Mislim da je virus, al nemogu nigdje pronać što je, pa ako može pomoć:
aqdqbpqn.exe troši oko 32mb-a, malo radi malo ne
skeniraj s nečim,mbam je dobar za aktivne malware
Na full scan nije našo ništa(skeniro cijeli tjedan s njim), da probam flash scan, oće li to pomoć?
Na full scan nije našo ništa(skeniro cijeli tjedan s njim), da probam flash scan, oće li to pomoć?
Nece zapravo napravi ovak, odradi skeniranje s Hijackthis pa LOG koji izbaci Copy-Paste na forum ko na videu tak napravi.
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:26 , on 17.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Zlatko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zlatko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zlatko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zlatko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zlatko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zlatko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zlatko\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Not Found
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.4.149.42:8080
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Zlatko\Application Data\FlashGetBHO\FlashGetBHO3.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - (no file)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Zlatko\Application Data\Dropbox\bin\Dropbox.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Zlatko\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Zlatko\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll C:\WINDOWS\system32\guard32.dll, wbsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8172 bytes
Kolko vidim nigdje se ne pominje poces, jer se on pali i gasi kad mu se prohtje.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - (no file)
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - (no file)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
fix checked u hijackthisu
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - (no file)
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - (no file)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
fix checked u hijackthisu
dal mogu nekako učitat .log datoteku
Fix i što sad?
Fix i što sad?
s čim si skenirao još osim s malwarebytesom,i da li ga updateaš prije scana?
Ako bude problema javit ću se, trenutno ih nema:)
Kolko vidim nigdje se ne pominje poces, jer se on pali i gasi kad mu se prohtje.
Ima drugih cudnovatih kljunaša, ovaj Iobit deinstaliraj kaj ce ti to uopce obicno smece od programa fino ga makni sa Revo Uninstaler ko na videu dole i to je to. Nece ti on pomoc sigurno, ak imaš slab komp za igrice to je cista magla a da ne pricamo kakva je tek ta Iobit firma loš čušpajz uglavnom.
C:\Program Files\IObit\Game Booster\gbtray.exe
http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html
http://forums.malwarebytes.org/index.php?showtopic=29681
Fix i što sad?
s čim si skenirao još osim s malwarebytesom,i da li ga updateaš prije scana?
Da updates radim stalno na MBAM-u, ali sada mi je nešto zakazo, bio sam na 5808, i govorio je da nema ažuriranja, kad ono 6039. Uglavnom još sam sa prevxom skeniro, i COMODO AV-om, mislim još Hitman isprobat.
Kolko vidim nigdje se ne pominje poces, jer se on pali i gasi kad mu se prohtje.
Ima drugih cudnovatih kljunaša, ovaj Iobit deinstaliraj kaj ce ti to uopce obicno smece od programa fino ga makni sa Revo Uninstaler ko na videu dole i to je to. Nece ti on pomoc sigurno, ak imaš slab komp za igrice to je cista magla a da ne pricamo kakva je tek ta Iobit firma loš čušpajz uglavnom.
C:\Program Files\IObit\Game Booster\gbtray.exe
http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html
http://forums.malwarebytes.org/index.php?showtopic=29681
Pa imam novi komp za igre, ovo mi služi kada mi se malo igra neš što mi neće na win7, al nevidim razliku, uglavnom mogu koristit ccleaner?
Da updates radim stalno na MBAM-u, ali sada mi je nešto zakazo, bio sam na 5808, i govorio je da nema ažuriranja, kad ono 6039. Uglavnom još sam sa prevxom skeniro, i COMODO AV-om, mislim još Hitman isprobat.
probaj,ovako kako je na slici,link za download
JottiQ ima mogućnost skeniranja EXE datoteka procesa pokrenutih u memoriji s dvadeset antivirusnih alata. Kada ga otvoriš, pritisni Ctrl + P i pričekaj da završi s uploadanjem.
Hvala na pomoći sutra javim ako nešto bude.
Zahvaljujem svima na omoći sve radi kako treba.
Ako može LOCK.
Vrti mi se stalno jedan proces pod imenom 'toolbarupdaterservice.exe' verovatno od nekog tooblara kojeg sam slucajno prihvatio prilikom neke instalacije (inace ne vidim taj toolbar uospte, ali nije to bitno, chrome..). Problem je u tome sto mi jede dosta resursa, te uslovljava zastajkivanje videa na YT. Ok ugasim ga preko task managera, ali svaki put kad upalim komp opet mi je u manageru. Gledao sam i u startup programima, ali nista slicno tome. Kako da ga trajno uklonim?
Nema ti druge nego obrisati taj toolbar iz Chromea ako je kako moguće, pod Addons ako ima tamo (znam samo za FireFox). Ili recimo da si instaliraš TuneUp Utilities i tamo si namjestiš koji će ti se procesi paliti kada uđeš u Prozore.
Pokušaj ga pronaći preko windows Add/Remove programs i deinstaliraj ga. Ako ne uspiješ tako idi direktno u browsere i ukloni ga... ako pak ni tako ne bude išlo skini unlocker i s njim ga ugasi i obriši.
Imaš još i processblocker alat kojim blokiraš pokretanje procesa prilikom bootanja... uglavnom nešto će pomoći ;)
