[guccijana]

idemo opet

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 11:13:49, dana 1/29/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Avast4Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bitni \ Surround mikser \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ programa ~ 1 \ Yahoo! \ Preglednik \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ programa ~ 1 \ Yahoo! \ Preglednik \ ycommon.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ programa ~ 1 \ AVAST4 ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Linksys EasyLink Savjetnik \ LinksysAgent.exe
C: \ Windows \ System32 \ WTablet \ TabUserW.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Program Files \ Avast4Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4Software \ Avast4 \ ashWebSv.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ Program Files \ Avast4Software \ Avast4 \ ashSimpl.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Program Files \ Windows NT \ Accessories \ wordpad.exe
C: \ Documents and Settings \ Tatjana Blazevic \ Desktop \ sniper.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = lokalnih
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ TATJANA BLAŽEVIĆ \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "engine: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ TATJANA BLAŽEVIĆ \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - (no file)
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Preglednik \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-46c4-B692-B683-905236F6F655) - c: \ programa ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bitni \ Surround mikser \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ programa ~ 1 \ Yahoo! \ Preglednik \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ programa ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [gramofonska igla Foto EPSON R340 Series] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON gramofonska igla Foto R340 Series" / O6 "USB002 "/ M" gramofonska igla Foto R340 "
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ AVAST4 ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizirane
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [EasyLinkAdvisor] "C: \ Program Files \ Linksys EasyLink Savjetnik \ LinksysAgent.exe" / pokretanja
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: TabUserW.exe.lnk = C: \ Windows \ System32 \ WTablet \ TabUserW.exe
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://prerelease.trendmicro-europe....vex/hcImpl.cab
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) --
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown vlasnika - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown vlasnika - C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Povezivanje Service (ACS AOL) - America Online, Inc - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: Usluga UPS APC - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown vlasnika - C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4Software \ Avast4 \ aswUpdSv.exe
O23 - Service: ati brza tipka Poller - Unknown vlasnika - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4Software \ Avast4 \ ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: BrSplService (SPL Brother XP Service) - brat Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown vlasnika - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Servis za CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown vlasnika - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Označavanje Service (LightScribeService) - Unknown vlasnika - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown vlasnika - C: \ programa ~ 1 \ mcafee.com \ VSO \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online stvarnom Engine (MCVSRte) - Mreše Associates Technology, Inc - c: \ programa ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
O23 - Service: TabletService - Wacom tehnologije Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

--
End of file - 11218 bytes

[evilfantasy]

Otvori HijackThis i odaberite Da li je sustav skenirati samo.

Stavite kvačica pored sljedećih stavki:

O2 - BHO: (no name) - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - (no file)
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)


Zatvori sve prozore osim HijackThis i kliknite Fix checked.

Izlaz Hijackthis.

----------

Preuzimanje DrWeb CureIt & Spremili na radnu površinu.

Skeniraj sa DrWeb-CureIt kako slijedi:

• Dvaput kliknite na drweb-cureit.exe a zatim Početak.
• An Express skeniranja računala obavijesti će se pojaviti.
• Pod Pokrenite Express Scan Now Kliknite U redu za početak.
  • Ovo je kratka skeniranja koji će skenirati datoteke trenutno izvodi u memoriji.
  • Ako ili kada nešto nije pronađena, kliknite na Da gumb kad ga pita želite li izliječiti ga.
• Nakon što je kratko scan završite, kliknite Opcije> Promijeni postavke
• Izaberite Scan karticu i Isključi Heurističan analiza i kliknite U redu
• Natrag na glavnom prozoru, odaberite Cijela scan gumb.
• Zatim kliknite na Green Arrow Start Scanning gumb na desnoj strani, a počet će skenirati.
  • Kliknite Da za sve ako se pita ako želite liječiti / pomaknuti bilo koju datoteku (e).
• Kada se vrši skeniranje.
• U Dr.Web CureIt lijevom izborniku na vrhu, kliknite na Datoteka te odabrati Spremi izvješće lista.
• Spremite DrWeb.csv Izvještaj na svoj Desktop.
• Izlaz Dr.Web Cureit.

• Važno! Ponovno pokrenuti računalo, jer bi to moglo biti moguće da se datoteka u upotrebi će biti premještena / obrisane tijekom rada računala.

• Nakon što ponovno podizanje sustava, Desnom tipkom miša kliknite Dr.Web se prijavite na radnu površinu i izabrati Otvori S> Notepad
• Kopirajte i zalijepite da se prijavite u sljedećem odgovoru

----------

Sljedeća post
Dr. Web log

[guccijana]

OKI svojim skening sada - to pronašao virus CFd.exe! izgleda kao njegova odlaska potrajati?

Sam bio obličje preko foruma i woooow postoji toliko mnogo ljudi sa virusima hehe

[evilfantasy]

CFd.exe nije zapravo virus, ali svibanj imati postati jedan okužen, te će činiti zla ni u bitak uklonjena.

[guccijana]

trebam ga ručno ukloniti? ili?

[evilfantasy]

Ne skener će voditi brigu o tome.

[guccijana]

Napredak 27% skener pronašao dvije datoteke je "

-cfd.exe-(adware) djelovanje na kartici --- neizlječiva izbrisati>> ce ga izbrisati?
-reg-ubp2b Tatjana b.reg (trojanskih startpage) radnji tab-deleted

[guccijana]

šta

• Važno! Ponovno pokrenuti računalo, jer bi to moglo biti moguće da se datoteka u upotrebi će biti premještena / obrisane tijekom rada računala. znači?

kako činiti ja činiti to?

[evilfantasy]

Dovoljno je ponovo pokrenuti računalo ako ne Dr. Web to učiniti za vas.

Mi ćemo morati vidjeti prijavite se da je sve nestalo. To ne bi trebalo trajati mnogo dulje sada.

[guccijana]

ohh ok, njegova do 70% skoro gotovi