Pomozi mi i ovdje je moja prijava kidnapovati

**Mohi212** · #1 6. Sep 2008, 00:54

bok. Moj računalo je definitivno zaraziti od trojanskih, štetne sadržaje ili spyware. I svaki put kad otvorite moj računalo, a balon pops gore od traci govoreći da moj računalo je okužen i odjednom sve ove oglase poskočiti i držati na otvaranju nove. i ja vjerujem da sam teza procesi vidite na zadaća voditelj su respnsible

nesto kao lssmon.exe, lssmgr.exe (svibanj nije točno biti isti) cuz kad zatvorite ih u balon nestaje.

anyways, ovdje je moja prijava oteti, pa plz pomoć mene vanjska strana.

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 1:52:14 Na 9/6/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
D: \ WINDOWS \ System32 \ smss.exe
D: \ Windows \ System32 \ Winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ Svchost.exe
D: \ WINDOWS \ System32 \ Svchost.exe
D: \ WINDOWS \ explorer.exe
D: \ WINDOWS \ system32 \ Svchost.exe
D: \ WINDOWS \ system32 \ slserv.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
D: \ Program Files \ Opera \ opera.exe
E: \ SVI softvera \ HiJackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar =

http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page =

http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) =

http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
F2 - REG: SYSTEM.INI: Shell = Explorer.exe ssvichosst.exe
O2 - BHO: DAPHelper Class - (0000CC75-ACF3-4cac-A0A9-DD3868E06852) - D: \ Program

Files \ pecati \ DAPBHO.dll
O2 - BHO: IDM Helper - (0055C089-8582-441B-A0BF-17B458C2A3A8) - D: \ Program Files \ Internet

Download Manager \ IDMIECC.dll
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Skype dodati-na (kapacitet) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - D: \ Program

Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - d: \ program

files \ google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - d: \ program

files \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "D: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] D: \ Program Files \ Nokia \ Nokia PC Suite

6 \ LaunchApplication.exe-početni
O4 - HKLM \ .. \ Run: [googletalk] D: \ Program Files \ Google \ Google Talk \ googletalk.exe / autostart
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe

/ NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe

/ NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra kontekst meni stavka: & & s pecati Download - D: \ programa ~ 1 \ pecati \ dapextie.htm
O8 - Extra kontekst meni stavka: Download & all s pecati - D: \ programa ~ 1 \ pecati \ dapextie2.htm
O8 - Extra kontekst meni stavka: Download svih linkova sa IDM - D: \ Program Files \ Internet Download

Manager \ IEGetAll.htm
O8 - Extra kontekst meni stavka: Download FLV video sadržaj s IDM - D: \ Program Files \ Internet Download

Manager \ IEGetVL.htm
O8 - Extra kontekst meni stavka: Download sa IDM - D: \ Program Files \ Internet Download

Manager \ IEExt.htm
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel --

res: / / D: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: Run pecati - (669695BC-A811-4A9D-8CDF-BA8C795F261C) --

D: \ programa ~ 1 \ pecati \ DAP.EXE
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - D: \ Program

Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - D: \ Program Files \ AIM \ aim.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program

Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) --

D: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) --

D: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D: \ Program

Files \ Ares \ chatServer.exe
O23 - Service: avast! AntiVirus avast! SamSs (avast! SamSs) - Unknown vlasnika --

D: \ WINDOWS \ system32 \ dllcaches.exe
O23 - Service: Google Updater Service (gusvc) - Google - D: \ Program Files \ Google \ Common \ Google

Updater \ GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy protušpijunskih (SBCSSvc) - Unknown vlasnika - D: \ Program Files \ Sunbelt

Software \ CounterSpy \ SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D: \ Windows \ System32 \ slserv.exe

--
End of file - 4603 bytes

**evilfantasy** · #2 6. Sep 2008, 01:26

Pozdrav Mohi212. Dobrodošli na CJ.

Onemogući Counterspy tako da ne blokira ispravci izrađujemo.

Desnom tipkom miša kliknite ikonu u ladicu i isključiti Counterspy.

----------

Otvori HijackThis i odaberite Da li je sustav skenirati samo.

Stavite oznaku uz sljedeće stavke: (ako postoji)

O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O23 - Service: avast! AntiVirus avast! SamSs (avast! SamSs) - Unknown vlasnika - D: \ WINDOWS \ system32 \ dllcaches.exe

Važno: Zatvori sve prozore osim HijackThis, a zatim kliknite Fix checked.

Izlaz HijackThis.

----------

Idi na Start> Run i tip Notepad.exe zatim pritisnite U redu.

Kopirajte i zalijepite sljedeći tekst u box kod u novi Notepad datoteka.

Code:

@ ECHO OFF sc stop avast! SamSs sc brisanje avast! SamSs izlaz

U odaberite Notepad Datoteka i Spremi kao
Odaberite Spremi na lokaciji biti i za Desktop Naziv datoteke: utipkajte fixme.bat da osiguraju da Spremi kao vrstu polje govori Sve datoteke.

Sljedeća Dvoklik fixservice.bat da ga vode.
Crna kutija bi trebalo otvoriti i zatvoriti nakon kratkog vremena, to je normalno.
Nemojte se nastaviti sve dok se crna kutija je zatvorena
Izbriši fixservice.bat iz Desktop.

----------

Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava

Idi na Start> Run i tip notepad.exe zatim pritisnite U redu

Kopiraj tekst u okviru ispod Šifra i zalijepite ga u Notepad.

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "Layersecurity Servicemonitor" =-

U Notepad idite na File> Save as ...

Uz Naziv datoteke: vrsta fixme.reg Pomoću padajućeg okvir pored Sačuvaj kao tip: i odaberite Sve datoteke. Snimite je na radnoj površini.

Tu bi trebali biti datoteku na radnu površinu da izgleda ovako

Dvokliknite fixme.reg i dopustiti Internet to stopiti sa Registry.

Vi svibanj ne vidi ništa dogoditi, ali da joj je nekoliko sekundi, i tako do kraja.

Sada fixme.reg brisanje datoteke s Desktopa.

Ponovo pokrenite računalo.

----------

Sada pokrenite novu HijackThis skeniranja i post zapisnik.

Važno: Kada se prijavite sa HijackThis dolazi u Notepad, prije nego što ga kopirate, odite na Format i kliknite Word Prelomi. A zatim je kopirajte i zalijepite prijaviti ovdje.

**Mohi212** · #3 6. Sep 2008, 04:08

hej hvala za vaša pomoć. ali našto JA ponovno pokretanje računalo, pop up još uvijek otvaranje i govoreći da je balon spyware otkriti. Kliknite ovdje da biste instalirali anti-virus je još uvijek pojavljuju

Anyways, ovdje je oteti se prijavite nakon ponovnog pokretanja.

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 5:03:35 Na 9/6/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
D: \ WINDOWS \ System32 \ smss.exe
D: \ Windows \ System32 \ Winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ Svchost.exe
D: \ WINDOWS \ System32 \ Svchost.exe
D: \ WINDOWS \ explorer.exe
D: \ WINDOWS \ system32 \ spoolsv.exe
D: \ WINDOWS \ system32 \ slserv.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
E: \ SVI softvera \ HiJackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
F2 - REG: SYSTEM.INI: Shell = Explorer.exe ssvichosst.exe
O2 - BHO: DAPHelper Class - (0000CC75-ACF3-4cac-A0A9-DD3868E06852) - D: \ Program Files \ pecati \ DAPBHO.dll
O2 - BHO: IDM Helper - (0055C089-8582-441B-A0BF-17B458C2A3A8) - D: \ Program Files \ Internet Download Manager \ IDMIECC.dll
O2 - BHO: Skype dodati-na (kapacitet) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - d: \ program files \ google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - d: \ program files \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "D: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-početni
O4 - HKLM \ .. \ Run: [googletalk] D: \ Program Files \ Google \ Google Talk \ googletalk.exe / autostart
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra kontekst meni stavka: & & s pecati Download - D: \ programa ~ 1 \ pecati \ dapextie.htm
O8 - Extra kontekst meni stavka: Download & all s pecati - D: \ programa ~ 1 \ pecati \ dapextie2.htm
O8 - Extra kontekst meni stavka: Download svih linkova sa IDM - D: \ Program Files \ Internet Download Manager \ IEGetAll.htm
O8 - Extra kontekst meni stavka: Download FLV video sadržaj s IDM - D: \ Program Files \ Internet Download Manager \ IEGetVL.htm
O8 - Extra kontekst meni stavka: Download sa IDM - D: \ Program Files \ Internet Download Manager \ IEExt.htm
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / D: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: Run pecati - (669695BC-A811-4A9D-8CDF-BA8C795F261C) - D: \ programa ~ 1 \ pecati \ DAP.EXE
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - D: \ Program Files \ AIM \ aim.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - D: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D: \ Program Files \ Ares \ chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy protušpijunskih (SBCSSvc) - Unknown vlasnika - D: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D: \ Windows \ System32 \ slserv.exe

--
End of file - 4384 bytes

**evilfantasy** · #4 6. Sep 2008, 08:41

Preuzimanje Malwarebytes' Anti-zaštita od zlonamjernih programa (MBAM)

Dvokliknite mbam-setup.exe i slijedite upute za instaliranje programa.
Na kraju, svakako jedan je postavljena kvačica pored sljedeće:
- Update Malwarebytes' Anti-zaštita od zlonamjernih programa
- Launch Malwarebytes' Anti-zaštita od zlonamjernih programa
Zatim kliknite na Završi.
Ako se ažuriranje je pronađen, on će preuzeti i instalirati najnoviju verziju.
Nakon što program učita, odaberite Obavi brzo pretraživanje, A zatim kliknite Scan.
Kada se skeniranje završi, kliknite na U redu, Zatim Prikaži rezultate za prikaz rezultata.
Budite sigurni da je sve provjeriti, a zatim kliknite Ukloni odabrano.
Kad je završio dezinfekcija, a zapisnik će se otvoriti u Notepad i vi svibanj biti zatraženo da Restart. (Vidi Extra bilješka)
U zapisnik se automatski sprema po MBAM i mogu biti pregledani klikom na tab Evidencije u MBAM.
Kopirajte i zalijepite cijeli izvještaj u vašem sljedeći odgovor.

Extra Napomena: Ako MBAM susrete datoteku koja je teško ukloniti, bit će predstavljen sa 1 of 2 upitom, kliknite U redu da biste bilo i nek MBAM nastaviti s procesom dezinfekcije, ako je zatraženo da ponovo pokrenete računalo, učinite to odmah.

**Mohi212** · #5 6. Sep 2008, 13:29

ovo je rezultat punog scan. kad sam se brzo skeniranje ga otkriti jedan adware koji sam uklonio.

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,26
Database version: 1120
5/1/2600 Windows Service Pack 2

9/7/2008 2:21:54 AM
mbam-log-2008-09-07 (02-21-54). txt

Scan type: Full Scan (D: \ |)
Objekti skenirane: 92811
Vrijeme proteklo: 38 minute (s), 35 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 0
Registry Values zaraženih: 0
Registry Data Items zaraženih: 0
Mape zaraženih: 0
Zaraženih datoteka: 0

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
(Nema stavki otkrivenih zlonamjernih)

**evilfantasy** · #6 6. Sep 2008, 13:44

Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.

Link # 1
Link # 2

** Napomena: Važno je da se sprema izravno na svoj Desktop

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix.

Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite combofix.exe i slijedite upute.
Kada završite ComboFix će proizvesti prijava za vas.
Objaviti ComboFix log i novu HijackThis log u sljedećem odgovoru.

Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

**Mohi212** · #7 7. Sep 2008, 02:17

ovdje je kombinirani škripac klada. Kada je nakon ponovnog pokretanja, bilo je stvaranje zapisnik, one se pop-up prozora i balon pojavila ponovo.

Evo ga.

ComboFix 08-09-05.02 - Burhan 2008-09-07 13:40:43.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT 5:00] Running from: D: \ Documents and Settings \ Burhan \ Desktop \ ComboFix.exe
* Created novu točku vraćanja

UPOZORENJE-ovaj stroj nema Recovery Console Installed!
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

D: \ Documents and Settings \ Burhan \ Cookies \ burhan@ad.yieldmanager [1]. Txt
D: \ Documents and Settings \ Burhan \ Cookies \ Burhan @ antispywaremaster [2]. Txt
D: \ Documents and Settings \ Burhan \ Local Settings \ Temporary Internet Files \ descript.ion
D: \ setup.exe
D: \ WINDOWS \ system32 \ autorun.ini
D: \ WINDOWS \ system32 \ avpo0.dll
D: \ WINDOWS \ system32 \ SCVHSOT.exe
D: \ WINDOWS \ system32 \ setting.ini
D: \ WINDOWS \ system32 \ spool.exe

.
((((((((((((((((((((((((((((((((((((((( Driveri / Usluge )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_CSNETMANAGERXP
------- \ Legacy_SYSREST.SYS

((((((((((((((((((((((((( Files Created from 2008/08/07 da 2008/09/07 ))))))))))) ))))))))))))))))))))
.

2008-09-07 13:47. 2008-09-07 13:47 <DIR> d - HS ---- D: \ FOUND.145
2008-09-06 13:10. 2008-09-06 13:10 <DIR> d -------- D: \ Program Files \ XoftSpySE
2008-09-06 00:19. 2008-09-06 00:19 <DIR> d - HS ---- D: \ FOUND.144
2008-09-05 23:07. 2008-09-05 23:37 741.376 - a ------ D: \ WINDOWS \ system32 \ msupd32.exe
2008-09-05 22:29. 2008-09-05 23:37 741.376 - a ------ D: \ WINDOWS \ system32 \ LSSMON.EXE
2008-09-05 22:29. 2008-09-04 17:49 17.920 - a ------ D: \ WINDOWS \ system32 \ LSASSMGR.EXE
2008-09-05 17:04. 2008-09-05 22:41 54.156 - ah ----- D: \ WINDOWS \ QTFont.qfn
2008-09-05 17:04. 2008-09-05 17:04 1.409 - a ------ D: \ WINDOWS \ QTFont.for
2008-09-05 15:15. 2008-09-07 13:48 0 - a ------ D: \ WINDOWS \ system32 \ bsc32.dll
2008-09-05 15:14. 2008-09-05 15:14 <DIR> d - HS ---- D: \ FOUND.143
2008-09-05 13:25. 2008-09-05 13:25 <DIR> d - HS ---- D: \ FOUND.142
2008-09-05 00:39. 2008-09-05 00:39 <DIR> d - HS ---- D: \ FOUND.141
2008-09-04 18:19. 2008-09-04 18:19 <DIR> d -------- D: \ Documents and Settings \ LocalService \ Application Data \ Yahoo!
2008-09-04 17:49. 2008-09-05 23:37 741.376 - a ------ D: \ WINDOWS \ divx32.dll
2008-09-04 17:49. 2008-09-04 17:49 17.920 - a ------ D: \ WINDOWS \ system32 \ srtsrv32.exe
2008-09-04 17:48. 2008-09-05 12:40 741.376 - a ------ D: \ WINDOWS \ system32 \ upd01.exe
2008-09-04 17:45. 2008-09-04 17:45 <DIR> d - HS ---- D: \ FOUND.140
2008-09-04 07:11. 2008-09-04 07:11 <DIR> d -------- D: \ Documents and Settings \ Burhan \ Application Data \ Yahoo!
2008-09-03 12:21. 2008-09-03 12:21 <DIR> d - HS ---- D: \ FOUND.139
2008-09-01 20:51. 2008-09-01 20:51 <DIR> d - HS ---- D: \ FOUND.138
2008-08-31 13:53. 2008-08-31 13:53 <DIR> d - HS ---- D: \ FOUND.137
2008-08-28 23:04. 2008-08-28 23:04 <DIR> d - HS ---- D: \ FOUND.136
2008-08-27 08:13. 2008-08-27 08:13 <DIR> d - HS ---- D: \ FOUND.135
2008-08-27 00:54. 2008-08-27 00:54 4.096 - a ------ D: \ WINDOWS \ d3dx.dat
2008-08-26 10:33. 2008-08-26 10:33 <DIR> d - HS ---- D: \ FOUND.134
2008-08-26 02:27. 2008-08-26 02:27 <DIR> d - HS ---- D: \ FOUND.133
2008-08-26 01:07. 2008-08-26 01:07 <DIR> d - HS ---- D: \ FOUND.132
2008-08-26 00:15. 2008-08-26 00:15 <DIR> d - HS ---- D: \ FOUND.131
2008-08-25 23:13. 2008-08-25 23:13 <DIR> d -------- D: \ Program Files \ Microsoft Encarta
2008-08-25 18:41. 2008-08-25 18:41 <DIR> d - HS ---- D: \ FOUND.130
2008-08-25 17:09. 2008-08-25 17:09 <DIR> d - HS ---- D: \ FOUND.129
2008-08-25 08:14. 2008-08-25 08:14 <DIR> d - HS ---- D: \ FOUND.128
2008-08-25 06:09. 2008-08-25 06:09 23.552 - a ------ D: \ Documents and Settings \ Burhan \ S87ekhV.exe
2008-08-25 06:00. 2008-08-25 06:00 <DIR> d - HS ---- D: \ FOUND.127
2008-08-25 05:36. 2008-08-25 05:36 <DIR> d - HS ---- D: \ FOUND.126
2008-08-24 23:36. 2008-08-24 23:36 <DIR> d - HS ---- D: \ FOUND.125
2008-08-24 03:11. 2008-08-24 03:11 <DIR> d - HS ---- D: \ FOUND.124
2008-08-23 12:06. 2008-08-23 12:06 <DIR> d - HS ---- D: \ FOUND.123
2008-08-23 10:55. 2008-08-23 10:55 <DIR> d - HS ---- D: \ FOUND.122
2008-08-23 08:38. 2008-08-23 08:38 <DIR> d - HS ---- D: \ FOUND.121
2008-08-23 01:49. 2008-08-23 01:49 <DIR> d - HS ---- D: \ FOUND.120
2008-08-22 18:20. 2008-08-22 18:20 <DIR> d - HS ---- D: \ FOUND.119
2008-08-20 21:05. 2008-08-20 21:05 <DIR> d -------- D: \ spoolerlogs
2008-08-19 22:32. 2008-08-19 22:32 <DIR> d - HS ---- D: \ FOUND.118
2008-08-19 22:12. 2008-08-19 22:12 <DIR> d - HS ---- D: \ FOUND.117
2008-08-19 16:13. 2008-08-19 16:13 <DIR> d - HS ---- D: \ FOUND.116
2008-08-18 03:50. 2008-08-18 03:51 108 - a ------ D: \ Documents and Settings \ Burhan \ Application Data \ netstat.bat
2008-08-17 09:54. 2008-08-17 09:54 <DIR> d - HS ---- D: \ FOUND.115
2008-08-13 02:42. 2008-08-13 02:42 <DIR> d - HS ---- D: \ FOUND.114
2008-08-12 16:17. 2008-08-12 16:17 <DIR> d - HS ---- D: \ FOUND.113
2008-08-11 13:37. 2008-09-05 22:31 0 - a ------ D: \ WINDOWS \ system32 \ sc02.sc
2008-08-11 13:33. 2008-08-11 13:33 <DIR> d - HS ---- D: \ FOUND.112
2008-08-11 10:55. 2008-08-11 10:55 857.037 - a ------ D: \ WINDOWS \ system32 \ CSRLT.EXE
2008-08-11 10:55. 2008-08-11 10:55 857.037 - a ------ D: \ WINDOWS \ MSBLT.EXE
2008-08-09 02:36. 2008-08-09 02:36 <DIR> d - HS ---- D: \ FOUND.111
2008-08-08 21:17. 2008-08-08 21:17 <DIR> d - HS ---- D: \ FOUND.110
2008-08-08 16:54. 2008-08-08 16:54 <DIR> d - HS ---- D: \ FOUND.109
2008-08-08 02:35. 2008-08-08 02:35 <DIR> d -------- D: \ Documents and Settings \ Burhan \ Application Data \ GlarySoft
2008-08-08 02:20. 2008-08-08 02:20 <DIR> d -------- D: \ Program Files \ Glary Registry Repair
2008-08-08 00:18. 2008-08-08 00:18 <DIR> d -------- D: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-08-07 20:27. 2008-08-07 20:27 <DIR> d -------- D: \ Program Files \ Internet Download Manager
2008-08-07 20:27. 2008-08-07 20:27 <DIR> d -------- D: \ Documents and Settings \ Burhan \ Application Data \ IDM
2008-08-07 14:01. 2008-08-07 14:01 <DIR> d - HS ---- D: \ FOUND.108
2008-08-07 01:26. 2008-08-07 01:26 <DIR> d -------- D: \ Documents and Settings \ All Users \ Application Data \ Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 19:16 38.528 ---- AW D: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys
2008-09-01 19:16 17.200 ---- AW D: \ Windows \ System32 \ Drivers \ mbam.sys
2008-08-04 22:08 109.150 AW ---- D: \ Windows \ System32 \ Drivers \ b88b9e8e.sys
2008-08-04 16:05 --------- d ----- w D: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2008-08-04 16:05 --------- d ----- w D: \ Documents and Settings \ Burhan \ Application Data \ Malwarebytes
2008-08-04 16:05 --------- d ----- w D: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-07-30 16:24 499.712 AW ---- D: \ WINDOWS \ system32 \ msvcp71.dll
2008-07-30 16:24 348.160 AW ---- D: \ WINDOWS \ system32 \ msvcr71.dll
2008-07-29 22:43 --------- d ----- w D: \ Documents and Settings \ All Users \ Application Data \ ACD Systems
2008-07-29 22:42 --------- d ----- w D: \ Program Files \ Common Files \ ACD Systems
2008-07-29 22:42 --------- d ----- w D: \ Program Files \ ACD Systems
2008-07-21 16:50 --------- d ----- w D: \ Documents and Settings \ Burhan \ Application Data \ uTorrent
2008-07-21 11:05 --------- d ----- w D: \ Program Files \ uTorrent
2008-07-19 19:28 --------- d ----- w D: \ Documents and Settings \ Burhan \ Application Data \ DMCache
2008-07-19 10:00 --------- d ----- w D: \ Program Files \ Common Files \ L & H
2008-07-17 13:32 --------- d ----- w D: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-07-17 01:11 --------- d ----- w D: \ Program Files \ Ares
2008-07-16 23:15 --------- d ----- w D: \ Program Files \ Advantage
2008-07-09 22:08 41.984 - sh - r D: \ WINDOWS \ system32 \ dllcaches.exe
2008-06-27 21:05 33.576 ---- AW D: \ Documents and Settings \ Burhan \ Application Data \ GDIPFONTCACHEV1.DAT
2008-06-22 15:33 7.680 ---- AW D: \ WINDOWS \ system32 \ ff_vfw.dll
2008-06-22 15:33 60.273 ---- AW D: \ WINDOWS \ system32 \ pthreadGC2.dll
.

------- ------- Sigcheck

2004-08-03 21:14 359040 1745b00fc1141404b28f4b94f69a8871 D: \ Windows \ System32 \ Drivers \ Tcpip.sys
2004-08-03 21:14 359040 1745b00fc1141404b28f4b94f69a8871 D: \ WINDOWS \ system32 \ dllcache \ Tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "D: \ Program Files \ QuickTime \ qttask.exe" [2006-09-01 282624]
"PCSuiteTrayApplication" = "D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe" [2007-06-18 271360]
"googletalk" = "D: \ Program Files \ Google \ Google Talk \ googletalk.exe" [2007-01-02 3739648]
"Layersecurity Servicemonitor" = "D: \ WINDOWS \ system32 \ LSSMON.EXE" [2008-09-05 741376]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Nokia.PCSync" = "D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2007-06-19 1241088]

D: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Microsoft Office.lnk - D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = sockspy.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.D263" = xl_x263dec.dll
"VIDC.YV12" = xl_yv12.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ firefox.exe]
"Razbubnik" = D: \ Program Files \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ iexplore.exe]
"Razbubnik" = D: \ Program Files \ Internet Explorer \ iexplor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izvršenje options \ spoolsv.exe]
"Razbubnik" = D: \ WINDOWS \ system32 \ spool.exe

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"D: \ \ Program Files \ \ Ares \ \ Ares.exe" =
"D: \ \ Program Files \ \ AIM \ \ aim.exe" =
"D: \ \ Program Files \ \ Messenger \ \ MSMSGS.EXE" =
"D: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe" =
"D: \ \ Program Files \ \ Messenger \ \ livecall.exe" =
"D: \ \ Program Files \ \ NetMeeting \ \ conf.exe" =
"D: \ \ Program Files \ \ Opera \ \ Opera.exe" =
"D: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"D: \ \ Program Files \ \ Google \ \ Google Talk \ \ googletalk.exe" =
"D: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"5000: TCP" = 5000: TCP: AresChatServer

R2 dmsmbios; dmsmbios; D: \ WINDOWS \ system32 \ dmsmbios.sys [2001-05-31 16480]
R3 XIRLINK; IBM PC Camera; D: \ Windows \ System32 \ Drivers \ C-itnt.sys [1999-10-19 435655]
S0 SBHR; SBHR; D: \ Windows \ System32 \ Drivers \ sbhr.sys []
S1 b88b9e8e; b88b9e8e; D: \ Windows \ System32 \ Drivers \ b88b 9e8e.sys [2008-08-05 109150]
S3 AvFlt; Antivirusi Filter Driver; D: \ Windows \ System32 \ Drivers \ av5flt.sys []
S3 SBRE; SBRE; D: \ Windows \ System32 \ Drivers \ SBREdrv.sys []

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (7bd71c60-e76a-11dc-a790-00065b298742)]
\ Shell \ autorun \ naredba - ntde1ect.com
\ Shell \ istražiti \ Command - ntde1ect.com
\ Shell \ otvoriti \ Command - ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (9dd929e0-11dd-69d0-a9b5-00065b298742)]
\ Shell \ autorun \ naredbu - H: \ ntde1ect.com
\ Shell \ istražiti \ Command - H: \ ntde1ect.com
\ Shell \ otvoriti \ Command - H: \ ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (def7f600-11dc-a9a1-a733-00065b298742)]
\ Shell \ autorun \ naredbu - H: \ ntde1ect.com
\ Shell \ istražiti \ Command - H: \ ntde1ect.com
\ Shell \ otvoriti \ Command - H: \ ntde1ect.com
.
Sadržaj je 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profil - D: \ Documents and Settings \ Burhan \ Application Data \ Mozilla \ Firefox \ Profiles \ 419o3i2e.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q =
FireFox -: prefs.js - STARTUP.HOMEPAGE - o: blank
FF -: plugin - D: \ Program Files \ Yahoo! \ Shared \ npYState.dll
.
.
------- File Associations (Beta) -------
.
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-09-07 13:48:19
5/1/2600 Windows Service Pack 2 FAT NTAPI

skeniranja skrivenih procesa ...

D: \ Program Files \ Internet Explorer \ iexplor.exe [492] 0xFF7A8620
D: \ WINDOWS \ system32 \ LSASSMGR.EXE [1872] 0xFF832D60
D: \ WINDOWS \ system32 \ LSASSMGR.EXE [524] 0xFF8FD600

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
D: \ WINDOWS \ system32 \ wdfmgr.exe
D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
D: \ Program Files \ Internet Explorer \ iexplore.exe
.
************************************************** ************************
.
Completion time: 2008-09-07 13:52:17 - machine je ponovno podizanje sustava
ComboFix-u karanteni-files.txt 2008-09-07 08:51:54

Pre-Run: 253.583.360 bytes free
Post-Run: 537.141.248 bytes free

216

ovdje je kidnapovati log

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 12:59:52, dana 9/7/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
D: \ WINDOWS \ System32 \ smss.exe
D: \ WINDOWS \ system32 \ Winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ Svchost.exe
D: \ WINDOWS \ System32 \ Svchost.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
D: \ WINDOWS \ explorer.exe
D: \ WINDOWS \ system32 \ taskmgr.exe
E: \ SVI softvera \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: DAPHelper Class - (0000CC75-ACF3-4cac-A0A9-DD3868E06852) - D: \ Program Files \ pecati \ DAPBHO.dll
O2 - BHO: IDM Helper - (0055C089-8582-441B-A0BF-17B458C2A3A8) - D: \ Program Files \ Internet Download Manager \ IDMIECC.dll
O2 - BHO: Skype dodati-na (kapacitet) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - d: \ program files \ google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - d: \ program files \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "D: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-početni
O4 - HKLM \ .. \ Run: [googletalk] D: \ Program Files \ Google \ Google Talk \ googletalk.exe / autostart
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra kontekst meni stavka: & & s pecati Download - D: \ programa ~ 1 \ pecati \ dapextie.htm
O8 - Extra kontekst meni stavka: Download & all s pecati - D: \ programa ~ 1 \ pecati \ dapextie2.htm
O8 - Extra kontekst meni stavka: Download svih linkova sa IDM - D: \ Program Files \ Internet Download Manager \ IEGetAll.htm
O8 - Extra kontekst meni stavka: Download FLV video sadržaj s IDM - D: \ Program Files \ Internet Download Manager \ IEGetVL.htm
O8 - Extra kontekst meni stavka: Download sa IDM - D: \ Program Files \ Internet Download Manager \ IEExt.htm
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / D: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: Run pecati - (669695BC-A811-4A9D-8CDF-BA8C795F261C) - D: \ programa ~ 1 \ pecati \ DAP.EXE
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - D: \ Program Files \ AIM \ aim.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - D: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D: \ Program Files \ Ares \ chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy protušpijunskih (SBCSSvc) - Unknown vlasnika - D: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D: \ Windows \ System32 \ slserv.exe

--
End of file - 4350 bytes

**evilfantasy** · #8 7. Sep 2008, 11:16

Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava

Izbriši ove datoteke / mape, kako slijedi:

1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad.
To morati biti Notepad, WordPad ne.
2. Kopiraj tekst ispod u okvir code by označavanje svih tekstualnih i pritiskom na Ctrl + C

Code:

3. Idi na Notepad prozor i kliknite na Uredi > Zalijepi
4. Zatim kliknite na Datoteka > Spremiti
5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop
6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo!

ComboFix će se početi izvršavati, samo slijedite upute.
Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas.
Pošta koja log (Combofix.txt) u sljedeći odgovor.

Napomena: Ne mouseclick ComboFix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje

**Mohi212** · #9 8. Sep 2008, 06:45

Žao mi je čovjeka ali Combofix Rezultat je datoteka 725 kb pa nije u mogućnosti da zalijepite ga ovdje i tako je to u upload. Zip. nadi taj redu.

**evilfantasy** · #10 8. Sep 2008, 07:14

Preuzimanje OTMoveIt2 la Oldtimer

Spremiti na svoj desktop.

Napomena: Ako radite na Vista, desnom tipkom miša kliknite na OTMoveIt2.exe i odabrati Pokreni kao administrator.

Dvokliknite OTMoveIt2.exe da ga vode.
Kopirajte linije u codebox ispod.

Code:

[ubiti Explorer] D: \ FOUND.145 D: \ FOUND.144 D: \ FOUND.143 D: \ FOUND.142 D: \ FOUND.141 D: \ FOUND.140 D: \ FOUND.139 D: \ NAĐENO ,138 D: \ FOUND.137 D: \ FOUND.136 D: \ FOUND.135 D: \ FOUND.134 D: \ FOUND.133 D: \ FOUND.132 D: \ FOUND.131 D: \ FOUND.130 D: \ FOUND.129 D: \ FOUND.128 D: \ FOUND.127 D: \ FOUND.126 D: \ FOUND.125 D: \ FOUND.124 D: \ FOUND.123 D: \ FOUND.122 D: \ FOUND.121 D: \ FOUND.120 D: \ FOUND.119 D: \ spoolerlogs D: \ FOUND.118 D: \ FOUND.117 D: \ FOUND.116 D: \ FOUND.115 D: \ FOUND.114 D: \ FOUND.113 D: \ FOUND.112 D: \ FOUND.111 D: \ FOUND.110 D: \ FOUND.109 D: \ FOUND.108 EmptyTemp [start Explorer]

Povratak na OTMoveIt2, desni klik na Zalijepite popis datoteka / mapa na Premjesti prozor (pod žutim bar) i odabrati Zalijepi

Kliknite na crvenu Moveit! gumb.
Kopiraj sve u prozor Stranice (u zelenoj traci) i zalijepite ga u svoj sljedeći odgovor.
Zatvoriti OTMoveIt2

----------

Također javite mi kako stvari stoje sada.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Trebate pomoć sa Hijack Prijava	mpenney	Virus, Spyware i sigurnost	2	26 rujan 2009 18:56
Hijack this log	carpious	Virus, Spyware i sigurnost	17	28. lipnja 2008 02:21
Hijack log	d0od	Virus, Spyware i sigurnost	1	27. svibanj 2008 09:30
Hijack log	madcows7	Virus, Spyware i sigurnost	11	29. veljača 2008 20:34
Hijack this log	packofqtips	Virus, Spyware i sigurnost	1	26. prosinac 2007 17:57