Ugh, Spyware.banker / backdoor.bot...AGAIN!

**inflames** · #1 10. lipnja 2009, 16:21

Zdravo. Ja sam bio ovdje par puta pokušati popraviti moje zlonamjernih programa i to je bio uspješan, ali čini se da iste stvari držati u reappearing scans. Imam poteškoća s prikazivanjem išta što prolazi Cmd (combofix / mgtools / Iseeyouxp), za neki razlog. Ja sam vodio vjerovati da je to zato što STAZA varijablu okruženja nije dozvolio cmd pravo na pristup datotekama? U svakom slučaju, ovdje su neke MBAM skenira i HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 7:20:37 Na 6/10/2009
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program Files \ Microsoft Small Business \ Business Contact Manager \ BcmSqlStartupSvc.exe
C: \ Program Files \ Belkin \ Belkin Wireless Network Utility \ WLService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Belkin \ Belkin Wireless Network Utility \ WLanCfgG.exe
C: \ WINDOWS \ eHome \ ehRecvr.exe
C: \ WINDOWS \ eHome \ ehSched.exe
C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaantmon.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Microsoft SQL Server \ 90 \ Shared \ sqlwriter.exe
C: \ WINDOWS \ explorer.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ WINDOWS \ system32 \ dllhost.exe
c: \ windows \ system32 \ rundll32.exe
c: \ programa ~ 1 \ avg \ avg8 \ avgtray.exe
c: \ windows \ system32 \ rundll32.exe
C: \ Program Files \ iTunes \ ituneshelper.exe
c: \ windows \ stsystra.exe
C: \ Program Files \ zajedničke datoteke \ installshield \ updateservice \ issch.exe
C: \ Program Files \ Intel \ Intel matrix storage manager \ iaanotif.exe
c: \ windows \ ehome \ ehtray.exe
C: \ Program Files \ Dell \ medija iskustvo \ dmxlauncher.exe
C: \ WINDOWS \ eHome \ ehmsas.exe
C: \ Program Files \ slobodan desktop clock \ desktopclock.exe
c: \ program files \ google \ googletoolbarnotifier \ googletoolbarno tifier.exe
c: \ windows \ system32 \ Ctfmon.exe
C: \ Documents and Settings \ Kevin mladih \ Local Settings \ Application Data \ Google \ update \ googleupdate.exe
C: \ Program Files \ superantispyware \ superantispyware.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
c: \ Garmin \ mrav agent \ mrav agent.exe
C: \ Program Files \ digitalne linije otkrivaju \ dlg.exe
C: \ Program Files \ iTunes \ itunes.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ Documents and Settings \ Kevin mladih \ Local Settings \ Application Data \ Google \ krom \ Application \ chrome.exe
C: \ Documents and Settings \ Kevin mladih \ Local Settings \ Application Data \ Google \ krom \ Application \ chrome.exe
C: \ Program Files \ malwarebytes' protiv štetnih sadržaja \ mbam.exe
C: \ Documents and Settings \ Kevin mladih \ Local Settings \ Application Data \ Google \ krom \ Application \ chrome.exe
C: \ Documents and Settings \ Kevin mladih \ Local Settings \ Application Data \ Google \ krom \ Application \ chrome.exe
C: \ Documents and Settings \ Kevin mladi \ moje dokumente \ downloads \ hijackthis.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061002
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AIM Toolbara 5,0 \ aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ Toolbar AIM 5,0 \ aoltb.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [AppleSyncNotifier] C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / pokretanja
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ programa ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" start
O4 - HKLM \ .. \ Run: [ISUSPM Startup] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ isuspm.exe"-početni
O4 - HKLM \ .. \ Run: [IAAnotif] C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaanotif.exe
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [DMXLauncher] C: \ Program Files \ Dell \ Media Experience \ DMXLauncher.exe
O4 - HKLM \ .. \ Run: [DellHelp] C: \ Dell \ DellHelp \ DellHelp.exe / c
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [SkinClock] C: \ Program Files \ slobodan desktop clock \ DesktopClock.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Kevin Young \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [mrav agentu] C: \ Garmin \ mrav Agent \ mrav Agent.exe
O4 - HKCU \ .. \ Run: [Octoshape Streaming Services] "C: \ Documents and Settings \ Kevin Young \ Application Data \ Octoshape \ Octoshape Streaming Services \ OctoshapeClient.exe"-inv: bootrun
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [SkinClock] C: \ Program Files \ slobodan desktop clock \ DesktopClock.exe (User '? ")
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe (User '? ")
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User '? ")
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Kevin Young \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe "/ c (User '?")
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe (User '? ")
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [mrav agentu] C: \ Garmin \ mrav Agent \ mrav Agent.exe (User '? ")
O4 - HKUS \ S-1-5-21-1206202269-1744925342-3452710213-1006 \ .. \ Run: [Octoshape Streaming Services] "C: \ Documents and Settings \ Kevin Young \ Application Data \ Octoshape \ Octoshape Streaming Services \ OctoshapeClient.exe "-inv: bootrun (User '?")
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk =?
O8 - Extra kontekst meni stavka: & AIM Search - C: \ Program Files \ AOL \ cilj toolbar 5,0 \ resurse \ en-us \ Local \ search.html
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ Toolbar AIM 5,0 \ aoltb.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2,0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (4871A87A-BFDD-4106-8153-FFDE2BAC2967) (DLM Control) -- http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1229742173692
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Obavijesti: avgrsstarter - C: \ Windows \ System32 \ avgrsstx.dll
O23 - Service: AOL Povezivanje Service (ACS AOL) - America Online, Inc - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: AVG Free8 upozoravanje (avg8wd) - AVG Technologies CZ, sro - C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Adapter Network Service) - Unknown vlasnika - C: \ Program Files \ Belkin \ Belkin Wireless Network Utility \ WLService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Intel (R) Quick Resume tehnologija (ELService) - Intel Corporation - C: \ Program Files \ Intel \ IntelDH \ Intel (R) Quick Resume Technology Drivers \ Elservice.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: Intel (R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaantmon.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of file - 11391 bytes

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,37
Database Version: 2216
5/1/2600 Windows Service Pack 3

6/2/2009 6:34:22 PM
mbam-log-2009-06-02 (18-34-22). txt

Scan type: Full Scan (C: \ |)
Objekti skenirane: 196280
Vrijeme proteklo: 53 minute (s), 59 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 10
Registry Values zaraženih: 0
Registry Data Items zaraženih: 0
Mape zaraženih: 0
Zaraženih datoteka: 1

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Explorer \ (19127ad2-394b-70f5-c650-b97867baa1f7) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Explorer \ (43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \ S-1-5-18 \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explo rer \ (19127ad2-394b-70f5-c650-b97867baa1f7) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \ S-1-5-18 \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explo rer \ (43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ TypeLib \ (967b15bc-c0b0-4a69-bfe3-2cdcd20adce4) (Spyware.Banker) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ Interface \ (1c1ebef0-37cf-4408-b494-f6c000fd6ed7) (Spyware.Banker) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ Interface \ (339949fb-4a8c-4aa3-bd04-8b888d9a642a) (Spyware.Banker) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ Interface \ (cf3e4737-a002-49ce-8e07-3460cb177a28) (Spyware.Banker) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ CLSID \ (b42bf63c-5354-4c5c-a789-66efeec5e1b0) (Spyware.Banker) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (b42bf63c-5354-4c5c-a789-66efeec5e1b0) (Spyware.Banker) -> karanteni i uspješno izbrisan.

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
C: \ Windows \ system32 \ AcroIEHelpe003.dll (Spyware.Banker) -> karanteni i uspješno izbrisan.

**inflames** · #2 10. lipnja 2009, 16:47

Sorry for double, ali ovdje je nedavna mbam scan.

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,37
Database Version: 2259
5/1/2600 Windows Service Pack 3

6/10/2009 7:46:14 PM
mbam-log-2009-06-10 (19-46-14). txt

Scan type: Full Scan (C: \ |)
Objekti skenirane: 199320
Vrijeme proteklo: 53 minute (s), 48 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 0
Registry Values zaraženih: 0
Registry Data Items zaraženih: 0
Mape zaraženih: 0
Zaražene datoteke: 2

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
C: \ Windows \ system32 \ AcroIEHelpe003.dll (Spyware.Banker) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ Kevin Young \ Application Data \ wiaserva.log (Malware.Trace) -> karanteni i uspješno izbrisan.

**evilfantasy** · #3 10. lipnja 2009, 17:32

Koristite ESET Online Scanner Antivirusi

Taj skener zahtjeva Internet Explorer

1. Potvrdite okvir pored Da, prihvaćam Uvjete korištenja.
2. Kliknite Početak
3. Na pitanje, omogućiti ActiveX kontrole za instalaciju
4. Kliknite Početak
5. Provjerite je li mogućnost Uklonite pronađene prijetnje i mogućnost Scan neželjenih aplikacija provjerite je označen.
6. Kliknite Scan
7. Pričekajte za skeniranje do kraja
8. Koristite notesa za otvaranje logfile se nalaze na C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Dodati taj C: \ Program Files \ EsetOnlineScanner \ log.txt Prijavite se na svoj sljedeći odgovor.

**inflames** · #4 10. lipnja 2009, 19:40

# Version = 4
# OnlineScanner.ocx = 1.0.0.635
# OnlineScannerDLLA.dll = 1, 0, 0, 79
# OnlineScannerDLLW.dll = 1, 0, 0, 78
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 4002 (20090411)
# Vers_arch_module = 1,064 (20080214)
# Vers_adv_heur_module = 1,066 (20070917)
# EOSSerial = 779dd52fbada7441aba5d1cce1027195
# End = završio
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2009-04-12 08:52:10
# Local_time = 2009-04-12 04:52:10 (-0500, Eastern Daylight Time)
# Zemlje = "United States"
# Osver = 5/1/2600 NT Service Pack 3
Skenirane = # 362847
# Pronašao = 0
# Scan_time = 3552

**evilfantasy** · #5 10. lipnja 2009, 21:05

Izbrisati i ComboFix Preuzmite novi primjerak. Preimenujte ga prije nego spremite ga na radnoj površini.

Download ComboFix iz jedan od ispod linkova. Morate preimenovati ga je prije snimanja!

Važno! Morate ComboFix spremiti na radnu površinu.

Link 1
Link 2
Link 3

Preimenuj ComboFix da Combo--Škripac prije snimanja na radnoj površini.

Privremeno onemogućiti tvoj AntiVirus i bilo koji protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite na Combo-Fix.exe i slijedite upute.

Vista korisnici Desnom tipkom miša kliknite na Combo-Fix.exe i odaberite Pokreni kao administrator (dobit ćete prompt UAC, molimo dopustiti)

Ne miša kliknite ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Kada se skeniranje završi on će otvoriti prozor teksta.

Post sadržaja da se prijavite u vaš sljedeći odgovor.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

**inflames** · #6 11. lipnja 2009, 15:55

Ja sam proveo oko 3 sata pokušava shvatiti zašto combofix neće prikazivati ... bezbroj pretraživanja na Googleu da mi daju ništa. Jedini stvar JA svibanj imati postaviti vanjska strana je da našto JA pokušati trčanje Internet 'nesto' nije pokazivalo na pravo mjesto tako da svi mi dobiti je loading bar koji kaže combofix onda cmd prozor nikad ne pokazuje. Prije nego što se to izvodi, ne postoji u mapi C: combofix sa svim podacima, iako poslije pokušaj, mapu pod nazivom 32788R22FWJFW izgleda i ima sve ove. Šišmiša,. Vbs, itd. Datoteke koje se koristi za prikazivanje. Im 'ne siguran ako se ništa ne mogu učiniti u ovom trenutku, ali možda ćete znati!

**evilfantasy** · #7 11. lipnja 2009, 16:00

Pokretanje Task Manager tako što ćete pritisnuti Ctrl + Alt + Delete

End Process tih datoteka imena (ako pronađeno)

- FindStr
- Vfind
- Sed
- GREP
- Ili bilo koju datoteku koja ima ekstenziju *. cfexe

Kraj svakog samo jednom.

Sada pokušajte ponovno pokretanje to ..

**inflames** · #8 11. lipnja 2009, 16:33

: (Ništa ne postoji. Bih trebao samo reformatizovati.

**evilfantasy** · #9 11. lipnja 2009, 16:50

Nisam siguran / na probleme vezane su štetne sadržaje. The ESET scan vratila čist i MBAM nalaza ne mislim bilo bi uzrok tome.

Možda će Vam pokušati popravak prvi.

**inflames** · #10 11. lipnja 2009, 17:05

Kako bi se ja sad radi o tome?

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Spyware.Banker otkrivena u MBAM Scan	SevenYears	Virus, Spyware i sigurnost	88	28. travanj 2009 18:30
Evqcpq0tc.exe - (Backdoor.Bot) Novi Virus nije na Googleu.	mursfSmurf	Virus, Spyware i sigurnost	2	24. ožujak 2009 17:32
Spyware pomoći, molim vas!	rkdub	Virus, Spyware i sigurnost	2	17. listopad 2008 05:07
Imam Spyware, i ako da, kako se otarasiti se nje? Please help!	harvey45	Virus, Spyware i sigurnost	5	6. listopad 2008 15:43
Spyware Q?	Daniels2386	Virus, Spyware i sigurnost	4	11 siječanj 2008 16:43