Trojanski

**evilfantasy** · #11 27. listopada 2008, 16:06

Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.

Link # 1
Link # 2

** Napomena: Važno je da se sprema izravno na svoj Desktop

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix.

Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite combofix.exe i slijedite upute.

Za instalaciju sustava Windows XP Recovery Console:

- Ako koristite sustav Windows XP i već nemate instaliranu konzolu za oporavak, provjerite Vašu internetsku vezu je aktivna (ako je moguće) i kliknite na Da.
- Ako za neki razlog Internet nije rad klik Ne.
-- Ako ne koristite Windows XP, nećete biti upozoreni.
- Kada se od vas zatraži da prihvatite LUKK-klikni U redu.
- Prihvatiti Microsoft EULA (Klikni Da).
- Kada su rekli da RC je ispravno instaliran kliknite DA da nastavi skeniranje za štetne sadržaje.

Kada završite ComboFix će proizvesti prijava za vas.
Objaviti ComboFix log i novu HijackThis log u sljedećem odgovoru.

Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

**lolli_pop** · #12 28. listopada 2008, 09:52

ComboFix 08-10-28.01 - kometa 2008-10-28 16:45:41.2 -- FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT 0:00]
Running from: C: \ Documents and Settings \ kometa \ Desktop \ ComboFix.exe
* Created novu točku vraćanja
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ Downloaded Program Files \ setup.inf
C: \ WINDOWS \ system32 \ dao350.dll
C: \ WINDOWS \ system32 \ spptfqyx.ini
C: \ WINDOWS \ system32 \ xhqmppgy.ini

.
((((((((((((((((((((((((( Files Created from 2008/09/28 to 2008/10/28 ))))))))))) ))))))))))))))))))))
.

2008-10-26 23:17. 2008-10-26 23:16 410.976 - a ------ C: \ WINDOWS \ system32 \ deploytk.dll
2008-10-26 23:02. 2008-10-26 23:02 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-10-26 23:02. 2008-10-26 23:02 <DIR> d -------- C: \ Documents and Settings \ kometa \ Application Data \ Malwarebytes
2008-10-26 23:02. 2008-10-26 23:02 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-10-26 23:02. 2008-10-22 16:10 38.496 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-26 23:02. 2008-10-22 16:10 15.504 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-10-26 19:27. 2008-10-26 19:27 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-10-26 19:27. 2008-10-26 19:27 <DIR> d -------- C: \ Documents and Settings \ kometa \ Application Data \ SUPERAntiSpyware.com
2008-10-26 19:27. 2008-10-26 19:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-18 15:04. 2008-10-18 15:04 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ qfkhglkl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 17:57 332.800 ---- aw C: \ WINDOWS \ System32 \ Dllcache \ netapi32.dll
2008-10-03 18:41 6.066.176 ------ w C: \ WINDOWS \ System32 \ Dllcache \ ieframe.dll
2008-09-15 12:57 1.846.016 ---- aw C: \ WINDOWS \ system32 \ Win32k.sys
2008-09-15 12:57 1.846.016 ---- aw C: \ WINDOWS \ System32 \ Dllcache \ Win32k.sys
2008-08-31 13:51 97.928 ---- aw C: \ WINDOWS \ system32 \ drivers \ avgldx86.sys
2008-08-28 11:04 333.056 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008-08-28 11:04 333.056 ---- aw C: \ WINDOWS \ System32 \ Dllcache \ srv.sys
2008-08-27 09:24 3.593.216 ------ w C: \ WINDOWS \ System32 \ Dllcache \ Mshtml.dll
2008-08-25 09:38 70.656 ------ w C: \ WINDOWS \ System32 \ Dllcache \ ie4uinit.exe
2008-08-25 09:38 13.824 ------ w C: \ WINDOWS \ System32 \ Dllcache \ ieudinit.exe
2008-08-23 06:56 635.848 ------ w C: \ WINDOWS \ System32 \ Dllcache \ iexplore.exe
2008-08-23 06:54 161.792 ------ w C: \ WINDOWS \ System32 \ Dllcache \ ieakui.dll
2008-08-14 11:00 2.180.352 ------ w C: \ WINDOWS \ System32 \ Dllcache \ ntoskrnl.exe
2008-08-14 10:58 2.136.064 aw ---- C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008-08-14 10:58 2.136.064 ------ w C: \ WINDOWS \ System32 \ Dllcache \ Ntkrnlmp.exe
2008-08-14 10:51 138.368 ---- aw C: \ WINDOWS \ System32 \ Dllcache \ afd.sys
2008-08-14 10:22 2.057.728 ------ w C: \ WINDOWS \ System32 \ Dllcache \ Ntkrnlpa.exe
2008-08-14 10:22 2.015.744 ---- aw C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008-08-14 10:22 2.015.744 ------ w C: \ WINDOWS \ System32 \ Dllcache \ Ntkrpamp.exe
2007-07-21 23:46 2.244 ---- aw C: \ Documents and Settings \ kometa \ Application Data \ filterclsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MsnMsgr" = "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" [2007-01-19 5674352]
"swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-06-17 68856]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" [X]
"ntiMUI" = "C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD Maker 7 \ ntiMUI.exe" [2005-05-11 45056]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002" = "C: \ Windows \ System32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync" = "C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A" = "C: \ Windows \ System32 \ IME \ TINTLGNT \ TIN TSETP.EXE" [2004-08-04 455168]
"eRecoveryService" = "C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe" [2005-11-16 397312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2008-10-26 136600]
"BJCFD" = "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" [2003-01-27 376912]
"Broadbandadvisor.exe" = "C: \ Program Files \ Djevičanski Broadband \ savjetnik \ Broadbandadvisor.exe" [2007-01-24 2037240]
"InstantAccess" = "C: \ Program Files \ Pro TextBridge Millenium \ bin \ InstantAccess.exe" [2001-10-04 49152]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-10-11 185632]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-03-28 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY" = "C: \ Program ~ 1 \ AVG \ AVG8 \ avgtray.exe" [2008-09-29 1234712]
"SiSPower" = "SiSPower.dll" [2005/07/13 C: \ WINDOWS \ system32 \ SiSPower.dll]
"SoundMan" = "SOUNDMAN.EXE" [2005/08/17 C: \ WINDOWS \ soundman.exe]
"SMSERIAL" = "sm56hlpr.exe" [2005/06/06 C: \ WINDOWS \ sm56hlpr.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe [2004-12-14 29696]
Utility Tray.lnk - C: \ WINDOWS \ system32 \ sistray.exe [2006-08-01 262144]
Bluetooth.lnk - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe [2006-06-07 553021]
Ulead Photo Express 3.0 SE Kalendar Checker.lnk - C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe [2007-05-19 61440]
ScanPanel.lnk - C: \ Program Files \ Trust \ Easy Webscan 19.200 \ ScanPanel \ ScnPanel.exe [2007-06-06 3043409]
Exif Launcher S.lnk - C: \ Program Files \ FinePixViewerS \ QuickDCF2.exe [2007-10-27 303104]
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2008-08-05 113664]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
2008-07-23 16:28 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = avgrsstx.dll

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"C: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ utorrent \ \ utorrent.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =

R1 AvgLdx86; AVG avi Loader Driver x86, C: \ WINDOWS \ system32 \ Drivers \ avgldx86.sys [2008-08-31 97928]
R2 avg8wd; AVG8 Watchdog, C: \ Program ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2008-08-31 231704]
R2 int15.sys; int15.sys, C: \ Acer \ Empowering Technology \ eRecovery \ int15.sys [2005-01-13 69632]
R2 JavaQuickStarterService; Java Brzo početno, C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe [2008-10-26 152984]
S3 ss_bus; Samsung Mobile USB Sprava 1,0 vozač (WDM), C: \ WINDOWS \ system32 \ drivers \ ss_bus.sys [2005-01-24 52384]
S3 ss_mdfl; Samsung Mobile USB Modem 1,0 filter; C: \ WINDOWS \ system32 \ drivers \ ss_mdfl.sys [2005-01-24 6064]
S3 ss_mdm; Samsung Mobile USB Modem Driver 1,0; C: \ WINDOWS \ system32 \ drivers \ ss_mdm.sys [2005-01-24 84512]

* Newly Created Service * - INT15.SYS
.
Sadržaj je 'Scheduled Tasks' folder

2008/10/22 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profil - C: \ Documents and Settings \ kometa \ Application Data \ Mozilla \ Firefox \ Profiles \ mrpo7rd4.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - 1
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk |www.google.co.uk
FF -: plugin - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ preglednik \ nppdf32.dll
FF -: plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npdeploytk.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-10-28 16:47:36
5/1/2600 Windows Service Pack 2 FAT NTAPI

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
Completion time: 2008-10-28 16:48:32
ComboFix2.txt 2007-11-12 22:53:46
ComboFix-u karanteni-files.txt 2008-10-28 16:48:30

Pre-Run: 7665582080 bytes free
Post-Run: 7917305856 bytes free

WindowsXP-KB310994-SP2-Home-Bootdisk-enu.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (2) \ WINDOW S
[operating systems]
C: \ CMDCONS \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (2) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect

148 --- EOF --- 2008-10-24 23:26:39

Hijack ovaj log:

Logfile of Trend Micro HijackThis v2.0.2
Skenirajte spremljena u 16:49:55, on 28/10/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Acer \ Osnaživanje Tehnologija \ eRecovery \ Monitor.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ Virgin Širokopojasni \ savjetnik \ Broadbandadvisor.exe
C: \ Program Files \ Pro TextBridge Millenium \ Bin \ InstantAccess.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ sm56hlpr.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3,0 SE \ CalCheck.exe
C: \ Program Files \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ FinePixViewerS \ QuickDCF2.exe
C: \ programa ~ 1 \ WIDCOMM \ BLUETO ~ 1 \ BTSTAC ~ 1.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ HijackThis \ Analyse.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - (145B29F4-A56B-4b90-BBAC-45784EBEBBB7) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-in SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: AVG Sigurnost Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ programa ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - (E99421FB-68DD-40F0-B4AC-B7027CAE2F1A) - C: \ Program Files \ EPSON \ EPSON Web-To-Page \ EPSON Web-To-Page.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - (EE5D279F-081B-4404-994D-C6B60AAEBA6D) - C: \ Program Files \ EPSON \ EPSON Web-To-Page \ EPSON Web-To-Page.dll
O3 - Toolbar: StumbleUpon Toolbar - (5093EB4C-3E93-40AB-9266-B607BA87BDC8) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O3 - Toolbar: AVG Sigurnost Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ programa ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / ukvariti / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ Windows \ System32 \ IME \ PINTLGNT \ ImScInst.exe / Sync
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Osnaživanje Tehnologija \ eRecovery \ Monitor.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [BJCFD] C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
O4 - HKLM \ .. \ Run: [Broadbandadvisor.exe] "C: \ Program Files \ Virgin Širokopojasni \ savjetnik \ Broadbandadvisor.exe" / autorun
O4 - HKLM \ .. \ Run: [InstantAccess] C: \ Program Files \ Pro TextBridge Millenium \ Bin \ InstantAccess.exe / h
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ programa ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Comet Screensaver.lnk = C: \ Program Files \ Comet Screensaver \ Comet Screensaver.exe
O4 - Startup: IMVU.lnk = C: \ Program Files \ IMVU \ IMVUClient.exe
O4 - Startup: Pribor
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Bluetooth.lnk =?
O4 - Global Startup: Ulead Photo Express 3,0 SE Kalendar Checker.lnk = C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3,0 SE \ CalCheck.exe
O4 - Global Startup: ScanPanel.lnk = C: \ Program Files \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe
O4 - Global Startup: Exif Launcher S.lnk =?
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe
O8 - Extra kontekst meni stavka: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Pošalji u & Bluetooth - C: \ Program Files \ Belkin \ Bluetooth Software \ btsendto_ie_ctx.htm
O8 - Extra kontekst meni stavka: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O8 - Extra kontekst meni stavka: fotoblog StumbleUpon It! - Res: / / StumbleUponIEBar.dll / blogimage
O9 - Extra button: StumbleUpon - (75C9223A-409A-4795-A3CA-08DE6B075B4B) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1177956484625
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (minolovac Zastave klase) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: AVG8 upozoravanje (avg8wd) - AVG Technologies CZ, sro - C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe

--
End of file - 10.971 bajtova

**evilfantasy** · #13 28. listopada 2008, 10:35

Kliknite START tada Pokrenuti
Sada upišite Combofix / u u runbox
Provjerite da li postoji razmak između Combofix a / u
Tada hit Enter.

Gore navedeni postupak će:
Izbrišite sljedeće:
ComboFix i njegove povezane datoteke i mape.
Reset podešenja sata.
Sakrij nastavke, ako je potrebno.
Sakrij System / Skrivene datoteke, ako je potrebno.
Postavi novu, čisto Restore Point.

----------

Pokreni CCleaner.

----------

Pokreni ovaj online scan.

Taj skener zahtjeva Internet Explorer

Koristite ESET NOD32 Online Scanner

1. Potvrdite okvir pored Da, prihvaćam Uvjete korištenja.
2. Kliknite Početak
3. Na pitanje, omogućiti ActiveX kontrole za instalaciju
4. Kliknite Početak
5. Provjerite je li mogućnost Uklonite pronađene prijetnje i mogućnost Scan neželjenih aplikacija provjerite je označen.
6. Kliknite Scan
7. Pričekajte za skeniranje do kraja
8. Koristite notesa za otvaranje logfile se nalaze na C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Dodati taj C: \ Program Files \ EsetOnlineScanner \ log.txt Prijavite se na svoj sljedeći odgovor.

Kako je na računalu pokrenut sad?

**lolli_pop** · #14 28. listopad 2008, 14:41

To je rekao da trebam instalirati ActiveX, ali se ne izlazi sa pop-up ili bilo kakav upit za mene to uvesti koga u službu.

**evilfantasy** · #15 28. listopada 2008, 14:46

Jeste li koristite Internet Explorer?

**lolli_pop** · #16 28. listopada 2008, 15:39

# Version = 4
# OnlineScanner.ocx = 1.0.0.635
# OnlineScannerDLLA.dll = 1, 0, 0, 79
# OnlineScannerDLLW.dll = 1, 0, 0, 78
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 3563 (20081028)
# Vers_arch_module = 1,064 (20080214)
# Vers_adv_heur_module = 1,064 (20070717)
# EOSSerial = 930ac3d49230114ab36d54f68f5299bf
# End = završio
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-10-28 10:37:29
# Local_time = 2008-10-28 10:37:29 (+0000, GMT Standard Time)
# Zemlje = "United Kingdom"
# Osver = 5/1/2600 NT Service Pack 2
# Skenirane = 283.640
# Pronašao = 0
# Scan_time = 2537

**evilfantasy** · #17 28. listopada 2008, 16:11

Izgleda dobro.

Pustiti mene znati ako imate bilo kakvih pitanja.

Disable System Restore Utility da spriječi ponovnu zarazu od starog

1.) Desni klik My Computer ikona na desktopu i kliknite na Svojstva.
2) Kliknite na System Restore tab.
3) Stavite kvačica pored Turn off System Restore na svi Pogoni
4) Kliknite na U redu gumb.
5) Od Vas će se zatražiti da ponovo pokrenete računalo. Kliknite Da gumb.

Sada ponovno omogućiti System Restore

Za ponovno omogućiti System Restore Utility, slijedite korake od jedan do pet, a na tri korak uklonite oznaku pokraj "Turn off System Restore na svi Pogoni '.

1.) Desni klik My Computer ikona na desktopu i kliknite na Svojstva.
2) Kliknite na System Restore tab.
3) Uklonite oznaku pokraj Turn off System Restore na svi Pogoni
4) Kliknite na U redu gumb.

----------

Koristite Secunia Software inspektor provjeriti za nesuvremen softvera.
Zastario softver sigurnosnih propusta ima zlonamjernih programa koji mogu iskoristiti.

Kliknite Počnite odmah
Potvrdite okvir pored Enable temeljita sustav inspekcije.
Kliknite Početak
Dopusti da se završi skeniranje i pomaknite se dolje da vidim ako je bilo koji su nadopune potrebne.
Update ništa navedene.

----------

Idi na Microsoft Windows Update i dobiti sva kritična ažuriranja.

----------

Provjerite jesu li sve vaše sigurnosne programe do datuma i pokrenuti sken s njima redovno.

Ovdje su neki veliki FREE alate koji će vam pomoći da zadržite od uzimajući okužen ponovno. Ovi alati koristiti malo ili nikakve resurse pa neće usporiti vaše računalo.

Browser Security zabrinuti? Razmislite o korištenju Mozilla Firefox 3,0.

Kako biste spriječili da se nepoznata aplikacija instalirana na vaše računalo instalirati WinPatrol 2008
* Korištenje Winpatrol da zaštiti svoje računalo od zlonamjernih programa

Htjela predlažemo da koristite SiteAdvisor. SiteAdvisor stope lokacije na poslovne prakse i spama. Sigurnost ratings from McAfee SiteAdvisor se temelje na automatizirano ispitivanje sigurnosti web-mjesta.

SpywareBlaster - Sigurna Vašeg Internet Explorera kako bi se teže za tim ActiveX za pokretanje programa na računalu. Također prestati određeni kolačiće od dodan u vašem računalu kada prikazuju temelji preglednicima kao što su Mozilla Firefox.
* Korištenje SpywareBlaster zaštititi vaše računalo od Spyware i zaštita od zlonamjernih programa
* Ako ne znate što su ActiveX kontrole, vidi ovdje

Check out Imajući Yourself sigurno na Webu Za savjete i slobodne alate da bi vas sigurno u budućnosti.

Također pogledajte Computer Sporo? To ne može biti zaštita od zlonamjernih programa besplatno za čišćenje / održavanje alata za pomoć držati tvoj računalo trčanje glatka.

**lolli_pop** · #18 30. listopada 2008, 13:39

Sam učinio sve što si rekao, ali danas kad sam ran AVG, Trojans i dalje postoje kao i Adaware Generic stvari koje god da su. : (

**evilfantasy** · #19 30. listopada 2008, 13:40

Jeste li flush svoje točke vraćanja?

Quote:

Disable System Restore Utility da spriječi ponovnu zarazu od starog

1.) Desni klik My Computer ikona na desktopu i kliknite na Svojstva.
2) Kliknite na System Restore tab.
3) Stavite kvačica pored Turn off System Restore na svi Pogoni
4) Kliknite na U redu gumb.
5) Od Vas će se zatražiti da ponovo pokrenete računalo. Kliknite Da gumb.

Sada ponovno omogućiti System Restore

Za ponovno omogućiti System Restore Utility, slijedite korake od jedan do pet, a na tri korak uklonite oznaku pokraj "Turn off System Restore na svi Pogoni '.

1.) Desni klik My Computer ikona na desktopu i kliknite na Svojstva.
2) Kliknite na System Restore tab.
3) Uklonite oznaku pokraj Turn off System Restore na svi Pogoni
4) Kliknite na U redu gumb.

**lolli_pop** · #20 30. listopada 2008, 13:42

Da, ja sam to prvi put da mi je rekao i trčao sam opet AVG koji nije proizveo malware, ali danas kad sam to učinio, oni su bili tamo opet.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Licemjerje nađi Trojan!	Jophen	Virus, Spyware i sigurnost	1	29. prosinac 2008 20:55
Trojan.vundo.h, trojan.agent, adware.mirar + više! : (	sillyarfer	Virus, Spyware i sigurnost	1	14. prosinac 2008 09:59
Možda trojanskih	moyra	Virus, Spyware i sigurnost	5	8. siječanj 2008 23:55
Trojanski Konj i AVG	chuckeruk	Virus, Spyware i sigurnost	8	2. srpnja 2007 10:02
MSN Trojan	mitchbeast	Virus, Spyware i sigurnost	9	20. lipnja 2007 12:26