help, inam virus ili trojan

FERRYS · 18.04.2006., 20:02

pozdrav imam neko sranje na kompu koje mi je pozedralo sve xyz.exe stvari na kompu. nod 32 ga ne pronalazi(nađe ga kad je file vec inficiran), neznam kako ga maknut. sranje se zove TENGA ili tak nekak.
bio bih jako zahvalan kad bi mi neko pomogao to maknut
napravio sam hijack this scan
Logfile of HijackThis v1.99.1
Scan saved at 18:42:18, on 18.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\EPOX\USDM\USDM.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE
C:\Program Files\United Devices\UD.EXE
C:\Program Files\United Devices\ud_7657531.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\DOCUME~1\JA\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142170379671
O17 - HKLM\System\CCS\Services\Tcpip\..\{E884A97F-5B01-4593-A0B2-254DC304C524}: NameServer = 195.29.150.3 195.29.150.4
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

panoramix · 18.04.2006., 20:08

Daj probaj s ovim, ja sam se danas riješio dialera kojeg ni sa čime nisam mogao maknuti
http://www.ewido.net/en/download/

tutix · 18.04.2006., 21:00

ajd briši ovo:
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O17-HKLM\System\CCS\Services\Tcpip\..\{E884A97F-5B01-4593-A0B2-254DC304C524}: NameServer = 195.29.150.3 195.29.150.4
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
ajd probaj to prvo ak ne uspiješ se riješit reci nisu mi jasna još dva ova servisa od United Devices, ne bih znao što je to. Ajd pogledaj u Program Files i ak ne znaš što je obriši.

FERRYS · 18.04.2006., 21:24

evo maknuo sto je titix napisao, thanks tutix

ova dva su mi od uninted devices, komp vrti grid...

ukoliko ce se ponavljat probam panoramixev recept

tutix · 18.04.2006., 21:35

nemaš problema, ali daj još i ovo pogledaj malo mi je sumnjivo...
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Isus · 18.04.2006., 22:56

digni win u safe modu i onda pokreni nod

panoramix · 18.04.2006., 23:38

Citiraj:

Autor tutix

nemaš problema, ali daj još i ovo pogledaj malo mi je sumnjivo...
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Provjeri na jednom od ovih siteova tko su i što rade navedeni exe.

http://www.sysinfo.org/startuplist.php
http://www.processlibrary.com/
http://castlecops.com/StartupList.html

Neovisno od rezultata, preporučam EWIDO za full scan.

tutix · 19.04.2006., 00:24

Citiraj:

Autor tutix

nemaš problema, ali daj još i ovo pogledaj malo mi je sumnjivo...
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

false alarm. jedan je od drivera od graf, drugi je od programa onog ud.

dDario · 19.04.2006., 01:47

Probaj sa Spy Falcon. Meni je našao par stvari koje NOD32, avast, SpyBot S&D, Trojan Hunter, Ad-aware 6 Pro, hijackthis i još par programa nisu... Jedino šta moraš ručno brisat ili platit full verziju programa.

Hrvoje xyz · 19.04.2006., 18:08

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Save\Save.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe

ovo su stvari bez kojih u pravilu mozes--
nisam ziher az ovo prvo

Isus · 19.04.2006., 21:17

Spy Falcon je spyware!! To se uklanja inaaöe jer je izrazito naporan!

panoramix · 20.04.2006., 05:50

Citiraj:

Autor Hrvoje xyz

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Save\Save.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe

ovo su stvari bez kojih u pravilu mozes--
nisam ziher az ovo prvo

Pa dajte se ljudi već jednom naučite da sve što ima veze s United Devices je samo znak da plemeniti korisnik vrti Rosettu i da bi se i vi trebali priključiti i donirati svoje slobodno procesorsko vrijeme.

18.04.2006., 20:02	#1
FERRYS AutoCad & Allplan expert Moj komp Datum registracije: Jan 2004 Lokacija: Zagreb-Karlovac i okilica Postovi: 2,159	help, inam virus ili trojan pozdrav imam neko sranje na kompu koje mi je pozedralo sve xyz.exe stvari na kompu. nod 32 ga ne pronalazi(nađe ga kad je file vec inficiran), neznam kako ga maknut. sranje se zove TENGA ili tak nekak. bio bih jako zahvalan kad bi mi neko pomogao to maknut napravio sam hijack this scan Logfile of HijackThis v1.99.1 Scan saved at 18:42:18, on 18.4.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Eset\nod32krn.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\EPOX\USDM\USDM.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\PowerS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Save\Save.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE C:\Program Files\United Devices\UD.EXE C:\Program Files\United Devices\ud_7657531.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe C:\DOCUME~1\JA\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142170379671 O17 - HKLM\System\CCS\Services\Tcpip\..\{E884A97F-5B01-4593-A0B2-254DC304C524}: NameServer = 195.29.150.3 195.29.150.4 O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe __________________ none

18.04.2006., 20:08	#2
panoramix driver Moj komp Datum registracije: Oct 2004 Lokacija: zagreb Postovi: 1,083	Daj probaj s ovim, ja sam se danas riješio dialera kojeg ni sa čime nisam mogao maknuti http://www.ewido.net/en/download/ __________________ SPECTRUM ZX 48 K, Grundig Cassette player, RIZ Color TV - 16 kanala UHF, sobna antena Čajavec SA-3 s lampicom, software : River Raid & Jet set Willie

18.04.2006., 21:24	#4
FERRYS AutoCad & Allplan expert Moj komp Datum registracije: Jan 2004 Lokacija: Zagreb-Karlovac i okilica Postovi: 2,159	evo maknuo sto je titix napisao, thanks tutix ova dva su mi od uninted devices, komp vrti grid... ukoliko ce se ponavljat probam panoramixev recept __________________ none

18.04.2006., 22:56	#6
Isus Headbangig Grunf! Moj komp Datum registracije: Aug 2003 Lokacija: headbanger's ball Postovi: 4,373	digni win u safe modu i onda pokreni nod __________________ Porsche 6cyl.boxer se hladi zrakom komp se hladi vodom! Chairman of G.M.S. , Heavy Metal Thunder! Former member of PCE 100+kg demolition squad Grunf je moj idol! Moji Grunf type modovi NB:Mini Monster NB,VGA:Ye Monster C!, Ye Monster D!,Abit NB:Abit mini Monster,PSU:Ultra Monster! Alfisti site, Alfisti forum

19.04.2006., 01:47	#9
dDario Premium Moj komp Datum registracije: Jun 2004 Lokacija: Zagreb Postovi: 1,567	Probaj sa Spy Falcon. Meni je našao par stvari koje NOD32, avast, SpyBot S&D, Trojan Hunter, Ad-aware 6 Pro, hijackthis i još par programa nisu... Jedino šta moraš ručno brisat ili platit full verziju programa. __________________

18.04.2006., 21:00	#3
tutix Premium Moj komp Datum registracije: Jan 2006 Lokacija: Zagreb Postovi: 4,068	ajd briši ovo: O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O17-HKLM\System\CCS\Services\Tcpip\..\{E884A97F-5B01-4593-A0B2-254DC304C524}: NameServer = 195.29.150.3 195.29.150.4 O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" ajd probaj to prvo ak ne uspiješ se riješit reci nisu mi jasna još dva ova servisa od United Devices, ne bih znao što je to. Ajd pogledaj u Program Files i ak ne znaš što je obriši.

18.04.2006., 21:35	#5
tutix Premium Moj komp Datum registracije: Jan 2006 Lokacija: Zagreb Postovi: 4,068	nemaš problema, ali daj još i ovo pogledaj malo mi je sumnjivo... O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

19.04.2006., 18:08	#10
Hrvoje xyz lepi Datum registracije: Nov 2005 Lokacija: Zagreb Postovi: 923	C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\PowerS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Save\Save.exe C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe ovo su stvari bez kojih u pravilu mozes-- nisam ziher az ovo prvo

19.04.2006., 21:17	#11
Isus Headbangig Grunf! Moj komp Datum registracije: Aug 2003 Lokacija: headbanger's ball Postovi: 4,373	Spy Falcon je spyware!! To se uklanja inaaöe jer je izrazito naporan! __________________ Porsche 6cyl.boxer se hladi zrakom komp se hladi vodom! Chairman of G.M.S. , Heavy Metal Thunder! Former member of PCE 100+kg demolition squad Grunf je moj idol! Moji Grunf type modovi NB:Mini Monster NB,VGA:Ye Monster C!, Ye Monster D!,Abit NB:Abit mini Monster,PSU:Ultra Monster! Alfisti site, Alfisti forum

Oglasni prostor
PC Ekspert Forum Oglas