Nid pomoć! ~ Ne mogu ukloniti ovaj adware / virus!

jomm43point67 · #1 14 sij 2008, 19:29

Ime: Trojan.Win32.Obfuscated.gx Tip: Trojanski Rizik utjecaja: Ekstremno visoke Lažni kritična sistemska greška upozorenje

**evilfantasy** · #2 14 siječanj 2008, 21:18

Omogućava HJT dobiti log.

Preuzmite i preimenovanje HijackThis (HJT)

Dvaput kliknite na HJTInstall.
Kliknite na Instalacija gumb.
Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Nakon instaliranja, HijackThis trebali otvoriti za vas.
- Zatvori HijackThis i preimenujte ga.
- Idi na C: \ Program Files \ Trend Micro \HijackThis.exe
- Desnom tipkom miša kliknite na HijackThis.exe i odaberite Preimenovanje.
- Upišite sniper.exe i pritisnite Enter.
- Desnom tipkom miša kliknite na sniper.exe i odaberite Pošalji na > Desktop (stvoriti prečac)
Iz otvorenih HiackThis desktop.
Ako koristite sustav Windows Vista, svakako Pokreni kao administrator
Kliknite na Da li je sustav skenirati i spremanje log datoteku button
HijackThis ce skenirati a zatim i prijava će se otvoriti u Notepad.
Kopirajte i zalijepite zatim se prijavite u vaš post.
- Ne Hijackthis su riješili ništa još. Većina onoga što će se pronađe bezopasni ili čak zahtijeva.

Iako smo na Preimenovali HijackThis snajper, mi ćemo i dalje se odnosi na to kao HijackThis ili HJT.

Next post molimo dodaj
Hijackthis log

jomm43point67 · #3 14 siječanj 2008, 23:55

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 2:49:52, na 15/01/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ explorer.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ programa ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekst meni stavka: Download svih sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra kontekst meni stavka: Download odabrana sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra kontekst meni stavka: Preuzmite video sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra kontekst meni stavka: Download sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of file - 5867 bytes

**evilfantasy** · #4 15 sij 2008, 00:47

Zapisnička ne pokazivati nikakve štetne sadržaje at all.

Pokreni ovaj post a nakon toga se prijavite.

Molimo, preuzmite Combofix by sUBs jedan od linkova ispod.
(Isprobajte sve tri ako je potrebno)

VAŽNO - Combofix.exe MORA biti spremljen na vaše vaše Desktop.

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc)
Zatvori / deaktivirati svi protu-virus i anti štetnih sadržaja programa tako da ne ometaju Combofix. <- VAŽNO
- Kliknite na ovaj link da biste vidjeli popis programa koji bi trebao biti onemogućen. Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
Dvaput kliknite combofix.exe i slijedite upute.
- Iz tipkovnice odaberite 1 i pritisnite Enter
Kada završite, on će proizvesti prijava za vas.
Pošta da se prijavite u vaš sljedeći odgovor.

Ne mouseclick combofix's prozor dok je pokrenut.
Skeniranje će privremeno onemogućiti Vaš desktop.
Ako je prekinuo svibanj ostavite računalo smrznuta.
Ako se to dogodi, molimo vas da se ponovo pokrenuti vraćanje desktop.

**evilfantasy** · #5 15 sij 2008, 08:52

Taj ne cijeli log.

Ako je potrebno ići u C: \ combofix.txt i postavljati cijeli log.

jomm43point67 · #6 15 sij 2008, 09:47

Quote:

Originally Posted by evilfantasy

Taj ne cijeli log.

Ako je potrebno ići u C: combofix.txt post i cijeli log.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Running from: C: \ Downloads \ Software \ ComboFix.exe
* Created novu točku vraćanja
UPOZORENJE-ovaj stroj nema Recovery Console Installed!
.
((((((((((((((((((((((((( Files Created from 2007/12/16 da 2008/01/16 ))))))))))) ))))))))))))))))))))
.
2008-01-15 22:29. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 14:46. 2008-01-15 14:46 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 13:35. 2008-01-15 13:36 <DIR> d -------- C: \ Program Files \ Common Files \ Adobe
2008-01-15 12:08. 2007-10-10 15:55 6.065.664 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll
2008-01-15 12:08. 2007-06-30 19:31 2.455.488 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dat
2008-01-15 12:08. 2007-06-30 19:36 991.232 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll.mui
2008-01-15 12:08. 2007-10-10 15:55 459.264 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ msfeeds.dll
2008-01-15 12:08. 2007-10-10 15:55 383.488 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dll
2008-01-15 12:08. 2007-10-10 15:55 267.776 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ iertutil.dll
2008-01-15 12:08. 2007-10-10 15:55 63.488 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ icardie.dll
2008-01-15 12:08. 2007-10-10 15:55 52.224 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ msfeedsbs.dll
2008-01-15 12:08. 2007-10-10 02:59 13.824 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008-01-15 09:09. 2004-08-03 08:56 221.184 - a ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-01-15 08:13. 2008-01-15 08:13 <DIR> d -------- C: \ Program Files \ Fraps
2008-01-15 01:15. 2008-01-15 12:49 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-15 01:15. 2006-09-06 17:43 22.752 - a ------ C: \ WINDOWS \ system32 \ spupdsvc.exe
2008-01-15 00:59. 2008-01-15 00:59 <DIR> d -------- C: \ Program Files \ IObit
2008-01-15 00:55. 2008-01-15 00:55 1.167 - a ------ C: \ WINDOWS \ mozver.dat
2008-01-15 00:00. 2008-01-15 00:01 1.074 - a ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-01-14 23:05. 2008-01-14 23:23 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-14 23:04. 2008-01-14 23:04 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-14 22:39. 2008-01-14 23:00 <DIR> d -------- C: \ Program Files \ EsetOnlineScanner
2008-01-14 22:31. 2008-01-14 22:31 <DIR> d -------- C: \ Downloads
2008-01-13 13:51. 2008-01-13 13:54 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ NCH Swift Sound
2008-01-13 13:51. 2008-01-13 13:52 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NCH Swift Sound
2008-01-13 13:50. 2008-01-13 17:35 <DIR> d -------- C: \ Program Files \ NCH Swift Sound
2008-01-13 08:30. 2008-01-13 08:30 <DIR> d -------- C: \ Program Files \ POMOĆ
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Program Files \ Free Download Manager
2008-01-13 08:10. 2008-01-15 22:29 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Free Download Manager
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FreeDownloadManager.ORG
2008-01-12 20:03. 2008-01-12 20:03 <DIR> d -------- C: \ Program Files \ AVI MPEG RM WMV razdvajač
2008-01-12 18:38. 2008-01-12 18:39 26 - a ------ C: \ WINDOWS \ system32 \ satsukidecodersettings.ini
2008-01-08 06:45. 2008-01-14 19:34 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ Temp
2008-01-08 06:44. 2006-05-25 14:52 162.304 - a ------ C: \ WINDOWS \ system32 \ ztvunrar36.dll
2008-01-08 06:44. 2003-02-02 19:06 153.088 - a ------ C: \ WINDOWS \ system32 \ UNRAR3.dll
2008-01-08 06:44. 2005-08-26 00:50 77.312 - a ------ C: \ WINDOWS \ system32 \ ztvunace26.dll
2008-01-08 06:44. 2002-03-06 00:00 75.264 - a ------ C: \ WINDOWS \ system32 \ unacev2.dll
2008-01-08 06:44. 2006-06-19 12:01 69.632 - a ------ C: \ WINDOWS \ system32 \ ztvcabinet.dll
2008-01-07 21:59. 2008-01-07 21:59 <DIR> d --- a ---- C: \ Documents and Settings \ Jomel \ userdata
2008-01-06 20:56. 2004-08-03 23:08 26.496 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ usbstor.sys
2008-01-05 18:55. 2008-01-05 18:55 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008-01-05 09:16. 2008-01-05 09:16 <DIR> d -------- C: \ Program Files \ K-Lite Codec Pack
2008-01-04 16:13. 2008-01-04 16:13 <DIR> d -------- C: \ Program Files \ ZillaSoft.ws
2008-01-04 16:13. 2004-02-05 13:53 389.120 - a ------ C: \ WINDOWS \ system32 \ actskn43.ocx
2008-01-04 16:13. 2004-01-09 04:54 188.416 - a ------ C: \ WINDOWS \ system32 \ actsplash.ocx
2008-01-04 16:12. 2005-08-27 02:38 1.435.272 - a ------ C: \ WINDOWS \ system32 \ Flash.ocx
2008-01-04 16:12. 2002-03-04 12:27 1.140.472 - a ------ C: \ WINDOWS \ system32 \ IGUltraGrid20.ocx
2008-01-04 16:12. 2000-05-22 04:00 1.066.176 - a ------ C: \ WINDOWS \ system32 \ mscomctl.ocx
2008-01-04 16:12. 2003-11-19 13:59 512.688 - a ------ C: \ WINDOWS \ system32 \ XceedCry.dll
2008-01-04 16:12. 2001-07-28 12:50 265.753 - a ------ C: \ WINDOWS \ system32 \ AS-Exp2.ocx
2008-01-04 16:12. 2004-03-08 23:00 131.856 - a ------ C: \ WINDOWS \ system32 \ MSADODC.ocx
2008-01-04 16:12. 2000-07-14 23:00 118.784 - a ------ C: \ WINDOWS \ system32 \ msstdfmt.dll
2008-01-04 16:12. 2000-07-15 05:00 101.888 - a ------ C: \ WINDOWS \ system32 \ VB6STKIT.DLL
2008-01-04 16:12. 1999-01-26 19:36 11.012 - a ------ C: \ WINDOWS \ system32 \ threadapi.tlb
2007-12-31 20:24. 2007-12-31 20:24 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ ispred
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Yahoo!
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2007-12-30 22:27. 2007-12-30 22:27 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ WebCompiler3
2007-12-30 22:00. 2008-01-15 08:21 49 - a ------ C: \ WINDOWS \ NeroDigital.ini
2007-12-30 21:58. 2007-12-30 21:58 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ FDRLab
2007-12-29 20:21. 2007-12-29 20:21 <DIR> d -------- C: \ WINDOWS \ system32 \ QuickTime
2007-12-29 14:40. 2007-12-29 14:40 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Incomplete
2007-12-29 14:39. 2008-01-12 19:10 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ LimeWire
2007-12-29 14:39. 2007-09-24 23:31 69.632 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2007-12-29 14:37. 2007-12-29 14:38 <DIR> d -------- C: \ Program Files \ Java
2007-12-29 14:36. 2007-12-29 14:36 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2007-12-29 11:25. 2008-01-01 20:43 <DIR> d -------- C: \ Program Files \ LimeWire
2007-12-28 23:32. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2007-12-28 23:28. 2007-12-29 20:15 <DIR> d -------- C: \ WINDOWS \ Downloaded Instalacije
2007-12-28 22:36. 2007-12-28 22:36 <DIR> d -------- C: \ Program Files \ uTorrent
2007-12-28 22:36. 2008-01-14 22:12 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ uTorrent
2007-12-28 22:13. 2007-12-28 22:13 <DIR> d -------- C: \ Program Files \ CCleaner
2007-12-28 19:48. 2007-12-28 19:50 <DIR> d -------- C: \ WINDOWS \ nview
2007-12-28 19:48. 2006-10-22 12:22 208.896 - a ------ C: \ WINDOWS \ system32 \ nvudisp.exe
2007-12-28 19:48. 2008-01-15 21:49 88.566 - a ------ C: \ WINDOWS \ system32 \ nvapps.xml
2007-12-28 19:48. 2006-10-22 12:22 17.056 - a ------ C: \ WINDOWS \ system32 \ nvdisp.nvu
2007-12-28 19:47. 2006-10-22 15:06 208.896 - a ------ C: \ WINDOWS \ system32 \ NVUNINST.EXE
2007-12-28 15:05. 2007-12-28 15:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2007-12-28 14:55. 2007-12-28 15:03 <DIR> d -------- C: \ Program Files \ Yahoo!
2007-12-28 10:39. 2008-01-14 23:05 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ SUPERAntiSpyware.com
2007-12-28 10:39. 2007-12-28 10:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2007-12-28 09:13. 2007-12-28 09:13 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-27 21:37. 2008-01-08 11:43 <DIR> d -------- C: \ Program Files \ EA SPORTS
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ Podrška
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ glavni
2007-12-27 21:05. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Macromedia
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ IE
2007-12-27 21:03. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ DirectX
2007-12-27 19:59. 2008-01-10 22:39 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-27 19:58. 2008-01-07 22:53 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ avg7
2007-12-27 19:58. 2007-12-27 19:58 499.712 - a ------ C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-27 19:58. 2007-12-27 19:58 348.160 - a ------ C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-27 18:48. 2007-12-27 18:48 <DIR> d -------- C: \ NVIDIA
2007-12-27 18:44. 2004-08-03 23:10 10.880 - a ------ C: \ Windows \ System32 \ Drivers \ NdisIP.sys
2007-12-27 18:44. 2004-08-03 23:10 10.880 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - a ------ C: \ Windows \ System32 \ Drivers \ MSTEE.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-27 18:37. 2001-11-22 20:08 712.704 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2007-12-28 01:28 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 10:33 682.496 AW ---- C: \ WINDOWS \ system32 \ divx.dll
2007-11-30 07:30 3.596.288 AW ---- C: \ WINDOWS \ system32 \ QT-dx331.dll
2007-11-30 07:28 81.920 AW ---- C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-21 18:23 81.920 AW ---- C: \ WINDOWS \ system32 \ frapsvid.dll
2007-11-07 09:26 721.920 AW ---- C: \ WINDOWS \ system32 \ lsasrv.dll
2007-10-29 22:43 1.287.680 AW ---- C: \ WINDOWS \ system32 \ quartz.dll
2007-10-28 01:40 227.328 AW ---- C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-22 11:39 267.272 AW ---- C: \ WINDOWS \ system32 \ xactengine2_10.dll
2007-10-22 11:37 17.928 AW ---- C: \ WINDOWS \ system32 \ X3DAudio1_2.dll
2007-10-17 17:23 10.752 AW ---- C: \ WINDOWS \ system32 \ WhoisCL.exe
2001-11-23 04:08 712.704 ar ---- C: \ WINDOWS \ inf \ OSTALE \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 08:24 1694208]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-03 08:56 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e Xe" [2004-07-07 17:28 155648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-27 19:58 579072]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz" = "nwiz.exe" [2006-10-22 12:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-27 19:58 219136]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT; C: \ WINDOWS \ system32 \ SetupNT.sys [2000-10-25 04:27]
* Nedavno Created Service * - PROCEXP90
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-01-15 22:31:35
5/1/2600 Windows Service Pack 2 NTFS
skeniranja skrivenih procesa ...
skeniranja skrivenih autostart entries ...
skeniranja skrivenih datoteka ...
scan uspješno završena
skrivenih datoteka: 0
************************************************** ************************
.
Completion time: 2008-01-15 22:32:38
.
2008-01-15 20:49:48 --- EOF ---

**evilfantasy** · #7 15 siječanj 2008, 10:12

Najprije idite na ovaj tutorial i instalirali konzolu za oporavak.

----------

Preuzimanje FixIEDef by ShadowPuterDude na radnoj površini.
Dvokliknite FixIEDef.exe
- ako je pokrenut Vista klikni U redu o FixIEDef je pokrenut kao Administrator popup

UPOZORENJE: FixIEDef će ubiti sve kopije Internet Explorer i Explorer koji se prikazuju tijekom uklanjanja malicioznih datoteka. U Start Menu ikone i na svoj Desktop neće biti vidljive dok FixIEDef je uklanjanje zlonamjernih datoteka. To je nužno ukloniti dijelove od infekcija koje bi inače neće biti uklonjena.

FixIEDef sve će se vratiti u normalno, kada se završi postupak uklanjanja.

Kliknite Izlaz jednom FixIEDef prikazuje Sva Gotovi poruku.
Priložite u FixIEDef.log na sljedećoj poruci. U zapisnik će se na radnoj površini.

----------

Pokreni novu Hijackthis skenirati i poslati log.

----------

Next post molimo dodaj
FixIEDef klada
Novi Hijackthis log

jomm43point67 · #8 15 siječanj 2008, 17:21

************************************************** ******************************
* *
* FixIEDef Prijava *
* * Version 1.0.0.875
* *
************************************************** ******************************
Created at 08:12:02 na Srijeda, Siječanj 16, 2008
Operacijski sustav: Windows XP
Level Service Pack: Service Pack 2
Sustav jeziku: engleski
Procesor: x86
-------------------------------------------------- ------------------------------
! Datoteke koje su obrisane!
Ne malicioznih datoteka pronađena
-------------------------------------------------- ------------------------------
! Katalozi da su uklonjene!
Ne zlonamerne direktorije biti uklonjene
-------------------------------------------------- ------------------------------
! Stavke registra da su uklonjene!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5638-473A-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Dio
================================================== ==============================
Gotovo svi:)
ShadowPuterDude
Sef Surfanje!




Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 8:13:36, na 16/01/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ explorer.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ programa ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ WINDOWS \ system32 \ NOTEPAD.EXE
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekst meni stavka: Download svih sa Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra kontekst meni stavka: Download odabrana sa Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra kontekst meni stavka: Preuzmite video sa Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra kontekst meni stavka: Download sa Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
--
End of file - 5838 bytes

**evilfantasy** · #9 15 siječanj 2008, 17:32

Vaš Java je zastarjela ostavljajući svoj sustav ranjiv.
Starije verzije su Java propusta zlonamjerni softver koji možete koristiti za zaraziti sustav.

Idi na>> http://java.sun.com/javase/downloads/index.jsp
Na sunce Java stranice dođite do 4. preuzimanje Java Runtime Environment (JRE) 6 Update 4 instalirati novu verziju.
Dalje idite na Dodaj / Ukloni programe i uklonite sve starije verzije.
Ne deinstalirali Java (JRE) 6 Update 4.
Zatim idite u C: \ Program Files \Java i brisati stare mape.
Budite sigurni da ste zadržali jre1.6.0_04

Zapisnička fino izgleda sada.

Kako je računalo sada?

jomm43point67 · #10 15 siječanj 2008, 23:16

Wow! konacno! 4 demontiran i adware-trojans!

Veliko Hvala vam gospodine!
više snage!

Ovaj site je tako cool! _m /

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Nesposoban to Maknuti Virus	avz10	Virus, Spyware i sigurnost	1	15 listopad 2009 09:09
Iexplore.exe Virus Ukloni ugoditi pomoć mene	dmx434343	Virus, Spyware i sigurnost	9	1. ožujak 2009 12:19
Adware.NetPumper - Spyware / zaštita od zlonamjernih programa / Virus?	hopthwoks	Virus, Spyware i sigurnost	2	9. veljača 2009 20:37
AVG licemjerje maknuti virus	TomIsFat	Virus, Spyware i sigurnost	6	30. prosinac 2007 16:11