Pitanje za dr_Boru (NewPicture)

v_slobo

Zainteresovan član
Poruka
133
Juce nisam bio kuci, dok je moja sestra bila na kompu za msn-om. Poslao joj je neko jedan zipovan fajl "NewPicture023.rar" , ona ga je otvorila i nod ga je lociro ali moja sestra je to izgasila umjesto da ga je izbrisala. A prije 3 mijeseca meni je to neko poslao isto preko msn-a ali nod32 odma to sredi. Juce je nod nasao viruse Win32/TrojanDownloader.Agent.NUO i Win32/Adware.Virtumonde ali ih je i uklonio. Ali ovaj virus sto je aktiviran njega nije nasao (ili je to jedan od ova dva pa ga nije do kraja unistio). Kad sam na msn ovaj virus svima koji su mi online na msn posalje neku recenicu na engleskom i posalje ovaj rarovani fajl NewPicture. Neznam kako da se oslobodim virusa, skenirao sam updateovanim NOD32 i Spyware Doctorom. Evo i log koji je napravio HijackThis:
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 20:00:29, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msgrlive.exe
C:\WINDOWS\system32\bcwsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\GAMING~1\MouseElf.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\msgrlive.exe
C:\WINDOWS\system32\bcwsvc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Slobodan\Desktop\123.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.175.37.70:80;gopher=195.175.37.70:80;http=218.108.64.166:80;https=195.175.37.70:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44D018E9-B962-4DDE-AB72-332D1E64DF97} - C:\WINDOWS\system32\fcyvs.dll
O2 - BHO: (no name) - {5C8E2D5C-4743-4113-B011-3517FA927A30} - C:\WINDOWS\system32\fcyvs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\wvuuuvs.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
O4 - HKLM\..\Run: [Windows Computer Browser] bcwsvc.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: wvuuuvs - C:\WINDOWS\SYSTEM32\wvuuuvs.dll
O21 - SSODL: system32 - {F999272A-D081-41E7-BC39-03BCA6E6194A} - sysprinters.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
 
Ljudi, ne otvarajte više teme gde u nazivu stoji dr_Bora! Čovek više ne dolazi na ovaj forum i ne može vam pomoći, a i nije po pravilima foruma da otvarate teme sa ovakvim netačnim nazivima, posebno kad se u nazivima nalaze korisnička imena. Tema treba da nosi tačan naziv problema.

Ako se neko ne pojavi pogledaću ja šta je sporno u log fajlu ali nemam sad trenutno vremena.
 
Resavajte sami svoje probleme. Bar da prvo pokusate nego nemate stprlkjenja i odmah da Vam drugi resavaju a da dobijete resenje na tacni. Pobegao dr_Bora od lenjih ljudi. Dobro FLUID kaze nije po pravilima da prozivate nekog.
Sretno u daljem resavanju problema
 
Izvinjavam se zbog naslova, stvarno sam zurio pa sam na brzinu napisao ovo.
Resavajte sami svoje probleme. Bar da prvo pokusate nego nemate stprlkjenja i odmah da Vam drugi resavaju a da dobijete resenje na tacni. Pobegao dr_Bora od lenjih ljudi.
Brate probao sam sve sto sam mogao, dva dana skeniram raznim antivirusima i spywareima... Ako stvarno nece niko pomoci na ovom forumu postrazicu pomoc na drugim forumima.
 
Prvo sto treba da odradimo je sledece: idi u Tools->Folder Options->View i cekiraj Show hidden files and folders, a onda odcekiraj Hide protected operating system files (recommended) i potvrdi sa Apply.
Zatim pokusaj da nadjes ovaj fajl C:\WINDOWS\system32\bcwsvc.exe , ukoliko ga nadjes raruj ga ili zipuj i uploaduj na Rapidshare, zatim mi na PP posalji link od tog fajla.

Nakon ovoga prekopiraj sledeci eicarov test X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* u notepad i sacuvaj ga na desktopu. Trebalo bi da se tvoj NOD32 oglasi, ukoliko cuti, skeniraj taj tekstualni fajl na desktopu sa NOD32, ukoliko i dalje cuti znaci da ne radi.

Skini sledeci program i smesti ga na desktopu.
Dr.Web Cureit - ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Udji u Safe Mode tako sto ces restartovati komp i prilikom dizanja sistema uporno pretiskaj dirku F8, izaberi opciju Safe Mode od ponudjenih, nakon toga pokreni na desktopu cureit.exe dvoklikom, a onda Start pa OK,
sacekaj uvodno skeniranje, kada zavrsi idi u Options -> Change settings F9 i odcekiraj polje Heuristic analysis potvrdi sa OK,
zatim odaberi Complete scan i pretisni start dugme na desnoj strani programa,
ukoliko te pita za opciju sta da uradi sa pronadjenim stetocinama odaberi Cure. Restartuj komp.

Opet udji u Safe Mode, pokreni HijackThis, zatvori sve ostale aktivne programe, kada zavrsi sa skeniranjem cekiraj sledece linije:
O21 - SSODL: system32 - {F999272A-D081-41E7-BC39-03BCA6E6194A} - sysprinters.dll (file missing)
pretisni Fix Checked i izadji iz HijackThis.

Ukoliko odradis ovo obavezno postavi novi HijackThis log.
 
molim va sda mi pomognete i kazete da li je ovde sve" cisto" jer mislim da sam zakacio virus.. p.s.nemam iskustvo sa ovim pa vas molim za pomoc i koristim wireless hvala unapred

Logfile of HijackThis v1.99.1
Scan saved at 10:43:05 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kiwee Toolbar\kwtbaim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\sundjerbob\My Documents\srele\HijackThis.exe

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{91EE42FB-54AA-4B53-9C5E-4F9AAA6CDBA6}: NameServer = 87.250.98.250 208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
 

Back
Top