novi virus

novi virus

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:26, on 04.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Predrag&Cece\Desktop\antivirus\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D9EB09-3E85-42B7-9D5E-F301315876A7}: NameServer = 217.16.69.1 217.16.69.3
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6637 bytes
Verovatno da imam neki virus u kompjuteru trazim pomoc i dalje instrukcije.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Pokreni HijackThis, skeniraj i čekiraj sledeću liniju:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

a zatim klikni Fix checked.

Ostalo je čisto.
Imaš li neke konkretne simptome?

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 5

Moj je klinac zakacio neki virus a zatimsam ja sa Spyware doctori sa ESET smart skenirao i cistio. Pocetni su simptomi bili veoma spor rad racunara i sporo podizanje. Zatim je bilo bolje pa sam mislio dali je ostalo jos nesto. uradio sam ovo sa HijackThis fix pa ostaje da vidim. pozdrav

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Izvršićemo još jednu proveru.

Arrow Spyware Doctor


Kliknite na Spyware Doctor ikonicu u System Tray-u.
Kliknite na Settings.
Pod Pick a Category kliknite na Startup Settings.
Destiklirajte Run at Windows startup.
Kliknite na Apply i ugasite Spyware Doctor desnim klikom na Spyware Doctor ikonicu u System Tray-u i odabirom opcije Exit.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

Arrow Zatim privremeno isključite ESS prema uputstvu sa sledeće slike ->



Nemojte zaboraviti da ponovo uključite ESS kada završimo čišćenje.

Arrow Skinite ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startujte ga i ne dirajte prozor programa dok skenira.
Sledite uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ćete nam ovde iskopirati.

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 5

ovo je izvestaj
ComboFix 08-11-05.02 - Predrag&Cece 2008-11-06 12:10:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.74 [GMT 1:00]
Running from: c:\documents and settings\Predrag&Cece\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-04 22:18 . 2008-11-04 22:18 <DIR> d-------- c:\documents and settings\Predrag&Cece\Application Data\Desktopicon
2008-11-04 22:17 . 2008-11-04 22:18 <DIR> d-------- c:\program files\Unlocker
2008-10-31 19:50 . 2008-10-31 19:50 <DIR> d-------- c:\program files\Acelogix
2008-10-31 14:28 . 2008-10-31 14:28 <DIR> d-------- c:\program files\Yahoo!
2008-10-20 16:35 . 2008-10-20 16:36 <DIR> d-------- c:\documents and settings\Predrag&Cece\Application Data\ViStart
2008-10-10 23:27 . 2008-09-04 21:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-10-10 23:26 . 2008-10-10 23:26 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-10-10 23:20 . 2008-10-10 23:20 <DIR> d-------- c:\program files\Microsoft
2008-10-10 23:12 . 2008-10-10 23:12 <DIR> d-------- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 11:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 22:21 --------- d-----w c:\documents and settings\Predrag&Cece\Application Data\Skype
2008-11-01 19:10 --------- d-----w c:\program files\Spyware Doctor
2008-10-31 18:53 --------- d-----w c:\program files\Cheat Engine
2008-10-31 18:53 --------- d-----w c:\documents and settings\Predrag&Cece\Application Data\zweitgeist
2008-10-16 20:04 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2008-10-16 20:04 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2008-10-16 20:04 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2008-10-10 22:27 --------- d-----w c:\program files\Windows Live
2008-10-03 21:33 --------- d-----w c:\program files\weblin
2008-09-28 14:49 --------- d-----w c:\documents and settings\Predrag&Cece\Application Data\Media Player Classic
2008-09-27 13:51 --------- d-----w c:\documents and settings\Predrag&Cece\Application Data\Samsung
2008-09-27 11:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-09-27 11:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-27 11:30 --------- d-----w c:\program files\Samsung
2008-09-24 18:09 --------- d-----w c:\program files\MSBuild
2008-09-24 17:56 --------- d-----w c:\program files\Reference Assemblies
2008-09-14 10:56 --------- d-----w c:\program files\ScanSoft
2008-09-14 10:55 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStartMenuPinnedList"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"Intellimenus"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [2001-08-03 454815]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-08-30 3584]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Predrag&Cece\Application Data\Mozilla\Firefox\Profiles\zd75k7xv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-06 12:13:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
Completion time: 2008-11-06 12:14:28
ComboFix-quarantined-files.txt 2008-11-06 11:14:21

Pre-Run: 6.505.992.192 bytes free
Post-Run: 6,497,914,880 bytes free

112
Sta dalje ?

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

U logovima nema tragova malware-a...

Postupak za deinstalaciju ComboFix-a ->

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 5

Kada uradim combofix/u dobijam sledeci odgovor:
Windows cannot find 'combofix/u'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.
???

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Moraš da imaš razmak između "combofix" i "/u".

Znači, kucaš -> combofix /u

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 5

OK ja sam pogresio trebalo je da ima prazno mesto posle combofix /u.
Sada je sve OK cao u hvala vam puno najbolji ste.

Ko je trenutno na forumu
 

Ukupno su 984 korisnika na forumu :: 57 registrovanih, 6 sakrivenih i 921 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., ajo baba, Alibaba1981, Ben Roj, black venom, Boskovic, Buda Baba, ccoogg123, Denaya, DH, dragoljub11987, dragon986, dule10savic, esx66, Fog of War, galerija, GoranZemun, goxsys, HrcAk47, ikan, ivica976, ivicasimo, JimmyNapoli, JOntra, kairos, krkalon, Krusarac, ladro, Miki01, milos.cbr, MrNo, nemkea71, novator, Orc from Russia, Parker, Paško, pein, privremeno, royst33, Shinobi, slonic_tonic, Smajser, solic, stegonosa, stemark, synergia, tespis, theNedjeljko, tmanda323, USSVoyager, vathra, vetmedic, Vlad000, Vojvoda86, |_MeD_|, 125