StrasnoUsporenWin...

2

StrasnoUsporenWin...

offline
  • Pridružio: 27 Nov 2006
  • Poruke: 129
  • Gde živiš: Zrenjanin

no lop log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\-Mario-\Desktop
[4.6.2007]
[22:36:41]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AD90E59692D39D6A.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\-mario-\Application Data\Acd Systems
C:\Documents and Settings\-mario-\Application Data\Acid 64 Live
C:\Documents and Settings\-mario-\Application Data\Adobe
C:\Documents and Settings\-mario-\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Ahead
C:\Documents and Settings\-mario-\Application Data\Apple Computer
C:\Documents and Settings\-mario-\Application Data\Autopoweron
C:\Documents and Settings\-mario-\Application Data\Farstone
C:\Documents and Settings\-mario-\Application Data\Google
C:\Documents and Settings\-mario-\Application Data\Identities
C:\Documents and Settings\-mario-\Application Data\Imvu
C:\Documents and Settings\-mario-\Application Data\Lavasoft
C:\Documents and Settings\-mario-\Application Data\Limewire
C:\Documents and Settings\-mario-\Application Data\Locktime
C:\Documents and Settings\-mario-\Application Data\Macromedia
C:\Documents and Settings\-mario-\Application Data\Mailfrontier
C:\Documents and Settings\-mario-\Application Data\Metacafe
C:\Documents and Settings\-mario-\Application Data\Microsoft
C:\Documents and Settings\-mario-\Application Data\Mozilla
C:\Documents and Settings\-mario-\Application Data\Opera
C:\Documents and Settings\-mario-\Application Data\Orbit
C:\Documents and Settings\-mario-\Application Data\Pop Peeper
C:\Documents and Settings\-mario-\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Real
C:\Documents and Settings\-mario-\Application Data\Skype
C:\Documents and Settings\-mario-\Application Data\Sony
C:\Documents and Settings\-mario-\Application Data\Trojanhunter
C:\Documents and Settings\-mario-\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Acd Systems
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Metacafe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Maki\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Acd Systems
C:\Documents and Settings\Nevenka\Application Data\Adobe
C:\Documents and Settings\Nevenka\Application Data\Divx
C:\Documents and Settings\Nevenka\Application Data\Google
C:\Documents and Settings\Nevenka\Application Data\Identities
C:\Documents and Settings\Nevenka\Application Data\Locktime
C:\Documents and Settings\Nevenka\Application Data\Mailfrontier
C:\Documents and Settings\Nevenka\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Mozilla
C:\Documents and Settings\Nevenka\Application Data\Opera
C:\Documents and Settings\Nevenka\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Real
C:\Documents and Settings\Nevenka\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Sony
C:\Documents and Settings\Nevenka\Application Data\Sun

novi hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 22:43:53, on 4.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\-Mario-\Desktop\t3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Mario-\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Sacuvaj [url=https://www.mycity.rs/must-login.png fajl[/url] na desktop-u i pokreni ga. Iskopiraces mi sadrzaj fajla po imenu folder_list.txt u sledeci post.

Zatim pokreni HijackThis pronadji ovu liniju ispod i kada je budes stiklirao klikni na "Fix checked".
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

Restartuj racunar. Postavi mi ono prvo sto sam trazio od tebe i svez HijackThis log.

offline
  • Pridružio: 27 Nov 2006
  • Poruke: 129
  • Gde živiš: Zrenjanin

Jos jedna stvar na c particiji mi je ostalo nolopbackups i u njemu je fajl pod exstenzijom "infected file",da li da obrisem to...??

folder list:

Volume in drive C has no label.
Volume Serial Number is 48CF-A55B

Directory of C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb

03.06.2007 13:10 <DIR> .
03.06.2007 13:10 <DIR> ..
03.06.2007 13:10 554.496 GreyLies.exe
1 File(s) 554.496 bytes
2 Dir(s) 1.316.614.144 bytes free

novi log:

Logfile of HijackThis v1.99.1
Scan saved at 0:03:45, on 5.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\-Mario-\Desktop\t3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Mario-\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Taj bekap brisi slobodno a kompletan folder "C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb" salji na upload.

Log izgleda cisto ali ovaj folder i njegov sadrzaj mi je bas sumnjiv. Daj to da proverim. Zipuj/raruj i salji preko onog linka za upload.

offline
  • Pridružio: 27 Nov 2006
  • Poruke: 129
  • Gde živiš: Zrenjanin

Evo uploadovao sam ti taj folder...Pa,ocigledno i jeste cist kada mi vise ne zapucava do sada bi vec provereno zapucao i vec bih ga min 5x restartovao...Ja odoh na spavanje a ti proveri taj folder...Navraticu sutra da vidim sta je...I,hvala ti..pozz Smile

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Svi fajlovi koje si upload-ovao su ti maliciozni. Posle ciscenja programom No Lop potrebno je da ih obrises zajedno sa folderima u kojima se nalaze jer ako to ne uradis postoji verovatnoca da ti se infekcija povrati.

Znaci brises kompletno:
C:\Documents and Settings\-mario-\Application Data\Acid 64 Live
C:\Documents and Settings\All Users\Application Data\Funk Bat Data Nurb


Takodje bih ti predlozio da preskeniras racunar online preko ovog linka:
http://www.bitdefender.com/scan8/ie.html

Za to ti treba Internet Explorer sa ukljucenim Active X kontrolama.

Dopuna: 05 Jun 2007 0:36

Pisali smo u isto vreme.

offline
  • Pridružio: 27 Nov 2006
  • Poruke: 129
  • Gde živiš: Zrenjanin

Pa,valjda se nece vratiti...A,ne kontam ni sta je konkretno bilo u pitanju??
Foldere sam obrisao...A,komp sam preskenirao preko tog bit defender online scannera...Ali,prvi put kada sam ga skenirao nasao je oko 10 Trojanaca(Clicker,Obfus-ili tako nesto,i jedan Vb.AMD),ali je nestala struja...a sada kada sam ga skenirao nasao je samo onaj Trojan.VB.AMD,u jednom zapakovanom fajlu gde sam skidao acd9 ali ga je obrisao...a to je dobro...jel on sigurno poklao one prethodne,pisalo je da jeste(a pri drugom skenu niju nasao)...Uglavnom mashina lepo radi...Nema "abnormalnog usporavanja",a to je super...zahvaljujem se na trudu...pozz Smile

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ovo prvo je bilo neka od varijanti zlob/swizzor trojana. Trojan downloader u svakom slucaju bas kao i taj Trojan.Win32.VB.amd drugi koji ti je detektovan u toj arhivi. Zbog toga sam ti rekao da postoji mogucnost da ti se infekcija povrati ako ne obrises one foldere posle No Lop-a.

Mozda ti AV detektuje prisustvo malware-a u "System Volume Information"-u (windows bekap gde se skladiste informacije koje koristi System Restore) ali tu malware nije aktivan i opasan po sistem sem ako ga ne vratis kada vracas sistem na neko ranije vreme.
Taj eventualni problem mozes to da sredis tako sto ces ih ili obrisati AV-om ili tako sto ces iskljuciti System Restore i restartovati racunar. Kada podignes windows ukljucis tu opciju i snimis novu tacku.

Sto se brisanja ovih detektovanih malware-a uz pomoc BitDefender scan-a tice - prema onome sto citam pretpostavljam da ih je obrisao. Ipak nisam za tvojim kompom da bih to mogao da garantujem Smile

Sto se mene tice slobodno mozes da pustis jos jedan No Lop log da pogledam ima li nekog sumnjivog foldera. Video si sta smo radili. Mozes i ti da pogledas to isto. Ako ima neceg sto ti je nepoznato medju njima postuj slobodno. Moze i HJT log.

offline
  • Pridružio: 27 Nov 2006
  • Poruke: 129
  • Gde živiš: Zrenjanin

Evo cisto predstroznosti radi...Posto sam stvarno mrzovoljan na te viruschije:

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 15:18:26, on 6.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\-Mario-\Desktop\t3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [UIWatcher] C:\PROGRA~1\Ashampoo\ASHAMP~1\UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Mario-\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C82CBA0-3E06-41CC-96FF-5EA9E2B1A78F}: NameServer = 195.252.109.4 194.106.163.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

NoLop log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\-Mario-\Desktop
[6.6.2007]
[15:19:06]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\-mario-\Application Data\Acd Systems
C:\Documents and Settings\-mario-\Application Data\Adobe
C:\Documents and Settings\-mario-\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Ahead
C:\Documents and Settings\-mario-\Application Data\Apple Computer
C:\Documents and Settings\-mario-\Application Data\Autopoweron
C:\Documents and Settings\-mario-\Application Data\Farstone
C:\Documents and Settings\-mario-\Application Data\Google
C:\Documents and Settings\-mario-\Application Data\Identities
C:\Documents and Settings\-mario-\Application Data\Imvu
C:\Documents and Settings\-mario-\Application Data\Lavasoft
C:\Documents and Settings\-mario-\Application Data\Limewire
C:\Documents and Settings\-mario-\Application Data\Locktime
C:\Documents and Settings\-mario-\Application Data\Macromedia
C:\Documents and Settings\-mario-\Application Data\Mailfrontier
C:\Documents and Settings\-mario-\Application Data\Metacafe
C:\Documents and Settings\-mario-\Application Data\Microsoft
C:\Documents and Settings\-mario-\Application Data\Mozilla
C:\Documents and Settings\-mario-\Application Data\Opera
C:\Documents and Settings\-mario-\Application Data\Orbit
C:\Documents and Settings\-mario-\Application Data\Pop Peeper
C:\Documents and Settings\-mario-\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\-mario-\Application Data\Real
C:\Documents and Settings\-mario-\Application Data\Skype
C:\Documents and Settings\-mario-\Application Data\Sony
C:\Documents and Settings\-mario-\Application Data\Trojanhunter
C:\Documents and Settings\-mario-\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Acd Systems
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Metacafe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Maki\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Acd Systems
C:\Documents and Settings\Nevenka\Application Data\Adobe
C:\Documents and Settings\Nevenka\Application Data\Divx
C:\Documents and Settings\Nevenka\Application Data\Google
C:\Documents and Settings\Nevenka\Application Data\Identities
C:\Documents and Settings\Nevenka\Application Data\Locktime
C:\Documents and Settings\Nevenka\Application Data\Mailfrontier
C:\Documents and Settings\Nevenka\Application Data\Microsoft
C:\Documents and Settings\Nevenka\Application Data\Mozilla
C:\Documents and Settings\Nevenka\Application Data\Opera
C:\Documents and Settings\Nevenka\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Real
C:\Documents and Settings\Nevenka\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\Nevenka\Application Data\Sony
C:\Documents and Settings\Nevenka\Application Data\Sun

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ajde samo pogledaj sta je ovo tacno:
C:\Documents and Settings\-mario-\Application Data\Autopoweron

Moze biti software za brzi Shutdown/Power racunara ili povezano sa PCTV karticom.

Ostalo je ok.

Ko je trenutno na forumu
 

Ukupno su 994 korisnika na forumu :: 75 registrovanih, 11 sakrivenih i 908 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, aljosa7, Apok, aramis s, arzak, Bobrock1, Boris BM, BraneS, BSD, Bubili, Bubimir, bufanje, cavatina, Chainsaw, chichabg, davison20, DeerHunter, Dejan84, Drazenbg, dule10savic, famoso, FOX, HDMI, Ilija Cvorovic, indja, ivan1973, Jovan Nenad, kalens021, Kanader, Kibice, krkalon, liman, ljuba, lord sir giga, Lucije Kvint, Mahovljani, Maschinekalibar, maskirovka, menges, Milan A. Nikolic, milan op1978, Mimikrija, mr.mudri, mushroom, nobutado, novator, nuke92, opt1, Oscar2, pceklic, pera12345, proleter373, pvoman, radoznao, raptorsi, Ray1973, RobinHood12, Rocker, royst33, S2M, Shinobi, Sirius, slonic_tonic, Srpska zauvjek, stegonosa, Stoorbak, TheBeastOfMG, tubular, tvlada, vobo, vukovi, W123, Wisdomseeker, zdrebac, zexoni