Računalniški forum - Računalniške novice

Sem vedela da se prehitro veselim očiščenega računalnika. :x Včeraj mi je najprej BD našel Memscan:Backdoor.AgentII. in ga premaknil. Ob drugem skeniranju ni našel ničesar več. Ad-aware je našel nekaj Cookijev in jih pospravil, tako da tudi ob drugem skeniranju ni bilo ničesar več. (.krpan počasi ti bom še verjet začela …)

Pa mi ni dalo miru in sem šla še s Pando naredit online scan. Našel mi je virus, ki ga je dezinficiral in kar nekaj spyware oz adware zadev. Ko sem večino tega ročno zbrisala mi je ostalo še en Adware za katerega pa mi pravi, da je lokacija v Registru oziroma Registrskih ključih ali nekaj podobnega. Kaj pa zdaj? Kako naj zbrišem to?

Lp spet ostržka :verymad:

(start-zaženi/run-(type)regedit)

poiščeš poimenovan HKEY iz reporta, predvidevam, da brskanje po registrih ne spada med tvoja rutinska opravila, zatorej previdno,

A je to isto kot dobiš ven z hijack programom ali sem čisto pomešala dve stvari? :shock:
Če mi uspe objavit report tukaj, a mi boste vedeli pomagati kaj lahko še brišem?

lp že čisto zmedena ostržka

ostrzek, ni isto kot HJT. Naredi kot ti je povedal .krpan, glej le da ne tikas ostalega, ker je poseg register lahko destruktiven za Windowse

objavi report, kaj dosti več kot registerski ključ HKEY iz reporta, ni priporočljivo spreminjati,

Super hvala! Bom objavila report zvečer, ko se prikopljem do svojega računalnika.

lp ostržka

Tole je našel BD:

C:WINDOWSmsagentagentsvr.exe Okuženo Win32.Mixor.A@mm
C:WINDOWSmsagentagentsvr.exe Čiščenje je bilo neuspešno
C:WINDOWSmsagentagentsvr.exe Premaknjeno
C:WINDOWSsystem32dllcacheagentsvr.exe Okuženo Win32.Mixor.A@mm
C:WINDOWSsystem32dllcacheagentsvr.exe Čiščenje je bilo neuspešno
C:WINDOWSsystem32dllcacheagentsvr.exe Premaknjeno

Ad-aware ni našel nič.

Tole je našel Panda:

Incident Status Location

Adware:adware/systemdoctor Not disinfected Windows Registry
Spyware:Cookie/Com.com

Kako naj se zdaj lotim? Pa še eno vprašanje. Če BD napiše da ga je samo premaknil (tako kot zgoraj) ali to pomeni da je računalnik očiščen ali ne?

thks že vnaprej
ostržka

ostrzek, imas pa kar sreco s temi nadlogami. Prosim podaj se HJT log.

Zgleda kot nadloga poznana pod imenom AdWare.Monker.a. Vnos lahko pobrises, ti pa svetujem se pregled z aSquared: http://www.emsisoft..../software/free/

Evo ga:
Logfile of HijackThis v1.99.1
Scan saved at 22:14:27, on 7.11.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32RunDll32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe
C:Program FilesEiconDivaDiTask.exe
C:Program FilesEiconDivaDivamon.exe
C:Program FilesEiconDivawatch.exe
C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
C:PROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesSoftwinBitDefender9bdmcon.exe
C:Program FilesSoftwinBitDefender9bdoesrv.exe
C:program filessoftwinbitdefender9bdnagent.exe
C:program filessoftwinbitdefender9bdswitch.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesISDN Utilitiesccmon.exe
C:Program FilesKodakKODAK Picture Transfer Softwarepts.exe
C:PROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
C:WINDOWSSystem32DRIVERSdcfssvc.exe
C:Program FilesKODAKKODAK Picture Transfer SoftwarePTSsvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe
C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe
C:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exe
C:Program FilesSoftwinBitDefender9vsserv.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1Yahoo!COMPAN~1Installscpn0YTBSDK.exe
C:Documents and SettingsUserMy DocumentsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: (no name) - {20783ABE-1C50-5582-1F7E-07F14C3A1D75} - C:WINDOWSSystem32drngzwj.dll
O2 - BHO: (no name) - {2E2C52B1-1D76-BD35-46C1-045E00A75183} - C:WINDOWSSystem32fhodxab.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:WINDOWSSystem32ixt0.dll (file missing)
O2 - BHO: (no name) - {5152DDEA-0420-3A5C-077E-062CF8BA3926} - C:WINDOWSSystem32gfgiewm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe
O4 - HKLM..Run: [DiTask.exe] "C:Program FilesEiconDivaDiTask.exe"
O4 - HKLM..Run: [Divamon.exe] "C:Program FilesEiconDivaDivamon.exe"
O4 - HKLM..Run: [Eicon TechnologyLAN_DAEMON] "C:Program FilesEiconDivawatch.exe"
O4 - HKLM..Run: [CGServer] "C:Program FilesEiconDivacgserver.exe"
O4 - HKLM..Run: [DataLayer] C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
O4 - HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
O4 - HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
O4 - HKLM..Run: [BDMCon] "C:Program FilesSoftwinBitDefender9bdmcon.exe"
O4 - HKLM..Run: [BDOESRV] "C:Program FilesSoftwinBitDefender9bdoesrv.exe"
O4 - HKLM..Run: [BDNewsAgent] "C:Program FilesSoftwinBitDefender9bdnagent.exe"
O4 - HKLM..Run: [BDSwitchAgent] "C:Program FilesSoftwinBitDefender9bdswitch.exe"
O4 - HKLM..Run: [WINDOWS] C:dll64.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - Global Startup: CAPI Tray.lnk = C:Program FilesISDN Utilitiesccmon.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLMSystemCCSServicesTcpip..{DBA20409-05F6-475F-BC1C-A86EBF37D4CD}: NameServer = 193.189.160.13 193.189.160.23
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:WINDOWSSystem32DRIVERSdcfssvc.exe
O23 - Service: hpdj - Unknown owner - C:DOCUME~1UserLOCALS~1Temphpdj.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exe" /service (file missing)
O23 - Service: msie7 - Unknown owner - C:WINDOWSsystemmsie701.exe (file missing)
O23 - Service: ptssvc - Unknown owner - C:Program FilesKODAKKODAK Picture Transfer SoftwarePTSsvc.exe
O23 - Service: SysKli - Unknown owner - ?C:Program FilesCommon FilesServicescon.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:Program FilesSoftwinBitDefender9vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing)



počasi bom dojela ostržka :bow:

Brisi (Yahoo Toolbar osebno nimam rad, ker je vir tezav)

C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe (ni potreben proces)
C:PROGRA~1Yahoo!COMPAN~1Installscpn0YTBSDK.exe (sumljivo)

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: (no name) - {20783ABE-1C50-5582-1F7E-07F14C3A1D75} - C:WINDOWSSystem32drngzwj.dll
O2 - BHO: (no name) - {2E2C52B1-1D76-BD35-46C1-045E00A75183} - C:WINDOWSSystem32fhodxab.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:WINDOWSSystem32ixt0.dll (file missing)
O2 - BHO: (no name) - {5152DDEA-0420-3A5C-077E-062CF8BA3926} - C:WINDOWSSystem32gfgiewm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe (ne rabis)
O4 - HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe (ni nujno)
O4 - HKLM..Run: [WINDOWS] C:dll64.exe (sumljivo)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab (se bo namestilo ce bos rabila)

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:DOCUME~1UserLOCALS~1Temphpdj.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exe" /service (file missing)
O23 - Service: msie7 - Unknown owner - C:WINDOWSsystemmsie701.exe (file missing)
O23 - Service: SysKli - Unknown owner - ?C:Program FilesCommon FilesServicescon.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:Program FilesSoftwinBitDefender9vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing)

To bi odstranil jaz...lahko pa pocakas se kaksno mnenje.

Š e tole za danes. Rezultat pregleda z aSquared-om

:verymad:

a-squared Free - Version 2.1

Scan settings:

Objects: Memory, Traces, Cookies, C:
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 7.11.2006 22:33:16

Value: HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun --> windows detected: Trace.Registry.EagleBoy
C:Documents and SettingsUserCookiesuser@cgi-bin[1].txt detected: Trace.TrackingCookie
C:Documents and SettingsUserCookiesuser@com[1].txt detected: Trace.TrackingCookie
C:Program FilesEiconDivaDITASK.EXE detected: Heuristic.Dialer
C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}_setup.dll detected: Adware.Win32.Altnet.b
C:Program FilesInstallShield Installation Information{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}_setup.dll detected: Adware.Win32.Altnet.b
C:Program FilesSoftwinBitDefender9regspy.sys detected: Riskware.Monitor.Win32.PCAcme.61
C:WINDOWSNOTEPAD.EXE detected: P2P-Worm.Win32.Small.3362
C:WINDOWSsystem32dllcachenotepad.exe detected: P2P-Worm.Win32.Small.3362
C:WINDOWSsystem32notepad.exe detected: P2P-Worm.Win32.Small.3362

Scanned

Files: 45506
Traces: 81520
Cookies: 33
Processes: 22

Found

Files: 7
Traces: 1
Cookies: 2
Processes: 0
Registry keys: 0

Scan end: 7.11.2006 22:58:54
Scan time: 0:25:38

lepljivka črvov ostržka

ostrzek, za tale Asquad pa še nikol nisem slišal...

Altnet? Imaš nameščeno Kazaa? Briši kazo. Mora biti pa altnet tudi ločen za odstranjevanje v nadzorni plošči. A se znova namesti, ko zaženeš Kazo ali drug njej podoben P2P program

ostrzek, ni nujno, da je vse slabo. ;-)

Si pobrisala tiste vnose s HJT? Je kaj pomagalo po restartu? Si ze dala ponoven Scan z BD?

cannibal, aSquared je kar vredu zadeva. Ga toplo priporocam kot dodatni pregledovalnik nadlog. :ok:

[quote="ostrzek"]Tole je našel BD:


Kako naj se zdaj lotim? Pa še eno vprašanje. Če BD napiše da ga je samo premaknil (tako kot zgoraj) ali to pomeni da je računalnik očiščen ali ne?

to je pogost način reševanja težav AV programja in velja za zadovoljivega, sicer pa zgleda, da je trenutno mašina čista, le razne magnete za malware velja po priporočilu zgoraj optimizirati (orodna vrstica, P2P)

Oj. Tema je bila prestavljena...

Torej, zadeva je sledeča: opravil sem pregled s TM HouseCall, ki je odkril nekaj varnostnih lukenj in crack za Nero , trojanca pa ni prepoznal, torej zadeva še ni rešena...

@scarab79 - s Pando ga bom poskeniral še danes popoldan, ker mi je sinoči časa zmanjkalo.

@cannibal - bom poskusil. Thenx.

jst bi pa rad en program proti Malware-u, sem videl da ga ma tudi ta asquared samo ga moraš plačati, jaz bi pa rad zastonj anti Malware program.

Tukaj dobiš za a-squared 2.0 Free. ;-)

Thanks za link, sam fora je da ga že imam tega... samo nism vedel da je tudi za malware... hvaLa!

Thanks za link, sam fora je da ga že imam tega... samo nism vedel da je tudi za malware... hvaLa!

Ni 'blema. :ok:

Evo samo da se oglasim toliko da povem, da mi je včeraj uspelo spucati kišto, tako da mi na koncu ni nobeden od programčkov našel ničesar več. (tudi po ponovnem zagonu). Upam, da sem zdaj vsaj za nekaj časa mirna.

Najlepša hvala vsem, ki se vam je dalo ubadati z mojimi črvi in pa predvsem zato, ker se vam je dalo na preprost način pojasnjevati zadeve... :bravo:

.krpan registrov pa si nisem drznila brisat (drugače se zdajle najbrž sploh ne bi javljala

Vas berem tudi še naprej in upam da bo sedaj malo miru pred mano.

lp vesela ostržka