|
Poslao: 08 Okt 2007 23:11
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Vazi,brate!Pozdrav za Bec!Laku noc!Hvala jos jednom!Pozdrav do sutra!
Dopuna: 08 Okt 2007 23:11
Navipromo Removal version 3.2.1 started on 08-10-2007 at 22:53:44,68
Fix running from C:\Programas\navilog1
echo Updated on 03.10.2007 at 20h00 by IL-MAFIOSO
Microsoft Windows XP [VersÆo 5.1.2600]
Internet Explorer : 6.0.2900.2180
echo Automatic removal
*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)
*** Deleting with Backups results GenericNaviSearch ***
* Scan C:\WINDOWS\system32 *
ejnvlrnrz.exe found !
Copy ejnvlrnrz.exe done !
ejnvlrnrz.exe deleted !
C:\WINDOWS\prefetch\ejnvlrnrz*.pf found !
Copy C:\WINDOWS\prefetch\ejnvlrnrz*.pf done !
C:\WINDOWS\prefetch\ejnvlrnrz*.pf deleted !
nwcekninxq.exe found !
Copy nwcekninxq.exe done !
nwcekninxq.exe deleted !
C:\WINDOWS\prefetch\nwcekninxq*.pf found !
Copy C:\WINDOWS\prefetch\nwcekninxq*.pf done !
C:\WINDOWS\prefetch\nwcekninxq*.pf deleted !
qlraouyq.exe found !
Copy qlraouyq.exe done !
qlraouyq.exe deleted !
C:\WINDOWS\prefetch\qlraouyq*.pf found !
Copy C:\WINDOWS\prefetch\qlraouyq*.pf done !
C:\WINDOWS\prefetch\qlraouyq*.pf deleted !
swyaiw.exe found !
Copy swyaiw.exe done !
swyaiw.exe deleted !
C:\WINDOWS\prefetch\swyaiw*.pf found !
Copy C:\WINDOWS\prefetch\swyaiw*.pf done !
C:\WINDOWS\prefetch\swyaiw*.pf deleted !
tnwtqtn.exe found !
Copy tnwtqtn.exe done !
tnwtqtn.exe deleted !
C:\WINDOWS\prefetch\tnwtqtn*.pf found !
Copy C:\WINDOWS\prefetch\tnwtqtn*.pf done !
C:\WINDOWS\prefetch\tnwtqtn*.pf deleted !
uizauyfch.exe found !
Copy uizauyfch.exe done !
uizauyfch.exe deleted !
C:\WINDOWS\prefetch\uizauyfch*.pf found !
Copy C:\WINDOWS\prefetch\uizauyfch*.pf done !
C:\WINDOWS\prefetch\uizauyfch*.pf deleted !
wqaeqb.exe found !
Copy wqaeqb.exe done !
wqaeqb.exe deleted !
C:\WINDOWS\prefetch\wqaeqb*.pf found !
Copy C:\WINDOWS\prefetch\wqaeqb*.pf done !
C:\WINDOWS\prefetch\wqaeqb*.pf deleted !
xobxke.exe found !
Copy xobxke.exe done !
xobxke.exe deleted !
C:\WINDOWS\prefetch\xobxke*.pf found !
Copy C:\WINDOWS\prefetch\xobxke*.pf done !
C:\WINDOWS\prefetch\xobxke*.pf deleted !
* Scan C:\DOCUME~1\MANE *
*** Deleting folders in C:\WINDOWS ***
*** Deleting folders in C:\Programas ***
*** Deleting folders in C:\Documents and Settings\All Users\Application Data ***
*** Deleting folders in C:\Documents and Settings\Mane
*** Deleting folders in C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1 ***
*** Deleting files ***
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-148A96D1.pf deleted !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-1F092850.pf deleted !
*** Deleting temporary files ***
Cleanning C:\WINDOWS\Temp done !
*** Complementary Search ***
(Search specifics files)
1)Search known files:
2)Searching and deleting Heuristics :
*** Copy registry to Backupnavi folder ***
Backing up registry done !
*** Clean registry ***
Error on cleaning registry
Registry is not cleaned !
*** Certificates ***
Certificate Egroup not found !
*** Cleaning stage complete 08-10-2007 at 23:06:05,31 ***
|
|
|
|
|
|
|
Poslao: 09 Okt 2007 20:28
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Izvini sto si cekao na moj odgovor.
Ovo zadnje ciscenje je trebalo da otkloni i zadnje ostatke infekcije.
Daj svez HijackThis log da se uverim da je sve OK (a trebalo bi da jeste).
Dopuna: 09 Okt 2007 20:28
btw. imas pozdrav iz Kaspersky Laba, svi ovi fajlovi koje smo poslali su identifikovani kao nov malware iz familije Trojan.Win32.Inject.
Ostale laboratorije nisu jos uvek odgovorile na mail.
|
|
|
|
|
|
|
Poslao: 09 Okt 2007 22:14
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Logfile of HijackThis v1.99.1
Scan saved at 22:12:41, on 09-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Toshiba\Toshiba Applet\thotkey.exe
C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
C:\Programas\TOSHIBA\PadTouch\PadExe.exe
C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Comodo\Firewall\CPF.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\Free Desktop Clock\DesktopClock.exe
C:\Programas\WLAN\GConfig\GConfig.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programas\Comodo\Firewall\cmdagent.exe
C:\Programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mane&Mika\Os meus documentos\Bitno za otklanjanje virusa,spyware\tr3.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Programas\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programas\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Programas\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SkinClock] C:\Programas\Free Desktop Clock\DesktopClock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GConfig.lnk = C:\Programas\WLAN\GConfig\GConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - bitdefender.es/scan_es/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programas\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
|
|
|
|
|
|
|
Poslao: 09 Okt 2007 22:20
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Meni ovo izgleda OK. Kako se tebi cini? Jel sve OK sada?
|
|
|
|
|
|
|
Poslao: 09 Okt 2007 22:47
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Nema vise pop-upova!Mislim da smo odradili posao:)!
Hvala jos jednom!
Dopuna: 09 Okt 2007 22:47
Trebao bih jedan savet po pitanju odrzavanja kompjutera!Ako te je groznica malo popustila-da mi napises sta da koristim od programa za odrzavanje tj.da mi masina bolje radi posto je dosta stara-3 god.(Toshiba notebook).Izvini ako sam ti pomalo naporan!
|
|
|
|
|
|
|
Poslao: 09 Okt 2007 22:50
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Probaj CCleaner (CrapCleaner). Imas par tema o njemu na forumu, i imas i download link u Windows/Download sekciji.
Mogao bi eventualno da uradis i defragmentaciju diska.
Desno dugme na particiju u MyComputer-u, pa onda Tools i tu imas program za defragmenntaciju.
Pretpostavljam da se kod tebe to drugacije zove, posto nemas engleski Windows, ali tu ne mogu puno da ti pomognem posto nikada nisam video Windows na Spanskom.
|
|
|
|
|
|
|
Poslao: 09 Okt 2007 23:08
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Vec imam CCleaner i redovno defragmentujem sve to zahvaljujuci MyCity forumu  !A Windows je na portugalskom:)!
Toliko od mene!Hvala najlepse!
|
|
|
|
|
|
