Data\Google
C:\Documents and Settings\-mario-\Application Data\Identities
C:\Documents and Settings\-mario-\Application Data\Imvu
C:\Documents and Settings\-mario-\Application Data\Lavasoft
C:\Documents and Settings\-mario-\Application Data\Limewire
C:\Documents and Settings\-mario-\Application Data\Locktime
C:\Documents and Settings\-mario-\Application Data\Macromedia
C:\Documents and Settings\-mario-\Application Data\Mailfrontier
C:\Documents and Settings\-mario-\Application Data\Metacafe
C:\Documents and Settings\-mario-\Application Data\Microsoft
C:\Documents and Settings\-mario-\Application Data\Mozilla
C:\Documents and Settings\-mario-\Application Data\Opera
C:\Documents and Settings\-mario-\Application Data\Orbit
C:\Documents and Settings\-mario-\Application Data\Pop Peeper
C:\Documents and Settings\-mario-\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Real
C:\Documents and Settings\-mario-\Application Data\Skype
C:\Documents and Settings\-mario-\Application Data\Sony
C:\Documents and Settings\-mario-\Application Data\Trojanhunter
C:\Documents and Settings\-mario-\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Acd Systems
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Metacafe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Maki\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Acd Systems
C:\Documents and Settings\Nevenka\Application Data\Adobe
C:\Documents and Settings\Nevenka\Application Data\Divx
C:\Documents and Settings\Nevenka\Application Data\Google
C:\Documents and Settings\Nevenka\Application Data\Identities
C:\Documents and Settings\Nevenka\Application Data\Locktime
C:\Documents and Settings\Nevenka\Application Data\Mailfrontier
C:\Documents and Settings\Nevenka\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Mozilla
C:\Documents and Settings\Nevenka\Application Data\Opera
C:\Documents and Settings\Nevenka\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Real
C:\Documents and Settings\Nevenka\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Sony
C:\Documents and Settings\Nevenka\Application Data\Sun
|
|
|
|
Poslao: 06 Jun 2007 15:52
|
offline
- DEMIAN
- Legendarni građanin
- Pridružio: 25 Mar 2005
- Poruke: 3706
- Gde živiš: The darkest place on earth..
|
Ajde samo pogledaj sta je ovo tacno:
C:\Documents and Settings\-mario-\Application Data\Autopoweron
Moze biti software za brzi Shutdown/Power racunara ili povezano sa PCTV karticom.
Ostalo je ok.
|
|
|
|