Vec par dana pojavljuje mi se neki trojanac

2

Vec par dana pojavljuje mi se neki trojanac

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

Sada radi mnogo bolje

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Uklonimo koriscene alate:


Arrow

Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije zavrsi.



Arrow
Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

Napisano: 07 Jul 2013 15:46

:arrow: Sve odradjeno !
Arrow Puno hvala Ziveli

Dopuna: 10 Jul 2013 13:42

Pozdrav magna86 !
Posto smo opet nasao trojanca i nemogu da ga uklonim

Prilazem sledece :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2013 at 01:35 PM

Application Version : 5.6.1020

Core Rules Database Version : 10596
Trace Rules Database Version: 8408

Scan type : Complete Scan
Total Scan Time : 00:15:52

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 35331
Registry threats detected : 0
File items scanned : 22639
File threats detected : 14

Adware.Tracking Cookie
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.etargetnet.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.etargetnet.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.etargetnet.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
advertising.copacet.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
advertising.copacet.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.etargetnet.com [ C:\DOCUMENTS AND SETTINGS\MICA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-KillFiles
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01DC6DE8-87C6-4228-A2C6-42BDCFFB0910}\RP44\A0014730.EXE


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by MICA at 13:37:30 on 2013-07-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.228 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://redirect.avira.com/redirect.php?lngprod=en&type=av12upgradefromav10free
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMSnap3] c:\windows\VMSnap3.EXE
mRun: [Domino] c:\windows\Domino.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mica\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373180584593
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{16BF28D3-AF02-49DB-86A1-9A115159ACDF} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs=
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mica\application data\mozilla\firefox\profiles\gv3y8h66.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\documents and settings\mica\local settings\application data\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-02 08:14; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-2 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-2 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-2 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-2 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-2 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-2 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-2 46808]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2013-7-5 335168]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2013-7-5 31520]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2013-7-5 17360]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2013-6-26 428160]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2013-7-5 247968]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-06-26 16:26:49 315392 ----a-w- c:\windows\HideWin.exe
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 13:37:57,40 ===============

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Sve je to Ok. Wink

- Vezano za "Adware.Tracking Cookie" sekciju:

SAS je konstruisan da pregledava i prijavljuje kolacice za koje on smatra da je pretnja. Nista to nije zabrinjavajuce vec ako smem da primetim cak iritantno.

- Vezano za "Trojan.Agent/Gen-KillFiles" sekciju:
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01DC6DE8-87C6-4228-A2C6-42BDCFFB0910}\RP44\A0014730.EXE

Resetuj system restore i ta detekcija ce nestati. Zahvacena je heuristikom i to nije malware.
http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....sta-7.html

Ko je trenutno na forumu
 

Ukupno su 604 korisnika na forumu :: 18 registrovanih, 2 sakrivenih i 584 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Battlehammer, cenejac111, goxin, Insan, laze2, Megapurpletv, miodrag, nuke92, Oluj2.1, Oscar2, pavlo, ruseskij, sakota79, Sale.S, vathra, zodiac94