Trojan horse Generic 12.XSP
Strana 1 od 3 123 PoslednjaPoslednja
Prikazujem rezultate 1 do 25 od 66

Tema: Trojan horse Generic 12.XSP

  1. #1
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Trojan horse Generic 12.XSP

    ..elem ovo sam negde uhvatila..
    AvG mi je detektovao virus i pise ovako:C:\Windows\system32\drivers\fips 32 cup.sys

    Sta sam uradila..iskljucila sam avg na trenutak i skinula Combofix koji je skenirao i evo sad vam kopiram log:
    ComboFix 09-01-11.02 - Maja 2009-01-12 12:32:43.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.26 [GMT 1:00]
    Running from: c:\documents and settings\Maja\Contacts\Desktop\ComboFix.exe
    AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Maja\Application Data\FunWebProducts
    c:\documents and settings\Maja\Application Data\FunWebProducts\Data\Maja\avatar.dat
    c:\documents and settings\Maja\Application Data\FunWebProducts\Data\Maja\zbucks.dat
    c:\documents and settings\Maja\Favorites\Online Security Test.url
    c:\documents and settings\Maja\Maja.exe
    c:\documents and settings\Maja\My Documents\My Music\My Music.url
    c:\documents and settings\Maja\My Documents\My Videos\My Video.url
    c:\program files\AntiSpywareShield
    c:\program files\AntiSpywareShield\AntiSpywareShield.lic
    c:\program files\AntiSpywareShield\AntiSpywareShield1.ad
    c:\program files\FunWebProducts
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\History\search2
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\windows\system32\834668
    c:\windows\system32\834668\834668.dll
    c:\windows\system32\shell31.dll
    c:\windows\system32\wpv681230262576.cpx
    c:\windows\system32\wpv821230262509.cpx
    c:\windows\wiaserviv.log

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
    .

    2009-01-12 07:34 . 2009-01-12 07:34 22,016 --a------ c:\windows\system32\drivers\nicsk32.sys
    2009-01-11 23:44 . 2009-01-11 23:44 22,016 --a------ c:\windows\system32\drivers\port135sik.sys
    2008-12-25 21:22 . 2008-12-25 21:49 <DIR> d-------- c:\documents and settings\Maja\Application Data\Apple Computer
    2008-12-25 20:48 . 2009-01-12 11:15 <DIR> d-------- c:\program files\eMule
    2008-12-25 18:15 . 2008-12-25 18:15 <DIR> d-------- c:\program files\Bonjour
    2008-12-25 18:13 . 2008-12-25 18:15 <DIR> d-------- c:\program files\QuickTime
    2008-12-25 18:13 . 2008-12-25 21:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-25 18:11 . 2008-12-25 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-01-12 07:00 --------- d-----w c:\documents and settings\Maja\Application Data\AVG7
    2008-12-15 12:18 --------- d-----w c:\program files\Mozilla Thunderbird
    2008-12-06 11:24 --------- d-----w c:\documents and settings\Maja\Application Data\NeroVision
    2008-11-22 21:42 --------- d-----w c:\documents and settings\Maja\Application Data\Skype
    2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
    2008-10-22 09:04 12,297,167 ------w C:\avg7qt.dat
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
    2008-02-05 21:28 37,728 ----a-w c:\documents and settings\Maja\Application Data\GDIPFONTCACHEV1.DAT
    2008-12-19 17:21 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 17:21 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 17:21 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 17:21 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-19 17:21 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 1589248]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
    "Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 266240]
    "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
    "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
    "CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "TPSMain"="TPSMain.exe" [2006-02-08 c:\windows\system32\TPSMain.exe]
    "CFSServ.exe"="CFSServ.exe" [BU]
    "NDSTray.exe"="NDSTray.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-29 113664]
    Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK .EXE [2007-01-09 38976]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\Ati2evxx.exe"=

    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [2006-02-13 225792]
    S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.s ys [2008-03-04 30336]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S4 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi 32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
    S4 fips32cup;fips32cup;\??\c:\windows\system32\driver s\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
    S4 nicsk32;nicsk32;c:\windows\system32\drivers\nicsk3 2.sys [2009-01-12 22016]
    S4 port135sik;port135sik;c:\windows\system32\drivers\ port135sik.sys [2009-01-11 22016]
    S4 ws2_32sik;ws2_32sik;\??\c:\windows\system32\driver s\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Maja - c:\documents and settings\Maja\Maja.exe
    HKCU-Run-toscdspd - TOSCDSPD.EXE


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    uDefault_Search_URL = hxxp://internetsearchservice.com
    mSearch Bar = hxxp://internetsearchservice.com/ie6.html
    mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
    mSearchURL = hxxp://internetsearchservice.com
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: online.bancaintesabeograd.com

    c:\windows\Downloaded Program Files\FSINT.dll - O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A}
    hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll

    c:\windows\Downloaded Program Files\SGCMSCCD.DLL - O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2}
    hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL

    c:\windows\Downloaded Program Files\CONFLICT.1\FSINT.dll - O16 -: {A7C346A3-B076-46B3-97F0-D00F6B479451}
    hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
    FF - ProfilePath - c:\documents and settings\Maja\Application Data\Mozilla\Firefox\Profiles\og7dnlgl.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    ************************************************** ************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-12 12:35:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(548)
    c:\windows\system32\Ati2evxx.dll


    Pre-Run: 28,348,440,576 bytes free
    Post-Run: 28,476,039,168 bytes free



    I sta sad..Ima li mi spasa i viditite li ovde nesto sumnjivo...
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.



  2. #2
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    I od kad sam to uradila ponovo sam ukljucila AVG i sada nemam vise stalno satic,tj ne pokazuje kao da stalno nesto searchuje,,,
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  3. #3
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Izgleda kao da si zakačila Vundo-trojanca ,možda si ga i uklonila sa combofix-om , ali pošto se on relativno dosta teško uklanja moj savet ti je da skineš malwerebytes napraviš sa njim scan i ukloniš ako je nešto zaostalo.
    Zatim skineš HijackThis i napraviš samo scan sa njim i staviš ovde logfile koji ti da na analizu s tim da pre skeniranje preimenuješ hijackthis.exe u recimo blabla.exe .

    A da dodam ne zaboravi i log od Malwerebytes da postaviš.
    Poslednji put ažurirao/la snejks : 12.01.2009. u 13:53

  4. #4
    Aktivan član sasa6 (avatar)
    Učlanjen
    02.07.2007.
    Pol
    muški
    Poruke
    1.685
    Reputaciona moć
    64

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Zato ja koristim Bit Defender, imao sam prilike da se suocim sa njim, BD ga guta.
    Jedan dan sam bio na netu, a istekla mi licenca, pa se umuvalo, kada sam opet aktivirao AV, odma ga je detektovao.

    Preporuka umesto AVG, BD moze da ga rastrgne i virus i AVG.

  5. #5
    Ističe se
    Učlanjen
    21.01.2008.
    Pol
    muški
    Lokacija
    Vranje
    Poruke
    2.998
    Tekstova u blogu
    3
    Reputaciona moć
    0

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio sasa6 Pogledaj poruku
    Zato ja koristim Bit Defender, imao sam prilike da se suocim sa njim, BD ga guta.
    Jedan dan sam bio na netu, a istekla mi licenca, pa se umuvalo, kada sam opet aktivirao AV, odma ga je detektovao.

    Preporuka umesto AVG, BD moze da ga rastrgne i virus i AVG.
    Potpisujem.
    BD brise 99% napasti.

  6. #6
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio snejks Pogledaj poruku
    Izgleda kao da si zakačila Vundo-trojanca ,možda si ga i uklonila sa combofix-om , ali pošto se on relativno dosta teško uklanja moj savet ti je da skineš malwerebytes napraviš sa njim scan i ukloniš ako je nešto zaostalo.
    Zatim skineš HijackThis i napraviš samo scan sa njim i staviš ovde logfile koji ti da na analizu s tim da pre skeniranje preimenuješ hijackthis.exe u recimo blabla.exe .

    A da dodam ne zaboravi i log od Malwerebytes da postaviš.
    Hvala ti puno..evo ga prvo ovaj log...


    Malwarebytes' Anti-Malware 1.32
    Verzija baze podataka: 1648
    Windows 5.1.2600 Service Pack 2

    13.1.2009 13:31:55
    mbam-log-2009-01-13 (13-31-55).txt

    Tip skeniranja: Brzo Skeniranje
    Skeniranih objekata: 51566
    Proteklo vreme: 7 minute(s), 50 second(s)

    Inficirani procesi u memoriji: 0
    Inficirani moduli u memoriji: 0
    Inficirani kljuèevi u registru: 22
    Inficirane vrednosti u registru: 12
    Inficirani podaci u registru: 7
    Inficirane fascikle: 0
    Inficirane datoteke: 3

    Inficirani procesi u memoriji:
    (Maliciozne stavke nisu detektovane)

    Inficirani moduli u memoriji:
    (Maliciozne stavke nisu detektovane)

    Inficirani kljuèevi u registru:
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n icsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\n icsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p ort135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\p ort135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Inficirane vrednosti u registru:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

    Inficirani podaci u registru:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    Inficirane fascikle:
    (Maliciozne stavke nisu detektovane)

    Inficirane datoteke:
    C:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\port135sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\temp\BN1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  7. #7
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:56:10, on 13.1.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK .EXE
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    --
    End of file - 1781 bytes
    ..i drugi sa hijacka...
    Sta mi je sada ciniti?
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  8. #8
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio macka vracarka Pogledaj poruku
    ..i drugi sa hijacka...
    Sta mi je sada ciniti?
    Prvo, nisi promenila naziv HJT-a u nešto drugo, kao i direktorijum u kom Če da ti stoji!!
    Izbegni da se iz bilo čega u putanji može videti da je u pitanju HijackThis ili Trend Micro!!
    Znači, uradi rename hijackthis.exe u blabla.exe, prebaci ga na particiju D: i odatle poteraj.

    Drugo, fali ti drugi deo log fajla!!
    Znači, kad poteraš HJT i on ti izbaci log u Notepadu, desni klik na tekst i prvo izaberi
    Select All pa tek ondaK Copy!!
    I onda postiraj ovDi!!

  9. #9
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Restartuj Računar , pri podizanju sistema stiskaj funkcijski taster F8 , uđi u Safe Mod , napravi još jedan scan sa Malwarebytes-om i obavezno posle njega restartuj računar , rootkitovi se ne uklanjaju tek tako lako , zatim kao što Baba??? kaže log od HijackThis postavi opet ovde taj log radi u Normal modu računara. Naravno opet te molim da sačuvaš Log od malwerebytesa i da ga postuješ ovde.

  10. #10
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio Baba??? Pogledaj poruku
    Prvo, nisi promenila naziv HJT-a u nešto drugo, kao i direktorijum u kom Če da ti stoji!!
    Izbegni da se iz bilo čega u putanji može videti da je u pitanju HijackThis ili Trend Micro!!
    Znači, uradi rename hijackthis.exe u blabla.exe, prebaci ga na particiju D: i odatle poteraj.


    Drugo, fali ti drugi deo log fajla!!
    Znači, kad poteraš HJT i on ti izbaci log u Notepadu, desni klik na tekst i prvo izaberi
    Select All pa tek ondaK Copy!!
    I onda postiraj ovDi!!
    Sve ovo boldovao za mene su spanska sela..ne znam gde to da promenim ...nii da prebacim na particiju D ni ..ni...
    Uradicu ovo iz safe moda
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  11. #11
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Evo ga log iz Safe Moda...
    alwarebytes' Anti-Malware 1.32
    Verzija baze podataka: 1648
    Windows 5.1.2600 Service Pack 2

    13.1.2009 18:21:03
    mbam-log-2009-01-13 (18-21-03).txt

    Tip skeniranja: Brzo Skeniranje
    Skeniranih objekata: 50295
    Proteklo vreme: 16 minute(s), 31 second(s)

    Inficirani procesi u memoriji: 0
    Inficirani moduli u memoriji: 0
    Inficirani kljuèevi u registru: 0
    Inficirane vrednosti u registru: 0
    Inficirani podaci u registru: 0
    Inficirane fascikle: 0
    Inficirane datoteke: 0

    Inficirani procesi u memoriji:
    (Maliciozne stavke nisu detektovane)

    Inficirani moduli u memoriji:
    (Maliciozne stavke nisu detektovane)

    Inficirani kljuèevi u registru:
    (Maliciozne stavke nisu detektovane)

    Inficirane vrednosti u registru:
    (Maliciozne stavke nisu detektovane)

    Inficirani podaci u registru:
    (Maliciozne stavke nisu detektovane)

    Inficirane fascikle:
    (Maliciozne stavke nisu detektovane)

    Inficirane datoteke:
    (Maliciozne stavke nisu detektovane)
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  12. #12
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Malwarebytes , je kao što i sama vidiš čudo od programa .
    Tamo gde ti je izvršna datoteka za Hijjack this ideš na njega desnim tasterom miša i odabiraš "Rename" i kada se zaplavi ti ukucaš blabla.exe. zatim udariš enter. Dupli klik na blabla.exe i Samo Skeniraj komp postuj ovde CEO log koji ti izađe u notepadu , please. pozdrav

  13. #13
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Sve uradila...
    evo ga log...
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:39:38, on 14.1.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK .EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK .EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN .EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK .EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
    O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
    O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6854 bytes
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  14. #14
    Obećava
    Učlanjen
    13.01.2009.
    Pol
    ženski
    Poruke
    83
    Reputaciona moć
    33

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Heur trojan win 32 Sta je to?Ja stvarno ne znam kako da obrisem ako je virus!Ima kako crven iznak uvvicnik.Molim vas da mi pomognete jel sam glupa za te stvari

  15. #15
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio Sisidora-97 Pogledaj poruku
    Heur trojan win 32 Sta je to?Ja stvarno ne znam kako da obrisem ako je virus!Ima kako crven iznak uvvicnik.Molim vas da mi pomognete jel sam glupa za te stvari
    Otvori novi topic skini hijack this program i uradi log kao što je uradila gospođica iznad i postavi ga u taj topic.

  16. #16
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    macka vracarka , opet ćeš pokrenuti hijack this i u onome otvorenom prozoru čekirati kockice ispred sledećih redova:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    i dole klikni na Fix
    i to bi bilo to , ostatak loga je čist , jedino me interesuje šta imaš od Tošibe zakačen na komp
    Nadam se da nemaš više nekih problema sa kompom ili nekih neželjenih efekata

  17. #17
    Obećava
    Učlanjen
    13.01.2009.
    Pol
    ženski
    Poruke
    83
    Reputaciona moć
    33

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio snejks Pogledaj poruku
    Otvori novi topic skini hijack this program i uradi log kao što je uradila gospođica iznad i postavi ga u taj topic.
    Objasni!Molim te objasni mi ja sam glupa za komnpjutere.Imam 5 virusa tako pise trokanskih programa imam 0.STVARNI NE KAPIRAM!

  18. #18
    Domaćin macka vracarka (avatar)
    Učlanjen
    11.12.2006.
    Pol
    ženski
    Lokacija
    Bgd.
    Poruke
    4.262
    Reputaciona moć
    97

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio snejks Pogledaj poruku
    macka vracarka , opet ćeš pokrenuti hijack this i u onome otvorenom prozoru čekirati kockice ispred sledećih redova:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    i dole klikni na Fix
    i to bi bilo to , ostatak loga je čist , jedino me interesuje šta imaš od Tošibe zakačen na komp
    Nadam se da nemaš više nekih problema sa kompom ili nekih neželjenih efekata
    Uradila i to..
    Hvala do neba...Sad fercera bez problema...
    Sad ili nikad ! Nikad naravno ne dolazi u obzir.

  19. #19
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio Sisidora-97 Pogledaj poruku
    Heur trojan win 32 Sta je to?Ja stvarno ne znam kako da obrisem ako je virus!Ima kako crven iznak uvvicnik.Molim vas da mi pomognete jel sam glupa za te stvari

    http://www.scanforfree.com/07/remove-win32.heur.html

  20. #20
    Ističe se
    Učlanjen
    09.06.2007.
    Pol
    muški
    Poruke
    2.540
    Reputaciona moć
    0

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio macka vracarka Pogledaj poruku
    Uradila i to..
    Hvala do neba...Sad fercera bez problema...
    Pošto si koristila ComboFix, trebaš ga sada deinstalirati iz kompjutera:

    Start > Run > (kucaš) combofix /u (napomena: postoji razmak između 'x' i '/'), sačekaš da odradi posao i to je to.

  21. #21
    Buduća legenda cizmice (avatar)
    Učlanjen
    17.11.2007.
    Pol
    muški
    Lokacija
    Pivo
    Poruke
    49.504
    Tekstova u blogu
    12
    Reputaciona moć
    616

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio DekiM Pogledaj poruku
    Pošto si koristila ComboFix, trebaš ga sada deinstalirati iz kompjutera:

    Start > Run > (kucaš) combofix /u (napomena: postoji razmak između 'x' i '/'), sačekaš da odradi posao i to je to.
    Nema potrebe.
    Combo Fix se moze jednostavno baciti u korpu i to je to.

    Inace odlican program koji napravi recovery konzolu.
    Nekada sam bio uobrazen - sada sam savrsen

  22. #22
    Ističe se
    Učlanjen
    09.06.2007.
    Pol
    muški
    Poruke
    2.540
    Reputaciona moć
    0

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio cizmice Pogledaj poruku
    Nema potrebe.
    Combo Fix se moze jednostavno baciti u korpu i to je to...
    Ima potrebe, a to naravno nisam ja izmislio!
    Ona komanda će:

    • Obrisati sledeće:
      • ComboFix i njegove file-ove i foldere
      • VundoFix backup folder, ako postoji
      • C:\Deckard folder, ako postoji
      • C:\OtMoveIt folder, ako postoji

    • Resetovati podešavanja sata na kompjuteru
    • Sakriti ekstenzije file-ova, ako je potrebno
    • Sakriti sistemske/skrivene file-ove, ako je potrebno
    • Resetovati System Restore
    http://www.myantispyware.com/2008/03/26/how-to-uninstall-combofix/




  23. #23
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio DekiM Pogledaj poruku
    Pošto si koristila ComboFix, trebaš ga sada deinstalirati iz kompjutera:

    Start > Run > (kucaš) combofix /u (napomena: postoji razmak između 'x' i '/'), sačekaš da odradi posao i to je to.
    Mačka Vračarka , uradi ovo što ti DekiM kaže , ja sam zaboravio na to i na isključivanje sistem restorea i zatim njegovo ponovno uključivanje.
    DekiM hvala na asistenciji

  24. #24
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Citat Original postavio Sisidora-97 Pogledaj poruku
    Heur trojan win 32 Sta je to?Ja stvarno ne znam kako da obrisem ako je virus!Ima kako crven iznak uvvicnik.Molim vas da mi pomognete jel sam glupa za te stvari
    Citat Original postavio snejks Pogledaj poruku
    Otvori novi topic skini hijack this program i uradi log kao što je uradila gospođica iznad i postavi ga u taj topic.
    Citat Original postavio Sisidora-97 Pogledaj poruku
    Objasni!Molim te objasni mi ja sam glupa za komnpjutere.Imam 5 virusa tako pise trokanskih programa imam 0.STVARNI NE KAPIRAM!
    Misliiim , zar ima tu šta da se razume? pročitaš topic i vidiš šta su ostali radili sa kompjuterima i uradiš istu stvar. ako ti je to tako komplikovano misliim , pa nemam ja vremena da vas učim osnovnim radnjama na računaru. saberite se malo ,
    Lepo sam napisao da otvoriš posebni temu (novi topic) da joj daš smisleniji naziv (ne UPOMOOOOOOOOOOOĆ i sl.), napišeš u temi koji ti je problem , koji ti antivirus postoji na računaru , šta detektuje računar i kako ti se pojavljuju te poruke , i skineš programe koje sam predlagao i ostalima i obaviš istu proceduru za početak jedan scan sa programom Hijjack this i postavljanje loga ovde će biti dovoljan za početak.

  25. #25
    Aktivan član jevta.bg (avatar)
    Učlanjen
    07.08.2007.
    Pol
    muški
    Lokacija
    Beograd
    Poruke
    1.089
    Tekstova u blogu
    8
    Reputaciona moć
    69

    Podrazumevano Re: Trojan horse Generic 12.XSP

    Ma lepo skeniras komp sa antivirusom, i on sve obrise i resen problem.
    Ne vidim cemu ovolika skeniranja , logovi i ostalo.
    AMD Phenom II X4 955 BE ,Gigabyte MA790X,2 X 2GB Kingston HX1066


Slične teme

  1. trojan horse i radmin?
    Autor laylah u forumu Sigurnost i zaštita
    Odgovora: 3
    Poslednja poruka: 17.08.2005., 23:34
  2. backdoor.prorat.2A trojan horse
    Autor draka u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 28.11.2004., 00:52
  3. Trojan Horse Downloader.Smoll 9.BV
    Autor Nataja u forumu Sigurnost i zaštita
    Odgovora: 0
    Poslednja poruka: 14.08.2004., 12:21
  4. Trojan horse
    Autor kaktus u forumu Sigurnost i zaštita
    Odgovora: 11
    Poslednja poruka: 07.03.2004., 03:14
  5. TROJAN HORSE
    Autor Pirat u forumu Sigurnost i zaštita
    Odgovora: 10
    Poslednja poruka: 26.01.2004., 08:44

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •