pomoc oko hijackthis programa i brontok virusa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 06 Sep 2011 23:28

kada pokrenem avz i iskopiram text i kliknem run komp mi se restartuje sam,dali to treba tako

Dopuna: 06 Sep 2011 23:44

[Link mogu videti samo ulogovani korisnici]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Marijana at 23:39:39 on 2011-09-06
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1503.790 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Windows7\RunMe\RunMe.exe
C:\Program Files\Windows7\Vienna Explorer\Vienna Explorer.exe
C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows7\Analog Clock\AnalogClock.exe
C:\Program Files\Windows7\TopDesk\topdesk.exe
C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AnalogClock] c:\program files\windows7\analog clock\AnalogClock.exe
uRun: [TopDesk] c:\program files\windows7\topdesk\topdesk.exe
uRun: [TransBar] c:\program files\windows7\transbar\TransBar.exe /s
uRun: [UberIcon] "c:\program files\windows7\ubericon\UberIcon Manager.exe"
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KRun] c:\program files\windows7\runme\RunMe.exe
mRun: [Viena Explorer] "c:\program files\windows7\vienna explorer\Vienna Explorer.exe"
mRun: [Visual Task Tips] "c:\program files\windows7\visualtasktips\VisualTaskTips.exe"
mRun: [Pie Dock] "c:\program files\windows7\windows 7 pie dock\Windows 7 Pie Dock.exe"
mRun: [UFD Monitor] c:\program files\twinmos\mobile disk v3.0\MobMon.exe
mRun: [UFD Utility] c:\program files\twinmos\mobile disk v3.0\UsbTD.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SiSRaid] c:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\marijana\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\marijana\startm~1\programs\startup\window~1.lnk - c:\program files\windows7\windows 7 pie dock\Windows 7 Pie Dock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: Interfaces\{7A4B324F-C76D-4F5A-91DE-10C3BFC9F66C} : DhcpNameServer = 10.5.50.1 109.233.184.2 109.233.184.3
TCP: Interfaces\{ACF57E3F-5126-4C37-94FA-766983AEE1DB} : NameServer = 109.233.184.2 109.233.184.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\marijana\application data\mozilla\firefox\profiles\7oxm0kz5.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - MB2 Customized Web Search
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\marijana\application data\mozilla\firefox\profiles\7oxm0kz5.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll
FF - plugin: c:\documents and settings\marijana\application data\mozilla\firefox\profiles\7oxm0kz5.default\extensions\maps@ovi.com\plugins\npNMapNPRresources.dll
FF - plugin: c:\documents and settings\marijana\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2010-10-27 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2010-10-27 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-3 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-3 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-3 42184]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
S2 alzoxgryh;Server Config;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-26 136176]
S2 OxSer;PCI Serial Driver;c:\windows\system32\drivers\OxSer.sys [2010-10-27 54584]
.
=============== Created Last 30 ================
.
2011-09-06 21:33:00 -------- d-----w- c:\documents and settings\marijana\avz4
2011-09-06 21:10:24 13312 ----a-w- c:\windows\system32\drivers\vdi5otkz.sys
2011-09-05 20:20:50 -------- d-sh--w- c:\documents and settings\marijana\IETldCache
2011-09-05 19:57:57 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-09-05 19:57:29 -------- d-----w- c:\windows\ie8updates
2011-09-05 19:57:12 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-05 19:57:12 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-05 19:57:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-09-05 19:57:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-05 19:57:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-05 19:57:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-09-05 19:57:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-09-05 19:55:33 -------- dc-h--w- c:\windows\ie8
2011-09-05 19:55:33 -------- d-----w- c:\windows\system32\sr-Latn-CS
2011-09-05 13:03:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-05 13:03:08 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-09-05 12:58:39 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-05 12:56:51 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-09-05 10:49:38 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-09-05 10:49:36 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-09-05 10:49:33 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-09-05 10:49:29 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-09-05 10:43:39 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-09-05 10:41:48 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-09-05 10:32:16 293376 ------w- c:\windows\system32\browserchoice.exe
2011-09-05 10:22:59 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-09-05 08:52:33 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-09-05 08:50:58 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-09-05 08:46:36 -------- d-----w- c:\windows\system32\PreInstall
2011-09-04 18:23:14 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-09-04 18:01:45 -------- d-----w- C:\ComboFix
2011-09-04 11:44:41 98816 ----a-w- c:\windows\sed.exe
2011-09-04 11:44:41 518144 ----a-w- c:\windows\SWREG.exe
2011-09-04 11:44:41 256000 ----a-w- c:\windows\PEV.exe
2011-09-04 11:44:41 208896 ----a-w- c:\windows\MBR.exe
2011-09-03 22:02:17 388096 ----a-r- c:\documents and settings\marijana\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-03 22:02:16 -------- d-----w- C:\Trend Micro
2011-09-03 21:37:29 -------- d-----w- c:\windows\pss
2011-09-03 21:22:32 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-03 19:58:56 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-03 19:58:44 40112 ----a-w- c:\windows\avastSS.scr
2011-09-03 19:58:31 -------- d-----w- c:\program files\AVAST Software
2011-09-03 16:25:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-03 02:09:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-19 20:28:19 -------- d-----w- c:\documents and settings\marijana\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-08-19 20:28:12 -------- d-----w- c:\program files\Adobe Download Assistant
2011-08-19 20:23:34 -------- d-----w- c:\documents and settings\marijana\local settings\application data\Adobe
2011-08-19 16:29:25 -------- d-----w- c:\documents and settings\marijana\.thumbnails
2011-08-19 16:27:53 -------- d-----w- c:\documents and settings\marijana\.gimp-2.6
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 23:40:52.23 ===============


[Link mogu videti samo ulogovani korisnici]
URADILA SAM TRAZENO SAMO NAPOMINJEM DA MI SE RESTARTOVAO KADA SAM POKRENULA PRVI PUT AVZ MOZDA JE TO BITNO

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi ispratila korak #2 do kraja. Potreban mi je fajl virusinfo_syscheck.zip koji se nalazi u folderu avz\log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

]Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

NIx Car (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kada pokrenem COMBOFIX i u safe modu mi se desi sledece: prilikom skeniranja izbaci mi zadnje COMPLETED STAGE 50 SISTEM FILE IS INFECTED!! ATEMPTING TO RESTORE ,,C:\WINDOWS\system 32\midimap.dll " potom mi izbaci A READLY AVAILABLE REPLACMENT WAS NOT FOUND......i posle toga se pojavi PREPARING LOG REPORT i tako radi duze vreme i nece da izbaci izvestaj

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradi sledece:
Pritisni dugme i R.
U polje za unos teksta ukucaj sledece:
C:\ComboFix.txt
i pritisni enter. Ukoliko dobijes neki Log kopiraj ga ovde na forum.

NIx Car (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradila sam to i nemoze da pronadje pise Windows nemoze da pronadje C:\ComboFix.txt. provreite dali ste pravilno uneli ime a zatim pokusajte ponovo.da bi ste pretrazili kliknite na dugme start a zatim pretrazi. probala sam i tako i nemoze da nadje!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi program OTL sa donjeg linka na Desktop:

download link



Dvoklikom pokreni OTL;
klikni Run Scan;
po zavrsetku skeniranja, izvestaj (koji ce biti automatski sacuvan na Desktop-u kao OTL.Txt) ce se otvoriti u Notepad-u.

Prilozi izvestaj OTL.txt uz poruku koriscenjem opcije Prikaci fajl.