[vic66]

Pozdrav svima, Bilo je neko vrijeme bio u bolnici 2 tjedna.
Moja obitelj je odlučila iznenaditi me, a da su učinili!
su dodani neki novi programi!
U redu ovdje je moj problem.
Ja sam trčanje panda platine security.which protušpijunskih ima vlastiti program.
Obitelj je odlučila dodaj bo čisti Blaster spyware, spyware terminater sa stvarnom vremenu zaštitu avg protušpijunskih 7,5 i sa real time zaštitu.
JA isto tako imati na zahtjev skeneri oglas svjestan Spybot (tea timer off) i kvadratna.
našto ja je dobio home otrčaše skeneri i pronašao 17 trojans adware i neki junk.
I sada jedna wooried budem hijacked.
može netko pogledati molim.


Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 3:38:57, na 02/10/2007
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ pavsrv51.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ AVENGINE.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ TPSrv.exe
C: \ programi \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programi \ A-kvadratna Free \ a2service.exe
C: \ programi \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ programi \ Ficheiros comuns \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ PsCtrls.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ PavFnSvr.exe
C: \ programi \ Ficheiros comuns \ Panda Software \ PavShld \ pavprsrv.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ Antispam \ pskmssvc.exe
c: \ programi \ Panda Software \ Panda Internet Security 2007 \ firewall \ PSHOST.EXE
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ psimsvc.exe
C: \ programi \ SiteAdvisor \ 6172 \ SAService.exe
C: \ programi \ Spyware Terminator \ sp_rsser.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ RunDll32.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ APVXDWIN.EXE
C: \ programi \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ programa ~ 1 \ COMODO \ CBOClean \ BOC425.exe
C: \ programi \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ programi \ Spyware Terminator \ SpywareTerminatorShield.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ programi \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ SRVLOAD.EXE
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ WebProxy.exe
C: \ programi \ SITEADVISOR \ 6172 \ SITEADV.EXE
C: \ programi \ Panda Software \ Panda Internet Security 2007 \ PavBckPT.exe
C: \ programi \ uTorrent \ uTorrent.exe
C: \ programi \ Bowlfish \ eMule.exe
C: \ programi \ Internet Explorer \ iexplore.exe
C: \ programi \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Fabio \ Definições locais \ Temporary Internet Files \ Content.IE5 \ GSE4YWAK \ HiJackThis [2]. Exe
C: \ programi \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.pt/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.pt/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Hiperligações
R3 - URLSearchHook: WorldTV Bar Toolbar - (44c0b463-5a8a-452c-8e72-dc751dac6ec1) - C: \ programi \ WorldTV_Bar \ tbWorl.dll
R3 - URLSearchHook: World Tv Centar Toolbar - (e077da94-6314-41f1-9f08-6607df65952e) - C: \ programi \ World_Tv_Center \ tbWor1.dll
O2 - BHO: IE7Pro - (00011268-E188-40DF-A514-835FCD78B1BF) - C: \ programi \ IE7Pro \ IE7Pro.dll
O2 - BHO: Facilitador de de Leitor Link Adobe PDF - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ programi \ Ficheiros comuns \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ programi \ SiteAdvisor \ 6172 \ SiteAdv.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ programi \ Windows Live Toolbar \ msntb.dll
O2 - BHO: World Tv Centar Toolbar - (e077da94-6314-41f1-9f08-6607df65952e) - C: \ programi \ World_Tv_Center \ tbWor1.dll
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ programi \ Windows Live Toolbar \ msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ programi \ SiteAdvisor \ 6172 \ SiteAdv.dll
O3 - Toolbar: World Tv Centar Toolbar - (e077da94-6314-41f1-9f08-6607df65952e) - C: \ programi \ World_Tv_Center \ tbWor1.dll
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [APVXDWIN] "C: \ programi \ Panda Software \ Panda Internet Security 2007 \ APVXDWIN.EXE" / s
O4 - HKLM \ .. \ Run: [SCANINICIO] "C: \ programi \ Panda Software \ Panda Internet Security 2007 \ Inicio.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ programi \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizirane
O4 - HKLM \ .. \ Run: [BOC-425] C: \ programa ~ 1 \ COMODO \ CBOClean \ BOC425.exe
O4 - HKLM \ .. \ Run: [WinPatrol] "C: \ programi \ BillP Studios \ WinPatrol \ WinPatrol.exe"
O4 - HKLM \ .. \ Run: [SpywareTerminator] "C: \ programi \ Spyware Terminator \ SpywareTerminatorShield.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVIÇO')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Serviço de sudbina')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C: \ programi \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O8 - Extra kontekst meni stavka: & Windows Live Search - res: / / C: \ programi \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra kontekst meni stavka: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekst meni stavka: E & xportar para o Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Open in new background tab - res: / / C: \ programi \ Windows Live Toolbar \ Components \ en-us \ msntabres.dll.mui/229? 23e13882b2f34d2fb527e50edfede195
O8 - Extra kontekst meni stavka: Otvori u novom planu tab - res: / / C: \ programi \ Windows Live Toolbar \ Components \ en-us \ msntabres.dll.mui/230? 23e13882b2f34d2fb527e50edfede195
O9 - Extra button: IE7Pro Preferences - (0026439F-A980-4f18-8C95-4F1CBBF9C1D8) - C: \ programi \ IE7Pro \ IE7Pro.dll
O9 - Extra 'Tools' MENUITEM: IE7Pro Preferences - (0026439F-A980-4f18-8C95-4F1CBBF9C1D8) - C: \ programi \ IE7Pro \ IE7Pro.dll
O9 - Extra button: Traži - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ programi \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ programi \ Messenger \ msmsgs.exe
O16 - DPF: (5ED80217-570B-4DA9-BF44-BE107C0EC166) -- http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1189781903812
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (EBEDA096-3520-470A-9F4F-E70844D02643): NameServer = 212.55.154.174
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ programi \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: A-kvadratna Free Service (a2free) - Emsi Software GmbH - C: \ programi \ A-kvadratna Free \ a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ programi \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ programi \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: BOCore - Unknown vlasnika - (no file)
O23 - Service: NBService - Nero AG - C: \ programi \ Nero \ Nero 7 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ programi \ Ficheiros comuns \ ispred \ Lib \ NMIndexingService.exe
O23 - Service: AOpen Driver Helper Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C: \ programi \ Panda Software \ Panda Internet Security 2007 \ PsCtrls.exe
O23 - Service: Panda Funkcija Service (PAVFNSVR) - Panda Software International - C: \ programi \ Panda Software \ Panda Internet Security 2007 \ PavFnSvr.exe
O23 - Service: Panda postupku zaštite Service (PavPrSrv) - Panda Software International - C: \ programi \ Ficheiros comuns \ Panda Software \ PavShld \ pavprsrv.exe
O23 - Service: Panda protuvirusni usluga (PAVSRV) - Panda Software International - C: \ programi \ Panda Software \ Panda Internet Security 2007 \ pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C: \ programi \ Panda Software \ Panda Internet Security 2007 \ Antispam \ pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c: \ programi \ Panda Software \ Panda Internet Security 2007 \ firewall \ PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C: \ programi \ Panda Software \ Panda Internet Security 2007 \ psimsvc.exe
O23 - Service: serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C: \ Programas \ SiteAdvisor \ 6172 \ SAService.exe
O23 - Service: Spyware Terminator stvarnom štit Service (sp_rssrv) - Crawler.com - C: \ programi \ Spyware Terminator \ sp_rsser.exe
O23 - Service: TPSrv Panda (TPSrv) - Panda Software International - C: \ programi \ Panda Software \ Panda Internet Security 2007 \ TPSrv.exe
--
End of file - 10407 bytes

PS soory o pravopisne greške mora biti lijek LOL

[evilfantasy]

Pozdrav Vic. Nadam se sve ide dobro.

JA će imati pogled na dnevnik, te se vratiti k vama u nekoliko.

[vic66]

Hvala vrlo velik dio evilfantasy.
I da počinju da se osjećaju bolje.

[vic66]

Bilo je 4 u jutro ovdje, trebam neki spavaju će se vratiti u 8 ujutro.
Obećajem da neće učiniti ništa dok ja ovdje s vama.
Hvala vrlo velik dio za svoje vrijeme i pomoć.

[evilfantasy]

Idi na
C: \ Documents and Settings \ Fabio \ Definições locais \ Temporary Internet Files \ Content.IE5 \ GSE4YWAK \ HiJackThis [2]. Exe
Izbriši ovu cijelu datoteku.

============

Sada idite na
C: \ programi \ Trend Micro \ HijackThis \ HijackThis.exe
Desni klik HijackThis.exe i odaberite Preimenovanje. Naziv je Analyze.exe i pritisnite unijeti.

============

Je li ovo vaš internet provider?
PT.COM - COMUNICACOES INTERACTIVAS SA

============

Izgledate biti čist.

Zapravo, kao što su već izjavili ste malo previše zaštite. Ali, dokle ga je samo jedan antivirusni i jedan vatrozid ne smije biti u sukobu. Vi svibanj biti usporilo koje imaju toliko prikazivati.

Izgleda da skenira sigurnost da su uklonjene sve pronađeno.

[vic66]

Evilfantasy Hvala za odgovor, ali ja rememeber a newbie!
Kako mogu ići radi o ovim zahtjevima















'

[vic66]

Ups
pt. com je usluga

[vic66]

pobrinu se za kidnapovati log i sada je analise .. exe
ali licemjerje nađi C Documents and Settings bilo koji gdje
ugoditi pomoć
HVALA

[evilfantasy]

Otvori HijackThis i odaberite "Da li je sustav samo skeniranje.
Stavite oznaku uz
C: \ Documents and Settings \ Fabio \ Definições locais \ Temporary Internet Files \ Content.IE5 \ GSE4YWAK \ HiJackThis [2]. Exe
Zatim kliknite na Fix checked.

[vic66]

Nažalost evilfantasy ali ne mogu naći. Ima li broj
kao što su 06 ili 04 or23 nešto ja mogu voditi sa sebe