trojanac pomoc

trojanac pomoc

offline
  • Pridružio: 12 Feb 2008
  • Poruke: 3

kako da izbrisem trojanca

procitala sam negde za combo fix i evo sta je izbacio ali ne znam sta dalje!

ComboFix 08-02-12.1 - bgb1 2008-02-12 13:54:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT 1:00]
Running from: C:\Documents and Settings\bgb1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\corpo.dll
C:\WINDOWS\system32\drivers\oyjqmxog.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WQVVSIYJ
-------\wqvvsiyj


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 10:40 . 2008-02-12 10:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-12 10:40 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 10:40 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 10:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 10:40 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 10:40 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 10:40 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 10:40 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 10:40 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-11 10:18 . 2008-02-11 10:22 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-02-11 09:50 . 2008-02-11 09:50 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-11 09:45 . 2008-02-11 10:06 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-11 09:45 . 2008-02-12 11:51 <DIR> d-------- C:\Documents and Settings\bgb1\Application Data\Spyware Terminator
2008-02-11 09:45 . 2008-02-11 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-11 09:44 . 2008-02-11 09:44 <DIR> d-------- C:\Program Files\Crawler
2008-02-08 14:48 . 2008-02-08 14:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-08 14:47 . 2008-02-11 13:23 2,935 --a------ C:\WINDOWS\mozver.dat
2008-02-06 10:31 . 2008-02-07 08:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-30 15:49 . 2008-01-30 15:49 125 --a------ C:\ioSpecial.ini
2008-01-30 15:45 . 2008-01-30 15:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 15:37 . 2008-01-30 15:37 <DIR> d-------- C:\Program Files\bfgclient
2008-01-30 15:37 . 2008-01-30 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-01-25 10:25 . 2008-01-25 10:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-25 10:25 . 2008-02-11 09:10 <DIR> d-------- C:\Documents and Settings\bgb1\Application Data\AVG7
2008-01-25 10:25 . 2008-02-11 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 10:25 . 2008-02-11 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 11:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-11 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 09:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-18 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-18 15:24 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-15 07:16 40,960 ----a-w C:\Program Files\UpdateSifrantBank.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-09-15 14:33 192555]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:39 68856]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-10 08:07 77824]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-11 09:48 2778112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-10 08:07 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-11 09:50]
R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 12:51]
S3 Cryelercmprd;Cryelercmprd;C:\WINDOWS\system32\drivers\sffp_sd.sys [2004-08-03 23:59]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-12 14:08:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-02-12 14:11:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 13:11:41

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Pozdrav,molim te da ispratis uputstva iz ove teme:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 12 Feb 2008
  • Poruke: 3

Logfile of HijackThis v1.99.1
Scan saved at 15:23:23, on 12.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PoslovanjePDV\Programi\Komercijalno poslovanje\Komercijalno.exe
C:\Documents and Settings\bgb1\Desktop\111\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....9108271968
O17 - HKLM\System\CCS\Services\Tcpip\..\{61EE2FEF-F054-4663-8739-B92E67DF10FF}: NameServer = 194.247.192.1,194.247.192.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


Avast mi je nasao Win32:BHO-KD [Trj] na C:\WINDOWS\system32\corpo.dll[UPX]

pomoc kako da ga izbrisem! Crying or Very sad

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

posto si prvo izbacila combo-fix log pa onda hj log nisam siguran jel ti je taj Win32:BHO-KD [Trj] avast izbacio pre pokretanja combo-fixa ili posle?

offline
  • Pridružio: 12 Feb 2008
  • Poruke: 3

pre pokretanja combo-fixa, jer sam pokusavala da nadjem resenje na nekim stranim sajtovima pa sam procitala za combo fix ali nisam znala sta dalje jer nije bilo slucaja sa virusom u bas tom fajlu sto sam navela a posto sam laik pretpostavljam da to ima neke veze.

Dopuna: 12 Feb 2008 18:06

da li smem opet da pokrenem combo fix ako ce to pomoci? mada bih to morala sutra posto nisam sada pri tom kompjuteru(zarazenom).

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

Ko je trenutno na forumu
 

Ukupno su 834 korisnika na forumu :: 50 registrovanih, 6 sakrivenih i 778 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., aleksmajstor, Andrija357, Apok, babaroga, Bane san, Ben Roj, Bobrock1, BRATORIII, CikaKURE, Dannyboy, Denaya, Dimitrise93, Dvojac005, FileFinder, FOX, Georgius, HogarStrashni, hologram, ILGromovnik, ivica976, Joja, Kubovac, kybonacci, laurusri, Luka Blažević, M1los, Mihajlo, milanovic, milenko crazy north, Miškić, Mlav, moldway, Motocar, rodoljub, ruma, sap, Sirius, slonic_tonic, Srle993, theNedjeljko, trajkoni018, Trpe Grozni, vathra, VJ, Vlada78, VP6919, zbazin, zillbg