[ct122592]

bok. soo moj računalo je okužen. ona je pop-up prozora u kojem se kaže da neko pokušava da napadne moju sustava slanjem u virus i onda ti preporučio theres virus programi popping up za mene to install. Tada će se promijeniti moju pozadinu u crveno s simbol.


Ja sam trenutno koristite Spybot pretraživanje i uništiti i adware oglas za skeniranje računala svakodnevne. ide daleko i vraća se za nekoliko sati lters. tako sam razmišljajući kako da biste dobili osloboditi od njega tako da navika se vratiti ponovo.


Logfile of HijackThis v1.99.1
Scan spremljena u 4:20:15, dana 12/24/2007
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ WINDOWS \ system32 \ VTTimer.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe
C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ AIM \ aim.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jucheck.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Hijackthis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = localhost
O2 - BHO: (no name) - (0180A7AF-7449-4632-A705-09CB76186F0D) - (no file)
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O2 - BHO: (no name) - (7A8D213D-2998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.615.5858 \ sw g.dll
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ programa ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Enterprise
O4 - HKLM \ .. \ Run: [VTTimer] VTTimer.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [MP10_EnsureFileVer] C: \ WINDOWS \ inf \ unregmp2.exe / EnsureFileVersions
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [HPDJ traci Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [AIM] C: \ Program Files \ AIM \ aim.exe-cnetwait.odl
O4 - HKCU \ .. \ Run: [LogitechSoftwareUpdate] "C: \ Program Files \ Logitech \ Video \ ManifestEngine.exe" boot
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKCU \ .. \ Run: [LDM] C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ BackWeb-8876480.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (0742B9EF-8C83-41CA-BFBA-830A59E23533) (Microsoft Data Collection Control) -- https: / / support.microsoft.com / OAS / ActiveX / MSDcode.cab
O16 - DPF: (1EF9F042-C2EB-4293-8213-474CAEEF531D) (TmHcmsX Control) -- http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ programa ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ programa ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Obavijesti: gebaxxv - gebaxxv.dll (file missing)
O20 - Winlogon Obavijesti: igfxcui - C: \ Windows \ System32 \ igfxsrvc.dll
O20 - Winlogon Obavijesti: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O20 - Winlogon Obavijesti: pmkjh - C: \ WINDOWS \ system32 \ pmkjh.dll (file missing)
O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O21 - SSODL: mssql - (24D6EB4C-3C8C-4355-9CD5-4948138645A3) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (372F9833-A2A9-4597-967D-9C4B6EC4121D) - C: \ WINDOWS \ syscore.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Planer - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

Pls help. hvala.

[Spencer2004]

dobiti dobar AntiVirus McAfee koji pokriva poput spama, adawre, virusi, Hackers itd sve odjednom, dissconnect iz intetnet, deinstalirajte sve Vaše trenutne zaštite programima, instalirati vaš dobar antivirusni izbora, ažurirati putem Interneta (Internet bi trebao biti siguran sada McAfee je instaliran) onda potpuni sustav skeniranja.

[guccijana]

Hi there, ct122592 IM osoba koju im'd iz d-ovisnici, ja pitao evilfantasy kako bi Vam pomogli da se ako on nije zauzet pa ćemo vidjeti što on kaže ok!

[mrdaveyk]

Što vam ikad dont download preporučeni program

Ja sam imao taj virus, ali ne i prije tako žestoko, i nisu dobili okrugli popravljajući ga kao da ga je vremenski taman kad sam kupio novi moje računalo

protu-virus ono što si dobio u ovom trenutku? Besplatni Avast Home Edition je dobro

[Axegrinder]

O2 - BHO: (no name) - (0180A7AF-7449-4632-A705-09CB76186F0D) - (no datoteka)
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: (no name) - (7A8D213D-2998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
O20 - Winlogon Obavijesti: gebaxxv - gebaxxv.dll (file missing)

Oni svi izgledaju suspiscious i treba ukloniti (ali potvrdite sa evilfantasy ili howardhopkinson first)

O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll <<<Je li tvoj Windows Geniune? Kao što je prikazano je samo kad kad kopiju prozora nije originalan.

[evilfantasy]

Pozdrav ct122592.

Ako i dalje tražeći pomoć a zatim slijedite ove upute.

Otvori HijackThis i odaberite Da li je sustav skeniranja tek tada staviti kvačica pored:

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (0180A7AF-7449-4632-A705-09CB76186F0D) - (no file)
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: (no name) - (1D4B1AF0-833A-AFE9-4B66-888DBA2582CD) - (no file)
O2 - BHO: (no name) - (3f711da5-eed1-496b-9ac7-870af3236ef5) - (no file)
O2 - BHO: (no name) - (56125AE0-2785-4E21-A200-6646C4FFB7FC) - \
O2 - BHO: (no name) - (7A8D213D-2998-4DC2-A09F-4B91903292EF) - \
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (EAA38E9A-A84D-467A-9DFB-34CFEAC54F02) - \
O20 - Winlogon Obavijesti: gebaxxv - gebaxxv.dll (file missing)
O20 - Winlogon Obavijesti: pmkjh - C: \ WINDOWS \ system32 \ pmkjh.dll (file missing)

Sada zatvorite sve prozore osim HijackThis i kliknite na Fix provjereno.

----------

Molimo download CCleaner

• Dvaput kliknite na ccsetup.exe datoteku da biste pokrenuli instalaciju programa.
• Odaberite svoj jezik i pritisnite U redu, Zatim dalje.
• Pročitajte licenčni ugovor i kliknite I Agree.
• Kliknite dalje koristiti zadane instalacije.
• Instalacija pod Opcije, odaberite sve zadane postavke
• Kliknite Instalacija tada završiti da biste dovršili instalaciju.
• Dvaput kliknite na CCleaner prečac na radnoj površini da biste pokrenuli program.
• Na "Windows" tab, pod "Internet Explorera", isključite "Cookies" Ako ne želite da ih izbrisana. (Ako je izbrisana, vjerojatno ćete trebati opet upisati vaše lozinke na svim lokacijama gdje se koristi "cookie" prepoznati kada posjetite).
• Ako koristite bilo ili Mozilla Firefox preglednicima, poništite okvir za "Cookies" se nalazi na kartici Programi, pod Firefox / Mozilla.
• Kliknite na "Options" ikonu na lijevoj strani prozora, a zatim kliknite na "Advanced".
  deselektirati "Samo izbrišite datoteke i mape u sustavu Windows Temp stariji od 48 sata."
• Kliknite na "čistiju" ikonu na lijevoj strani prozora, a zatim kliknite Trčanje za čistiju za pokretanje programa.
• Oprez: Koristiti samo "Registry" opcija ako ste upoznati s vrlo registar kao što je poznato da pronađete stavke legitimna.
• Uvijek kopiju Vašeg registry prije donošenje bilo kakve izmjene.
• Nakon CCleaner je završila proces, kliknite na Izlaz.

----------

Preuzimanje SUPERAntispyware Free Edition (SAS)

• Dvaput pritisnite ikonu na radnoj površini da biste pokrenuli instalacijski program.
• Upitan da Ažurirati program definicije, kliknite Da
• Kliknite na Next Preferences gumb.
• Kliknite Skeniranje Control tab.
• Pod Scanner Opcije Pobrinite se samo sljedeće se provjeravaju:
  • Zatvori preglednici prije skeniranja
  • Scan for tracking cookies
  • Raskinuti memorije prijetnje prije quarantining
  • Molimo ostavite drugima neprovjeren.
  • Kliknite na Zatvori gumb da napuste centar ekrana.
• Kliknite Zatvoriti dugme za kontrolu napustiti središte zaslona.
• Na glavnom ekranu kliknite Skenirajte svoje računalo
• Na lijevoj check C: \ Fiksni Drive
• Na pravo odabrati Obavi Cijela Scan
• Kliknite Dalje da biste započeli pretraživanje. Budite strpljivi dok skenira vaše računalo.
• Nakon skeniranja je kompletan rezime pojavit će se okvir. Kliknite U redu
• Provjerite je li sve u bijeloj kutiji ima check pored nje, a zatim kliknite Dalje
• Ona će se što je pronađena u karantenu, a ako ga pita ako želite ponovno podizanje sustava, kliknite Da
• Da biste preuzeli uklanjanje informacija molimo učinite slijedeće:
  • Nakon što ponovno podizanje sustava, dvokliknite SUPERAntiSpyware ikone na radnoj površini.
  • Kliknite Preferences. Kliknite Statistika / Evidencije tab.
  • Pod Scanner Evidencije, dvokliknite SUPERAntiSpyware Scan Log.
  • To će otvoriti u zadani uređivač teksta (npr. Notepad / WordPad).
  • Spremite notepad datoteku na radnu površinu tako da kliknete (u Notepad) "Datoteka""Save As"
• Spremi zapisničku negdje možete lako pronaći. (normalno desktop)
• Kliknite bliska i opet zatvori za izlaz iz programa.
• Molimo kopirajte i potom zalijepite prijaviti u vaš post.

----------

Molimo deinstalirali / izbrisati kopiju HijackThis imate i preuzeti novu verziju i pokrenite skeniranje s njom i post zapisnik.

Preuzmite i preimenovanje HijackThis (HJT)

• Dvaput kliknite na HJTInstall.
• Kliknite na Instalacija gumb.
• Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
• Nakon instaliranja, HijackThis trebali otvoriti za vas.
  • Zatvori HijackThis i preimenujte ga.
  • Idi na C: \ Program Files \ Trend Micro \HijackThis.exe
  • Desnom tipkom miša kliknite na HijackThis.exe i odaberite Preimenovanje.
  • Upišite sniper.exe i pritisnite Enter.
  • Desnom tipkom miša kliknite na sniper.exe i odaberite Pošalji na > Desktop (stvoriti prečac)
• Iz otvorenih HiackThis desktop.
• Ako koristite sustav Windows Vista, svakako Pokreni kao administrator
• Kliknite na Da li je sustav skenirati i spremanje log datoteku button
• HijackThis ce skenirati a zatim i prijava će se otvoriti u Notepad.
• Kopirajte i zalijepite zatim se prijavite u vaš post.
  • Nemate Hijackthis popraviti ništa još. Većina onoga što će se pronađe bezopasni ili čak zahtijeva.

Iako smo na Preimenovali HijackThis snajper, mi ćemo i dalje se odnosi na to kao HijackThis ili HJT.

----------

Next post molimo dodaj
SUPERAntiSpyware log
Novi HijackThis log

[ct122592]

Hvala EvilFantasy za pomaganje.

SUPERAntispyware scan log:

SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 01/12/2008 at 00:51

Application Version: 3/9/1008

Core Pravila Database Version: 3259
Trace Pravila Database Version: 1270

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 00:37:53

Memorija predmeta skenirane: 537
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 6842
Matični prijetnje otkrivena: 19
File predmeta skenirane: 6768
File prijetnje otkrivena: 67

Adware.Tracking Cookie
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ kolektivne-media [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ partner2profit [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ oglas [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ atwola [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ xiti [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@adopt.specificc lizati [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ html [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ar.atwola [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@bridge.admarket mjesto [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ windowsmedia [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ads.healthcare [1]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner@ads.adbrite [2]. Txt
C: \ Documents and Settings \ HP_Owner \ Cookies \ hp_owner @ atdmt [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@a.websponso RS [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ad.admarket mjesto [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ad.reunion [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ adknowledge [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@adopt.hbmed iapro [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@adopt.hotba r [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ads.cc21414 2 [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@ath.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ atwola [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ bannera [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ belnk [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ bigbanners [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@btg.btgrab [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@cts.metrics direktne [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@dist.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ emarketmake RS [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@hits.clicka ndtrack [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ hurricanedi gitalmedia [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ nextag [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez @ offeroptimi zer [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Cookies \ catherinez@server.cpms tar [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@a.websponsors [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ adknowledge [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@adopt.hotbar [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ads.us.e-planning [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ar.atwola [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@ath.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ atwola [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ azjmp [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@banner3.inet-traffic [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ banner [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ belnk [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ bigbanners [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@btg.btgrab [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ maniok [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@cts.metricsdirect [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@dist.belnk [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ emarketmakers [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ exitexchange [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ interclick [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ leadgenetwork [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ linkstattrack [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ nextag [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ offeroptimizer [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@partypoker.touchc larity [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@sav.coolsavings [1]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ web poveznica [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez @ winfixer [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.azoogleads [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.riverbelle [2]. Txt
C: \ Documents and Settings \ CatherineZ \ Local Settings \ Temp \ Cookies \ catherinez@www.tagworld [1]. Txt

Trojan.WinAntiSpyware / WinAntiVirus 2006/2007
C: \ UWA7P \ Quar
C: \ WINDOWS \ .. \ UWA7P

Trojan.VideoCach / general
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226)
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1,0
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ 0
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ 0 \ Win32
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ ZASTAVE
HKCR \ TypeLib \ (A8954909-1F0F-41A5-A7FA-3B376D69E226) \ 1.0 \ HELPDIR
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91)
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ ProxyStubClsid
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ ProxyStubClsid32
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ TypeLib
HKCR \ Interface \ (967A494A-6AEC-4555-9CAF-FA6EB00ACF91) \ TypeLib # Version
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5)
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ ProxyStubClsid
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ ProxyStubClsid32
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ TypeLib
HKCR \ Interface \ (9692BE2F-EB8F-49D9-A11C-C24C1EF734D5) \ TypeLib # Version

Trojan.Net-MSV/VPS
HKCR \ MSVPS.MSVPSApp
HKCR \ MSVPS.MSVPSApp \ CLSID
HKCR \ MSVPS.MSVPSApp \ CurVer



ja licemjerje nađi hijackthis.exe, pa ja dont znati kako to učiniti posljednji korak. sve sam je nova verzija HJT installed.

[evilfantasy]

Deinstaliraj / izbrisati Hijackthis. To je zastarjela verzija.

Tada koristite upute dadoh instalirati novu verziju.

[ct122592]

Ok hvala.

[evilfantasy]

I post novi log od hijackthis novi.