[Rob1]

Windows Defender došao sa pop up rekavši sam TrojanDownloader: Win32/Zlob sam kliknuo ukloniti, ali ne znam ako će i dalje biti na moj sistem, ili ako je skinuti druge trojans. Možda ću imati je dobio to jučer kad sam kliknuo na youtube link u Firefox, ali je netko namjerno krivo pir ga poslao da ga s lažnim site koji je rekao: "Tvoj X NIJE AKTIVAN ažurnim morate DOWNLOAD novi. Pritisnite YES Da biste to postigli "ili nešto slično. I shvatila je virus tip stvar pa sam kliknuo otkazati, što samo mi dade istu poruku tako da sam ubio firefox.exe.

Ovdje je moj HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 00:28:07, dana 04/02/2008
Platforma: Windows Vista (Winnt 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Pokretanje procesa:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Windows \ System32 \ hkcmd.exe
C: \ Windows \ System32 \ igfxpers.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Users \ Robert \ Desktop \ HijackThis \ HijackThis.exe
C: \ Windows \ system32 \ DllHost.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.thetechguys.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1E8A6170-7264-4D0F-BEAE-D42A53123C75) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 1,5 \ NppBho.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Norton Show Toolbar - (90222687-F593-4738-B738-FBEE9C7B26DF) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 1,5 \ UIBHO.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [MSConfig] "C: \ Windows \ System32 \ programu Msconfig.exe" / auto
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [upornost] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - smolastoga Prefiks:
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (4A85DBE0-BFB2-4119-8401-186A7C6EB653) -- http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (71D413D7-38C5-4035-8548-976522CF11D5) (presudno cpcScan) -- http://crucial.com/controls/cpcVistaBeta.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect usluga (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Host COM (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Service Notice LiveUpdate Ex (LiveUpdate Obavijest Ex) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: LiveUpdate Obavijest Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown vlasnika - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems - C: \ Windows \ System32 \ Drivers \ xaudio.exe

--
End of file - 6756 bytes

[evilfantasy]

Dobrodošli na CJ.

I odaberite Otvoriti Hijackthis li sustav samo skenirati i staviti kvačica pored

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Zatvorite sve prozore preglednika osim Hijackthis i kliknite na Fix checked.

----------

Idi na msconfig i izaberite Startup Normal Mode.

Ponovo pokrenite računalo i ostavite tu opciju dok ne završite sa čišćenje.

Ako imate probleme s previše predmeta izvodi pri pokretanju korištenja Startup Alat. Jednom instaliran desni klik i izaberite stavku Ukloni. To neće ukloniti program, ali će ukloniti pokretanju ulazak u registar koji je bolji onda msconfig metoda.

----------

Ići ovdje i rad kroz korake. Kopirajte i zalijepite sve ove logove ovdje kad završite, uključujući novu HJT prijava nakon svih drugih koraci su potpuni.

[Rob1]

Ja sam se vjerojatno samo paranoidan, ali ovdje su se prijavljuje

SUPERAntiSpyware Log:

http://www.superantispyware.com

Generirano 02/04/2008 at 07:02

Application Version: 3/9/1008

Core Pravila Database Version: 3259
Trace Pravila Database Version: 1386

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 02:00:33

Memorija predmeta skenirane: 628
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 5874
Matični prijetnje otkrivena: 0
File skenirane podatke: 121355
File prijetnje otkrivena: 0


NOD32 Skener online prijava:

# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2847 (20080204)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = b8989a4614f9574b8d372603cddbd3ef
# End = završio
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-02-04 08:08:39
# Local_time = 2008-02-04 08:08:39 (+0000, GMT Standard Time)
# Zemlje = "United Kingdom"
# Osver = 6.0.6000 NT
Skenirane = # 191544
# Pronašao = 0
# Scan_time = 2196

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 20:23:09, dana 04/02/2008
Platforma: Windows Vista (Winnt 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Pokretanje procesa:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Windows \ System32 \ hkcmd.exe
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Windows \ System32 \ igfxpers.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Keyboard Manager \ Utility Manager \ KeyboardManager.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_SL.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Windows \ system32 \ igfxext.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Users \ Robert \ Desktop \ HijackThis \ sniper.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.thetechguys.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1E8A6170-7264-4D0F-BEAE-D42A53123C75) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 1,5 \ NppBho.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Norton Show Toolbar - (90222687-F593-4738-B738-FBEE9C7B26DF) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 1,5 \ UIBHO.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [upornost] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Keyboard Utility Manager] "C: \ Program Files \ Keyboard Manager \ Utility Manager \ KeyboardManager.exe" / lang en / H
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - smolastoga Prefiks:
O15 - Trusted Zone: http:// *. eset.eu
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (4A85DBE0-BFB2-4119-8401-186A7C6EB653) -- http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (71D413D7-38C5-4035-8548-976522CF11D5) (presudno cpcScan) -- http://crucial.com/controls/cpcVistaBeta.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect usluga (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Host COM (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Service Notice LiveUpdate Ex (LiveUpdate Obavijest Ex) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: LiveUpdate Obavijest Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown vlasnika - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems - C: \ Windows \ System32 \ Drivers \ xaudio.exe

--
End of file - 7121 bytes

[evilfantasy]

Sve izgleda u redu.

Check out Imajući Yourself sigurno na Webu Za savjete i slobodne alate da bi vas sigurno u budućnosti.

Također pogledajte Computer Sporo? To ne može biti zaštita od zlonamjernih programa besplatno za čišćenje / održavanje alata za pomoć držati tvoj računalo trčanje glatka.

[Rob1]

Hvala.