|
Poslao: 21 Nov 2008 12:51
|
offline
- Pridružio: 01 Mar 2008
- Poruke: 245
|
Sad je još gore, od kako sam aktivirao combofix svaki put kod uključenja moram da brišem u task menadžeru svchost.exe i onda dobijem ikonice i start meni a isključivanje kompa traje toliko dugo da moram da ga isključujem ma dugme. Msn mi se sam pali i gasi iako nije bio podešen da se stratuje sa windowsom. Mislim da je problem nastao što sam pustio combofix sa otvorenim stopzilla programom... većina programa se ne odaziva ...
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 15:21
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Uradi sledece :
Otvori System Restore(Start >All programs>Accessories>System Tools)
Kada otvoris izaberi Restore my Computer to an earlier time.
I izaberi neki datum pre pokretanja Combofixa.. npr, 18 novembar.
Kada to uradis javi kakvo je stanje i postavi svez Hijackthis log.
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 18:35
|
offline
- Pridružio: 01 Mar 2008
- Poruke: 245
|
To sam već probao da uradim ali to je još jedna od opcija koje mi se ne odazivaju, dakle nemam mogućnost na uobičajen način da uradim sistem restore osim ako postoji neki drugi...
Dopuna: 21 Nov 2008 18:01
takođe se ne odaziva ni sistem u control panel...
Dopuna: 21 Nov 2008 18:35
Da ipak ja uradim novu instalaciju Windowsa, ovo predugo traje...?
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 18:48
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Aj pokusaj jo ovo :
1. Udji u Safe mode
I prilikom bootovanja u safe mode pojavice ti se poruka dali zelis da nastavis rad u Safe Modu ili da koristis System Restore...
Odaberi ovo drugo ...
Ako ne mozes da se snadjes probaj iz Safe Moda da pokrenes system restore i da vratis sistem... Znaci postupak je isti kao u Normal Modu...
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 19:39
|
offline
- Pridružio: 01 Mar 2008
- Poruke: 245
|
Evo ovako , uradio sam reccomand windowsa i sad funkcioniše sve uglavnom osim što mi avast prijavljuje da je pronašao RPC grešku... sad iimam pristup svim opcijama....
Dopuna: 21 Nov 2008 19:39
a da i deinstalirao sa stopzillu
|
|
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 19:59
|
offline
- Pridružio: 01 Mar 2008
- Poruke: 245
|
[Link mogu videti samo ulogovani korisnici]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:49, on 21.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BtAssSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\VooDoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\VooDoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\VooDoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\VooDoo\Desktop\myc\TR3.exe..exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Pomagalo za veze za Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Assistant (BluetoothAssistant) - Unknown owner - C:\WINDOWS\system32\BtAssSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 5692 bytes
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 20:12
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
1.
Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder
Dvoklikom pokreni avenger.exe
Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:
Files to delete:
c:\windows\system32\BtAssSvc.exe
Drivers to delete:
BluetoothAssistant
Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti
Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja
Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.
2.
Moguce da je Avast ostecen...Pogledaj sledeci link za moguca resenja :
[Link mogu videti samo ulogovani korisnici]
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 20:23
|
offline
- Pridružio: 01 Mar 2008
- Poruke: 245
|
Logfile of The Avenger Version 2.0, (c) by Swandog46
[Link mogu videti samo ulogovani korisnici]
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\BtAssSvc.exe" deleted successfully.
Driver "BluetoothAssistant" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Dopuna: 21 Nov 2008 20:23
posle restarta proradio i avast
|
|
|
|
|
|
|
Poslao: 21 Nov 2008 20:33
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Odlicno...
Zamolio bih te jos nesto da uradis:
Uploaduj nam backup folder koji se nalazi na sledecoj lokaciji:
C:\Avenger
Preko sledece forme za upload :
[Link mogu videti samo ulogovani korisnici]
|
|
|
|
|
|
