Zaraženo Heur.trojan.generic Molimo Pomoć

**ruffryder2k7** · #11 30. listopada 2008, 08:08

Ja sam nesposoban to preuzimanje datoteka OTMoveIt2 la Oldtimer
jer ja držati uzimajući pogrešku 404 Kad kliknem na link i nisam mogao pronaći nigdje online o.0
ja stvarno potreba Internet ili mogu to preskočiti?

**evilfantasy** · #12 30. listopada 2008, 11:56

Download OTMoveIt3 la Oldtimer

Napomena: Ako radite na Vista, desnom tipkom miša kliknite na OTMoveIt2.exe i odabrati Pokreni kao administrator.

* Spremiti na svoj Desktop.
* Dvokliknite OTMoveIt3.exe da ga vode.
* Kopirajte linije u codebox niže u međuspremnik by osvjetljavanje ALL od njih i pritiskom na CTRL + C (ili, nakon isticanja, kliknite desnom tipkom miša i izaberite Copy)

Code:

: Procesi explorer.exe: usluge: Reg: datoteka C: \ Program Files \ Microsoft Windows Live OneCare: Naredbe [čistoće] [emptytemp] [start Explorer] [Reboot]

* Povratak u OTMoveIt3, desni klik na "Zalijepi Upute za stavke koje želite premjestiti" prozor (pod žutom traku) te odabrati Zalijepi.
* Kliknite na crveno Moveit! gumb.
* Kopiraj sve u prozor Stranice (pod zelenoj traci) U međuspremniku by osvjetljavanje ALL od njih i pritiskom na CTRL + C (ili, nakon isticanja, kliknite desnom tipkom miša i izaberite copy) i zalijepite ga u svoj sljedeći odgovor.
Zatvoriti OTMoveIt3

Napomena: Ako je datoteka ili mapa se ne mogu premjestiti odmah vam svibanj biti zatraženo da ponovno pokrenuti računalo kako bi završili proces potez. Ako zamoljeni da ponovno podizanje sustava, odaberite Da. Ako ne, ponovno podizanje sustava anyway.

**ruffryder2k7** · #13 3. studeni 2008, 09:24

========== PROCESI ==========
Proces Explorer.exe ubijen uspješno.
========== USLUGE / Vozači ==========
========== Knjiga ==========
========== FILES ==========
Datoteke / mape C: \ Program Files \ Microsoft Windows Live OneCare nije pronađen.
========== Naredbe ==========
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ etilqs_FibIlDHL DOZ6Bj5KF02i zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBABE.tmp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBACE.tmp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBADE.tmp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBAED.tmp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBAEE.tmp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ ~ DF3914.tmp zakazana za brisanje na ponovno podizanje sustava.
User's Temp mape prazne.
User's mapi Temporary Internet Files ispražnjene.
User's Internet Explorer cache mape prazne.
Local Service Temp mape prazne.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Index.dat zakazana za brisanje na ponovno podizanje sustava.
Local Service mapi Temporary Internet Files ispražnjene.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165608efc59.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165608f37ff.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165611a39d6.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165611a61b2.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165619818e9.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 16561982146.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 1656291e59f.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 1656292bc2c.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165629e21f1.htp zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ WINDOWS \ temp \ cch ~ 165629e4aa6.htp zakazana za brisanje na ponovno podizanje sustava.
Windows Temp mapu ispražnjene.
Java cache ispražnjene.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_001_ zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_002_ zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_003_ zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_MAP_ zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ url classifier3.sqlite zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ url classifier3.sqlite-časopis zakazana za brisanje na ponovno podizanje sustava.
Brisanje datoteke nije uspio. C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ XUL. Mfl zakazana za brisanje na ponovno podizanje sustava.
FireFox cache ispražnjene.
Temp mape prazne.
Explorer uspješno započeo

OTMoveIt3 la Oldtimer - Version 1.0.7.0 prijavite kreirana dana 11032008_111709

Datoteke se preselili na Reboot ...
File C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ etilqs_FibIlDHL DOZ6Bj5KF02i nije pronađena!
File C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBABE.tmp nije pronađena!
File C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBACE.tmp nije pronađena!
File C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBADE.tmp nije pronađena!
File C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBAED.tmp nije pronađena!
File C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ JETBAEE.tmp nije pronađena!
C: \ DOCUME ~ 1 \ Lifeline \ Mještani ~ 1 \ Temp \ ~ DF3914.tmp uspješno prenesena.
File potez nije uspio. C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Index.dat planirano da bude premješten na ponovno podizanje sustava.
File C: \ WINDOWS \ temp \ cch ~ 165608efc59.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 165608f37ff.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 165611a39d6.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 165611a61b2.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 165619818e9.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 16561982146.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 1656291e59f.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 1656292bc2c.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 165629e21f1.htp nije pronađena!
File C: \ WINDOWS \ temp \ cch ~ 165629e4aa6.htp nije pronađena!
C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_001_ uspješno prenesena.
C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_002_ uspješno prenesena.
C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_003_ uspješno prenesena.
C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ CAC on \ _CACHE_MAP_ uspješno prenesena.
C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ url classifier3.sqlite uspješno prenesena.
File C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ url classifier3.sqlite-časopis nije pronađena!
C: \ Documents and Settings \ Lifeline \ Local Settings \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \ XUL. Mfl uspješno prenesena.

**evilfantasy** · #14 3. studeni 2008, 11:02

Update MalwareBytes i pokretanje brzog skeniranja. Uklanjanje ništa naći i poslati molimo da se prijavite.

**ruffryder2k7** · #15 4. studenog 2008, 10:08

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,30
Database version: 1364
5/1/2600 Windows Service Pack 2

11/4/2008 12:09:04 PM
mbam-log-2008-11-04 (12-09-04). txt

Scan type: Quick Scan
Objekti skenirane: 50511
Proteklo vrijeme: 3 minute (s), 20 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 0
Registry Values zaraženih: 0
Registry Data Items zaraženih: 0
Mape zaraženih: 0
Zaraženih datoteka: 1

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo) -> karanteni i uspješno izbrisan.

**evilfantasy** · #16 4. studenog 2008, 11:58

Kako je sve što sada?

**ruffryder2k7** · #17 6. studeni 2008, 10:26

ComboFix 08-11-02.05 - Lifeline 2008-11-06 12:20:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.655 [GMT -5:00]
Running from: C: \ Documents and Settings \ Lifeline \ Desktop \ ComboFix.exe
* Created novu točku vraćanja
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Common \ helper.sig
C: \ Windows \ Downloaded Program Files \ setup.inf
c: \ windows \ IE4 Greška Log.txt
c: \ windows \ system32 \ dao350.dll
c: \ windows \ system32 \ dikelljj.ini
c: \ windows \ system32 \ dpnioack.ini
c: \ windows \ system32 \ gteoqjhv.ini
c: \ windows \ system32 \ ijkvoc.dll
c: \ windows \ system32 \ mzphzp.dll
c: \ windows \ system32 \ oeuxogkl.dll
c: \ windows \ system32 \ rgmrpubf.ini
c: \ windows \ system32 \ ulelptnw.ini
c: \ windows \ system32 \ xqiatfeu.dll

.
((((((((((((((((((((((((( Files Created from 2008/10/06 da 2008/11/06 ))))))))))) ))))))))))))))))))))
.

2008-11-06 11:02. 2008-11-06 11:02 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008-11-06 11:02. 2008-11-06 11:02 <DIR> d -------- C: \ Windows \ system32 \ en
2008-11-06 11:02. 2008-11-06 11:02 <DIR> d -------- C: \ Windows \ l2schemas
2008-11-06 11:00. 2008-11-06 11:03 <DIR> d -------- C: \ Windows \ ServicePackFiles
2008-11-06 10:52. 2008-11-06 10:52 <DIR> d -------- C: \ Windows \ EHome
2008-11-03 11:35. 2008-10-03 12:41 6.066.176 --------- C: \ Windows \ system32 \ dllcache \ ieframe.dll
2008-11-03 11:35. 2007-04-17 04:32 2.455.488 --------- C: \ Windows \ system32 \ dllcache \ ieapfltr.dat
2008-11-03 11:35. 2007-03-08 00:10 991.232 --------- C: \ Windows \ system32 \ dllcache \ ieframe.dll.mui
2008-11-03 11:35. 2008-08-26 02:24 459.264 --------- C: \ Windows \ system32 \ dllcache \ msfeeds.dll
2008-11-03 11:35. 2008-08-26 02:24 383.488 --------- C: \ Windows \ system32 \ dllcache \ ieapfltr.dll
2008-11-03 11:35. 2008-08-26 02:24 267.776 --------- C: \ Windows \ system32 \ dllcache \ iertutil.dll
2008-11-03 11:35. 2008-08-26 02:24 63.488 --------- C: \ Windows \ system32 \ dllcache \ icardie.dll
2008-11-03 11:35. 2008-08-26 02:24 52.224 --------- C: \ Windows \ system32 \ dllcache \ msfeedsbs.dll
2008-11-03 11:35. 2008-08-25 03:38 13.824 --------- C: \ Windows \ system32 \ dllcache \ ieudinit.exe
2008-11-03 11:29. 2008-10-15 11:34 337.408 --------- C: \ Windows \ system32 \ dllcache \ netapi32.dll
2008-11-03 11:17. 2008-11-03 11:17 <DIR> d -------- C: \ _OTMoveIt
2008-10-27 10:28. 2008-10-27 10:28 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-10-23 11:08. 2008-10-23 11:08 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2008-10-23 11:08. 2008-10-23 11:08 <DIR> d -------- C: \ Documents and Settings \ Lifeline \ Application Data \ Malwarebytes
2008-10-23 11:08. 2008-10-23 11:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-10-23 11:08. 2008-10-22 15:10 38.496 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys
2008-10-23 11:08. 2008-10-22 15:10 15.504 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys
2008-10-23 09:49. 2008-10-23 09:49 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-23 09:48. 2008-10-23 09:48 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-10-23 09:48. 2008-10-23 09:48 <DIR> d -------- C: \ Documents and Settings \ Lifeline \ Application Data \ SUPERAntiSpyware.com
2008-10-23 09:46. 2008-10-23 09:46 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-21 10:51. 2008-10-21 11:27 96.976 - a ------ C: \ Windows \ System32 \ Drivers \ klin.dat
2008-10-21 10:51. 2008-10-21 10:51 87.855 - a ------ C: \ Windows \ System32 \ Drivers \ klick.dat
2008-10-21 10:49. 2008-10-21 10:49 <DIR> d -------- C: \ Program Files \ Kaspersky Lab
2008-10-21 10:49. 2008-11-06 12:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab
2008-10-21 10:49. 2008-11-06 12:22 1.910.304 - AHS ---- C: \ Windows \ System32 \ Drivers \ fidbox.dat
2008-10-21 10:49. 2008-11-06 12:22 352.288 - AHS ---- C: \ Windows \ System32 \ Drivers \ fidbox2.dat
2008-10-21 10:49. 2008-11-06 12:22 16.004 - AHS ---- C: \ Windows \ System32 \ Drivers \ fidbox.idx
2008-10-21 10:49. 2008-11-06 12:22 2.284 - AHS ---- C: \ Windows \ System32 \ Drivers \ fidbox2.idx
2008-10-21 10:44. 2008-10-21 10:44 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-10-21 10:21. 2008-10-21 10:21 <DIR> d -------- C: \ Program Files \ uTorrent
2008-10-21 10:21. 2008-10-21 10:46 <DIR> d -------- C: \ Documents and Settings \ Lifeline \ Application Data \ uTorrent
2008-10-21 09:45. 2008-10-21 09:45 <DIR> d -------- C: \ Windows \ system32 \ Adobe
2008-10-18 11:56. 2008-10-18 11:56 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008-10-16 00:18. 2008-09-08 05:41 333.824 --------- C: \ Windows \ system32 \ dllcache \ srv.sys
2008-10-16 00:14. 2008-09-15 07:12 1.846.400 --------- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-16 00:13. 2008-08-14 05:11 2.189.184 --------- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-16 00:13. 2008-08-14 05:09 2.145.280 --------- C: \ Windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-16 00:13. 2008-08-14 04:33 2.066.048 --------- C: \ Windows \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-16 00:13. 2008-08-14 04:33 2.023.936 --------- C: \ Windows \ system32 \ dllcache \ Ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 17:20 --------- d ----- wc: \ Program Files \ Common
2008-11-01 21:17 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ QuickTime
2008-10-29 17:09 --------- d ----- wc: \ Program Files \ Common Files \ Symantec Shared
2008-09-10 07:00 --------- d ----- wc: \ Program Files \ Microsoft Works
2008-09-08 10:41 333.824 AW ---- C: \ Windows \ System32 \ Drivers \ srv.sys
2008-07-16 17:22 722 AW ---- C: \ Documents and Settings \ Lifeline \ Application Data \ wklnhst.dat
2007-10-29 15:00 60.968 AW ---- C: \ Documents and Settings \ Lifeline \ GoToAssistDownloadHelper.exe
2006-12-28 00:52 630.784 AW ---- C: \ Documents and Settings \ Lifeline \ GoToAssist_chat2way__317_en.exe
2006-10-27 19:29 630.784 AW ---- C: \ Documents and Settings \ Lifeline \ chatlnk.exe
2008-07-03 18:54 88 - sh - rc: \ windows \ system32 \ E71B5BF06B.sys
2008-07-03 18:54 2.516 - SHA-w C: \ Windows \ system32 \ KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2006-08-23 7630848]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2006-10-25 98304]
"AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2008-07-29 206088]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
2008-07-23 15:28 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Speed Launch.lnk
backup = C: \ Windows \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ America Online 9,0 Trake Icon.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ America Online Icon.lnk ladice 9,0
backup = C: \ Windows \ PSS \ America Online 9,0 Trake Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Installer EarthLink]
/ C [X]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ KernelFaultCheck]
c: \ windows \ system32 \ dumprep 0-k [X]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UserFaultCheck]
c: \ windows \ system32 \ dumprep 0-u [X]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ AOLDialer]
- a ------ 2004-04-07 11:07 496752 C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe]
- a ------ 2008-04-13 19:12 15360 C: \ Windows \ system32 \ Ctfmon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DellHelp]
- a ------ 2004-04-01 07:51 1589248 C: \ Dell \ DellHelp \ DellHelp.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DMXLauncher]
- a ------ 2005-10-05 02:12 94208 C: \ Program Files \ Dell \ Media Experience \ DMXLauncher.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Google Desktop Search]
- a ------ 2006-10-25 00:07 169984 C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSKDetectorExe]
- a ------ 2005-07-12 18:05 1117184 C: \ Program Files \ McAfee \ SpamKiller \ MSKDetct.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS]
- a ------ 2008-04-13 19:12 1695232 C: \ Program Files \ Messenger \ msmsgs.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NvCplDaemon]
- a ------ 2006-08-23 11:12 7630848 C: \ Windows \ system32 \ nvcpl.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NvMediaCenter]
- a ------ 2006-08-23 11:12 86016 C: \ Windows \ system32 \ nvmctray.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2006-10-25 00:02 98304 C: \ Program Files \ QuickTime \ qttask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RealTray]
- a ------ 2006-10-25 00:02 26112 C: \ Program Files \ Real \ RealPlayer \ realplay.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- a ------ 2006-10-12 03:10 49263 C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jusched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ nwiz]
- a ------ 2006-08-23 11:12 1617920 C: \ Windows \ system32 \ nwiz.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SigmatelSysTrayApp]
- a ------ 2006-08-15 01:38 282624 C: \ Windows \ stsystra.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar]
"AntiVirusOverride" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ KasperskyAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" =
"c: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R0 klbg; Kaspersky Lab Boot Guard Driver, c: \ windows \ system32 \ drivers \ klbg.sys [2008-01-29 32784]
R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ Windows \ System32 \ Drivers \ klfltdev.sys [2008-03-13 26640]
R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ Windows \ System32 \ Drivers \ klim5.sys [2008-04-30 24592]

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs
jqvxedzb
.
Sadržaj je 'Scheduled Tasks' folder

2008/10/31 C: \ Windows \ Tasks \ McAfee.com skeniranja za virusima - My Computer (D1X1B0C1-Lifeline). Posao
- C: \ Program Files \ mcafee.com \ VSO \ mcmnhdlr.exe []
.
- - - - Orphans Odstranjena - - - --

Toolbar-ID - (no file)
SafeBoot-OneCareMP
MSConfigStartUp-AdwareAlert - C: \ Program Files \ AdwareAlert \ AdwareAlert.exe
MSConfigStartUp-AntiSpyKit 5 - C: \ Program Files \ AntiSpyKit 5,3 \ AntiSpyKit 5.3.exe
MSConfigStartUp-AntiSpywareShield - C: \ Program Files \ AntiSpywareShield \ AntiSpywareShield.exe
Corel Photo-MSConfigStartUp Downloader - C: \ Program Files \ Corel \ Corel Snapfire Plus \ Corel Photo Downloader.exe
MSConfigStartUp-MCAgentExe - c: \ programa ~ 1 \ mcafee.com \ agent \ mcagent.exe
MSConfigStartUp-MCUpdateExe - c: \ programa ~ 1 \ mcafee.com \ agent \ mcupdate.exe
MSConfigStartUp-MPFExe - c: \ programa ~ 1 \ McAfee.com \ OSOBA ~ 1 \ MpfTray.exe
MSConfigStartUp-MSKAGENTEXE - c: \ programa ~ 1 \ McAfee \ SPAMKI ~ 1 \ MskAgent.exe
MSConfigStartUp-OASClnt - C: \ Program Files \ McAfee.com \ VSO \ oasclnt.exe
MSConfigStartUp-OneCareUI - C: \ Program Files \ Microsoft Windows Live OneCare \ winssnotify.exe
MSConfigStartUp-pzatszn - c: \ windows \ system32 \ pzatszn.exe
MSConfigStartUp-seekmo - C: \ Program Files \ seekmo \ seekmo.exe
MSConfigStartUp-swg - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.908.5008 \ Idi ogleToolbarNotifier.exe
MSConfigStartUp-VirusHeat 4 - c: \ program files \ VirusHeat 4,3 \ VirusHeat 4.3.exe
MSConfigStartUp-VirusScan Online - c: \ programa ~ 1 \ mcafee.com \ VSO \ mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c: \ programa ~ 1 \ McAfee.com \ VSO \ mcmnhdlr.exe
MSI-MSConfigStartUp Configuration - msiconf.exe

.
------- Supplementary Scan -------
.
FireFox -: Profil - C: \ Documents and Settings \ Lifeline \ Application Data \ Mozilla \ Firefox \ Profiles \ j61dtu92.default \
FF -: plugin - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ preglednik \ nppdf32.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPJava11.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPJava12.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPJava13.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPJava14.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPJava32.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPJPI150_09.dll
FF -: plugin - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ NPOJI610.dll
FF -: plugin - C: \ Program Files \ glediąta \ glediąta Iskustvo Tehnologija \ npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-11-06 12:23:50
5/1/2600 Windows Service Pack 3 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
c: \ windows \ system32 \ nvsvc32.exe
c: \ windows \ system32 \ wdfmgr.exe
.
************************************************** ************************
.
Completion time: 2008-11-06 12:25:48 - machine je ponovno podizanje sustava
ComboFix-u karanteni-files.txt 2008-11-06 17:25:43

Pre-Run: 63485554688 bytes free
Post-Run: 63424978944 bytes free

WindowsXP-KB310994-SP2-Home-Bootdisk-enu.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (2) \ WINDOW S
[operating systems]
c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (2) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect

223 --- EOF --- 2008-11-06 16:08:18

**evilfantasy** · #18 6. studeni 2008, 10:39

Kliknite START tada Pokrenuti
Sada upišite Combofix / u u runbox
Provjerite da li postoji razmak između Combofix a / u
Tada hit Enter.

Gore navedeni postupak će:
Izbrišite sljedeće:
ComboFix i njegove povezane datoteke i mape.
Reset podešenja sata.
Sakrij nastavke, ako je potrebno.
Sakrij System / Skrivene datoteke, ako je potrebno.
Postavi novu, čisto Restore Point.

----------

Preuzimanje ATF čistiju by Atribune na svoj Desktop.

Alternate download link

Napomena: Vista korisnici moraju koristiti Pokreni kao administrator

Pod Main: Odaberite Delete Files u odaberite: Odaberi Sve.
Kliknite Prazan Izdvojeno gumb.
Ako koristite Firefox preglednik klikni Firefox na vrhu i odaberite: Odaberi Sve
Kliknite Prazan Izdvojeno gumb.
Ako želite zadržati svoje spremljene lozinke kliknite Ne na redak.
Ako koristite Opera browser klikni Opera na vrhu i odaberite: Odaberi Sve
Kliknite Prazan Izdvojeno gumb.
Ako želite zadržati svoje spremljene lozinke kliknite Ne na redak.
Kliknite Izlaz na glavnom izborniku za zatvaranje programa.

Imajte na umu da vaš sustav će se pokrenuti sporiji za pokretanje ili dva nakon što koristiti ovaj alat kako ne paničari.

----------

Preuzimanje OTCleanIt.exe i spremite je na svoj Desktop.

Dvokliknite OTCleanIt.exe.
Kliknite Cleanup! gumb.
Odaberi Da kada je "BEGIN Cleanup Process?" retku pojavljuje.
Ako se od vas zatraži da Reboot tijekom čišćenje, odaberite Da.
Alat će izbrisati nakon što završi i sama, ako ne i izbrisati sebe.

Važno: Ponovo pokrenite računalo prije nego što nastavite.

----------

Vaš Java je zastarjela.

Starije verzije imaju propusta koji zlonamjernim web stranice možete koristiti za zaraziti sustav.

Prvo instalirajte novi Nedjelja Java Runtime Environment

Budite sigurni da zatvorite sve prozore preglednika prije nego počnu instalirati.

Izvadite staru verziju (s)

Preuzimanje JavaRa

Otvoriti rajsfešlus datoteku i otvorite je JavaRa.exe
Kliknite Ukloni Starije verzije
JavaRa će traľiti i uklonite sve zastarjela verzija Java i ukloniti sve koji su pronađeni.
Kliknite Dodatni zadaci
Upišite potvrdni pored Remove Files beskorisnih JRE i kliknite Ići
Izlaz JavaRa
Brisanje datoteke iz JavaRa Desktop

----------

Pokreni ovaj online scan.

Taj skener zahtjeva Internet Explorer

Koristite ESET NOD32 Online Scanner

1. Potvrdite okvir pored Da, prihvaćam Uvjete korištenja.
2. Kliknite Početak
3. Na pitanje, omogućiti ActiveX kontrole za instalaciju
4. Kliknite Početak
5. Provjerite je li mogućnost Uklonite pronađene prijetnje i mogućnost Scan neželjenih aplikacija provjerite je označen.
6. Kliknite Scan
7. Pričekajte za skeniranje do kraja
8. Koristite notesa za otvaranje logfile se nalaze na C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Dodati taj C: \ Program Files \ EsetOnlineScanner \ log.txt Prijavite se na svoj sljedeći odgovor.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Problem s Trojanski konj Downloader Generic 9	ÖGB	Virus, Spyware i sigurnost	7	21 studeni 2009 13:06
Zaraženo MultiPacked.Multi.Generic štetni sadržaj!	ruffryder2k7	Virus, Spyware i sigurnost	12	26. lipnja 2009 19:26
Računalo zaraženo Trojan.downloader i neće obrisati Via MBAM	bvauilt	Virus, Spyware i sigurnost	15	17. travanj 2009 15:43
Trojan.vundo.h, trojan.agent, adware.mirar + više! : (	sillyarfer	Virus, Spyware i sigurnost	1	14. prosinac 2008 09:59
Trojanski Generic Heur	kathymer	Virus, Spyware i sigurnost	10	29. studeni 2008 12:58