|
|
#11
20. studeni 2008, 12:36
|
|||
|
|||
|
Update MalwareBytes i trčanje pun sistem scan post onda molimo da se prijavite.
__________________
 |
|
#12
20. studenog 2008, 13:25
|
|||
|
|||
|
uhm, gdje bi mogao ja skinuti?
|
|
#13
20. studenog 2008, 14:39
|
|||
|
|||
|
Žao mi je misao koju je već imao to.
Preuzimanje Malwarebytes' Anti-zaštita od zlonamjernih programa (MBAM)
Extra Napomena: Ako MBAM susrete datoteku koja je teško ukloniti, bit će predstavljen sa 1 of 2 upitom, kliknite U redu da biste bilo i nek MBAM nastaviti s procesom dezinfekcije, ako je zatraženo da ponovo pokrenete računalo, učinite to odmah.
__________________
|
|
#14
20. studenog 2008, 16:30
|
|||
|
|||
|
hvala zlo fantasy će vam znati što happenned
|
|
#15
21. studenog 2008, 21:04
|
|||
|
|||
|
Malwarebytes' Anti-zaštita od zlonamjernih programa 1,30
Database version: 1415 Windows 6.0.6001 Service Pack 1 11/22/2008 12:04:18 PM mbam-log-2008-11-22 (12-04-18). txt Scan type: Quick Scan Objekti skenirane: 46630 Proteklo vrijeme: 4 minute (s), 22 Drugi (a / e) Memory Processes zaraženih: 0 Memorijske module zaraženih: 0 Ključevi registra zaraženih: 0 Registry Values zaraženih: 0 Registry Data Items zaraženih: 0 Mape zaraženih: 0 Zaraženih datoteka: 0 Memory Processes zaraženih: (Nema stavki otkrivenih zlonamjernih) Memorijske module zaraženih: (Nema stavki otkrivenih zlonamjernih) Ključevi registra zaraženih: (Nema stavki otkrivenih zlonamjernih) Registry Values zaraženih: (Nema stavki otkrivenih zlonamjernih) Registry Data Items zaraženih: (Nema stavki otkrivenih zlonamjernih) Mape zaraženih: (Nema stavki otkrivenih zlonamjernih) Zaražene datoteke: (Nema stavki otkrivenih zlonamjernih) |
|
#16
21. studenog 2008, 21:07
|
|||
|
|||
|
Hi EvilFantasy mapu i dalje mogu se vidjeti međutim ona je skrivena mapa i ja sam ne u mogućnosti to izbrisati Internet. to je i na C i D drive ... imam ga u odnosu na netom reghosted xp i ja dont vidjeti mapu čistač u odnosu na ovaj koji je čistač folder skriven i na C i D drive. hvala
|
|
#17
21. studenog 2008, 22:08
|
|||
|
|||
|
Znate li datoteku staze gdje se nalazi?
Morat ćete omogućiti gledanje skrivenih datoteka i mapa doći do njih, ali onda dalje svibanj ne biti u mogućnosti to izbrisati njima. Trebam datoteku lokacijama.
Pokreni CCleaner prije pokretanja Kaspersky scan. ---------- Trčanje Kaspersky Online Scanner U sustavu Microsoft Windows VistaMorate otvarati web preglednik koristite Pokreni kao administrator naredbu. Od Desktopa kliknite desnom tipkom na ikonu za otvaranje preglednika i odaberite Pokreni kao administrator.
Kada se skeniranje vrši se u Scan je završena prozor, bilo je prikazan infekcije. Ne postoji mogućnost za čišćenje / dezinficirati, međutim, moramo analizirati podatke u izvješću. Da biste nabavili izvješće: Kliknite na: Spremi izvješće kao
 Kopirajte i zalijepite taj Kaspersky Online Scanner Report u sljedećem odgovoru. Napomena za Internet Explorer 7 korisnicima: Ako u bilo koje vrijeme ste imali problema s pregledom prihvatiti dugme za licencu, kliknite na Zoom tool se nalazi na dnu desnom dijelu IE prozora i postavite zoom na 75%. Nakon što je prihvaćen licencu, vratiti na 100%.
__________________
|
|
#18
26. studenog 2008, 01:58
|
|||
|
|||
|
Hi Evilfantasy, sjeti moj prethodni post u kojem mom desktopu ima ozbiljnih problema s virusom čemu vam savjete mi izvoditi kombinirani popraviti međutim postoji problem, kada je pokušava bootup i ti prebačen je u drugi dio foruma jer se ne više virus problem. dobro sad to je fino rade (booting up dobar) međutim sada taskmanager je onesposobiti, ali to nam omogućava trčanje msconfig. ovdje je kidnapovati log
Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 4:51:45, na 11/26/2008 Platforma: Windows XP SP2 (Winnt 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ IVT Corporation \ BlueSoleil \ BlueSoleil.exe C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe C: \ Program Files \ IVT Corporation \ BlueSoleil \ BTNtService.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Canon \ MultiPASS4 \ MPSERVIC.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ programa ~ 1 \ AVG \ AVG8 \ avgrsx.exe C: \ programa ~ 1 \ AVG \ AVG8 \ avgemc.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Program Files \ AVG \ AVG8 \ avgtray.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ programa ~ 1 \ AVG \ AVG8 \ aAvgApi.exe C: \ Program Files \ AVG \ AVG8 \ avgui.exe C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ph.rd.yahoo.com/customize/yco...//ph.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoomail.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://ph.rd.yahoo.com/customize/yco...//ph.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = pornografija je loše! Nije kasno da se pokajati za svoje grijehe! R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll O2 - BHO: AVG Sigurnost Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ programa ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL O2 - BHO: SingleInstance Class - (FDAD4DA1-61A2-4FD8-9C17-86F7AC245081) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ YTSingle Instance.dll O3 - Toolbar: AVG Sigurnost Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ programa ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ programa ~ 1 \ AVG \ AVG8 \ avgtray.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [amva] C: \ WINDOWS \ system32 \ amvo.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe O4 - Global Startup: BlueSoleil.lnk =? O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C: \ Program Files \ Adobe \ Adobe Version šlagvort \ servis \ VersionCue.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ programa ~ 1 \ AVG \ AVG8 \ avgemc.exe O23 - Service: AVG Free8 upozoravanje (avg8wd) - AVG Technologies CZ, sro - C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe O23 - Service: BlueSoleil sakrih Service - Unknown vlasnika - C: \ Program Files \ IVT Corporation \ BlueSoleil \ BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: MpService - Canon Inc - C: \ Program Files \ Canon \ MultiPASS4 \ MPSERVIC.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe -- End of file - 5731 bytes sad ga ima virus čistač ona je skrivena mapa i može se naći pod C i D drive. c za to mogu se naći pod c pogon: dvije skrivene mape mogu se naći i čistač čistač (2). pod d je pronaći pod d a tu je sustav glasnoće informacije i skrivene mape. ugoditi pomoć. |
|
#19
26. studenog 2008, 10:54
|
|||
|
|||
|
Download ComboFix © by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.
Link # 1 Link # 2 ** Napomena: Važno je da se sprema izravno na svoj Desktop Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix. Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih. Dvaput kliknite combofix.exe i slijedite upute. Kada završite ComboFix će proizvesti prijava za vas. Objaviti ComboFix log i novu HijackThis log u sljedećem odgovoru. Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti. Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno. Ako imate problema s ComboFix upotrebe, pogledajte Kako koristiti ComboFix
__________________
|
|
#20
5. prosinca 2008, 09:42
|
|||
|
|||
|
hi evilfantasy, žao ne bi Vas obavijestili što se dogodilo na moj laptop ... anyways sam trčanje Kaspersky online skener međutim kada sam instalirati aktivnih x on ne dopustiti mene to trčanje ... prozori zapravo blokira instalaciju aktivno x
ovdje je moj dnevnik za kidnapovati moj laptop: Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 12:46:41, dana 12/6/2008 Platforma: Windows Vista SP1 (Winnt 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Pokretanje procesa: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ Explorer.exe C: \ Windows \ system32 \ taskeng.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ ASUS \ ASUS Live Update \ ALU.exe C: \ Program Files \ Windows Sidebar \ sidebar.exe C: \ Users \ X80le \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WLLoginProxy.exe C: \ Windows \ system32 \ SearchFilterHost.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.asus.com R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: Symantec prevenciju upada - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [Microsoft PinYin IME migracije] C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ MICROS ~ 1 \ IME12 \ IMESC \ IMSCMIG. Exe / INSTALIRAJ O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-zaštita od zlonamjernih programa] C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbamgui.exe / install / tihe O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / Autorun O4 - HKCU \ .. \ Run: [Google Update] "C: \ Users \ X80le \ AppData \ Local \ Google \ Update \ Google Update.exe" / c O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [] (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [] (User 'Default user') O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab O23 - Service: ADSM Service (ADSMService) - Unknown vlasnika - C: \ Program Files \ ASUS \ ASUS Data Security Manager \ ADSMSrv.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown vlasnika - C: \ Program Files \ ATK brza tipka \ ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown vlasnika - C: \ Program Files \ ATKGFNEX \ GFNEXSrv.exe O23 - Service: Automatic LiveUpdate Planer - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Lic NetConnect usluga (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Host COM (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe O23 - Service: Security Management Service Platform (IFXSpMgtSrv) - Infineon Technologies AG - C: \ Windows \ system32 \ ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C: \ Windows \ system32 \ ifxtcs.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Označavanje Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE O23 - Service: LiveUpdate Obavijest - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ ispred \ Lib \ NMIndexingService.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C: \ Windows \ system32 \ IfxPsdSv.exe O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown vlasnika - C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe O23 - Service: Symantec Core LC - Unknown vlasnika - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe -- End of file - 5889 bytes |
