|
| |||||||
| Registracija | Mapa Spy | Member List | Donacije | Pretraživanje | Today's Posts | Označi Sve Forume Kao Pročitane | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
21. Ruj 2008, 20:09
| |||
| |||
| kao što sam naslov kaže hhave virus, što vjerujem da je virtumonde.dll, koji ive bio, rekao je jedan oblik vundo. Poznato mi je spor kompjuter haveing i postoji mnogo popups za protu-virus i ristry čistiji ... a strangest stvar, ne mogu ažurirati Sve na mom računalu ?????? molim vas ako mi netko mogao reći što trebate učiniti .... hvala moj Heresu kidnapovati log Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 4:55:10 Na 9/22/2008 Platforma: Windows XP SP3 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ programa ~ 1 \ McAfee \ MSC \ mcmscsvc.exe C: \ Program Files \ zajedničko Files \ McAfee \ mna \ mcnasvc.exe c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ McAfee \ mcproxy \ mcproxy.exe C: \ Program Files \ McAfee \ VirusScan \ McShield.exe C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ explorer.exe c: \ programa ~ 1 \ mcafee.com \ agent \ mcagent.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ WINDOWS \ system32 \ WLTRAY.exe C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ MOM.EXE C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ ccc.exe C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Windows \ System32 \ Msiexec.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless UI Manager] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Povucite za Disk \ DrgToDsc.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe" O4 - HKLM \ .. \ Run: [McENUI] C: \ programa ~ 1 \ McAfee \ MHN \ McENUI.exe / sakrij O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide O4 - HKLM \ .. \ RunOnce: [SpybotDeletingA5528] naredbu / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKLM \ .. \ RunOnce: [SpybotDeletingC6845] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ setup.exe / start / restart / l: enu O4 - HKCU \ .. \ Run: [DelayShred] c: \ programa ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Mještani ~ 1 \ TEMPOR ~ 1 \ Sadržaj . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Mještani ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Mještani ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD4B54 ~ 1.SH! O4 - HKCU \ .. \ RunOnce: [SpybotDeletingB6548] naredbu / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKCU \ .. \ RunOnce: [SpybotDeletingD1472] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video logitech-m-D 10.5. 1,2023 (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video logitech m-d 10.5.1.2023 (User 'Default user ') O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file) O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: McAfee Usluge (mcmscsvc) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ MSC \ mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc - c: \ program files \ zajedničko Files \ McAfee \ mna \ mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ McAfee \ mcproxy \ mcproxy.exe O23 - Service: McAfee stvarnom vremenu Scanner (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown vlasnika - C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe O23 - Service: Dell Wireless WLAN Trake Service (wltrysvc) - Unknown vlasnika - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of file - 7660 bytes  |
|
#2
21. Ruj 2008, 21:28
| |||
| |||
| Preuzimanje Malwarebytes' Anti-zaštita od zlonamjernih programa (MBAM)
Extra Napomena: Ako MBAM susrete datoteku koja je teško ukloniti, bit će predstavljen sa 1 of 2 upitom, kliknite U redu da biste bilo i nek MBAM nastaviti s procesom dezinfekcije, ako je zatraženo da ponovo pokrenete računalo, učinite to odmah. ---------- Sada pokrenite novu HijackThis skeniranja i post zapisnik.
__________________  |
|
#3
22. Ruj 2008, 13:31
| |||
| |||
| I ran pravo da malwarebytes .. stvar i to podići ovaj Malwarebytes' Anti-zaštita od zlonamjernih programa 1,28 Database Version: 1194 5/1/2600 Windows Service Pack 3 9/22/2008 8:55:50 PM mbam-log-2008-09-22 (20-55-50). txt Scan type: Quick Scan Objekti skenirane: 53105 Vrijeme proteklo: 6 minuta (e), 1 sekundu (s) Memory Processes zaraženih: 0 Memorijske module zaraženih: 1 Ključevi registra zaraženih: 10 Registry Values zaraženih: 2 Registry Data Items zaraženih: 2 Mape zaraženih: 1 Zaražene datoteke: 15 Memory Processes zaraženih: (Nema stavki otkrivenih zlonamjernih) Memorijske module zaraženih: C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava. Ključevi registra zaraženih: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava. HKEY_CLASSES_ROOT \ CLSID \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava. HKEY_CLASSES_ROOT \ WR (Malware.Trace) -> karanteni i uspješno izbrisan. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ dslcnnct (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ IProxyProvid er (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Trojan.Vundo) -> karanteni i uspješno izbrisan. Registry Values zaraženih: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ 7c0a0557 (Trojan.Vundo) -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ bm7f3936cb (Trojan.Agent) -> Delete na ponovno podizanje sustava. Registry Data Items zaraženih: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ssqpmmnf -> karanteni i uspješno izbrisan. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ ssqpmmnf -> Delete na ponovno podizanje sustava. Mape zaraženih: C: \ WINDOWS \ system32 \ kBin02 (Trojan.Agent) -> karanteni i uspješno izbrisan. Zaražene datoteke: C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava. C: \ WINDOWS \ system32 \ fNmmpqss.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ system32 \ fNmmpqss.ini2 (Trojan.Vundo.H) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ system32 \ qwtbatxb.dll (Trojan.Vundo) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ system32 \ ysirza.dll (Trojan.Vundo) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ system32 \ vfcortyh.dll (Trojan.Vundo) -> Delete na ponovno podizanje sustava. C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 7LVEI8GK \ upd105320 [1] (Trojan.Vundo) -> Delete na ponovno podizanje sustava. C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ TPEY0D0R \ nd82m0 [1] (Trojan.Vundo) -> Delete na ponovno podizanje sustava. C: \ WINDOWS \ system32 \ mcrh.tmp (Malware.Trace) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ cookies.ini (Malware.Trace) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ system32 \ jyyubyyg.dll (Trojan.Agent) -> Delete na ponovno podizanje sustava. C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ pskt.ini (Trojan.Vundo) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ BM7f3936cb.xml (Trojan.Vundo) -> karanteni i uspješno izbrisan. C: \ WINDOWS \ BM7f3936cb.txt (Trojan.Vundo) -> karanteni i uspješno izbrisan. * * * ran sam ga nekoliko puta nakon toga, a sada kaže da ne postoji ništa zaražene .... JA pravedan ran kidnapovati .. i to je rezultat Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 10:26:25, dana 9/22/2008 Platforma: Windows XP SP3 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ programa ~ 1 \ McAfee \ MSC \ mcmscsvc.exe C: \ Program Files \ zajedničko Files \ McAfee \ mna \ mcnasvc.exe c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ McAfee \ mcproxy \ mcproxy.exe C: \ Program Files \ McAfee \ VirusScan \ McShield.exe C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ explorer.exe c: \ programa ~ 1 \ mcafee.com \ agent \ mcagent.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ WINDOWS \ system32 \ WLTRAY.exe C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Povucite za Disk \ DrgToDsc.exe C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ MOM.EXE C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ ccc.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ Program Files \ Skype \ Phone \ Skype.exe C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe C: \ Program Files \ Skype \ Plugin Manager \ skypePM.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file) O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll O2 - BHO: (no name) - (12637832-85DB-4C63-B9D6-12B3E50A52C9) - (no file) O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file) O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file) O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file) O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file) O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless UI Manager] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Povucite za Disk \ DrgToDsc.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe" O4 - HKLM \ .. \ Run: [McENUI] C: \ programa ~ 1 \ McAfee \ MHN \ McENUI.exe / sakrij O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ setup.exe / start / restart / l: enu O4 - HKCU \ .. \ Run: [DelayShred] c: \ programa ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Mještani ~ 1 \ TEMPOR ~ 1 \ Sadržaj . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Mještani ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Mještani ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD4B54 ~ 1.SH! O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video logitech-m-D 10.5. 1,2023 (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video logitech m-d 10.5.1.2023 (User 'Default user ') O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file) O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll O20 - Winlogon Obavijesti: awtuutTk - awtuutTk.dll (file missing) O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: McAfee Usluge (mcmscsvc) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ MSC \ mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc - c: \ program files \ zajedničko Files \ McAfee \ mna \ mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ McAfee \ mcproxy \ mcproxy.exe O23 - Service: McAfee stvarnom vremenu Scanner (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown vlasnika - C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe O23 - Service: Dell Wireless WLAN Trake Service (wltrysvc) - Unknown vlasnika - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of file - 8474 bytes * * * Ja stvarno trebate znati što se događa ovdje trebam ovaj laptop natrag, hvala ... pustiti mene znati ako ima išta Ja mogu učiniti kako bi se ... |
|
#4
22. Ruj 2008, 16:47
| |||
| |||
| Disable Windows Defender Mi moramo onemogućiti Vaš Windows Defender Zaštita u stvarnom vremenu kao što svibanj interferirati s ispravci da je potrebno napraviti.
---------- Otvori HijackThis i odaberite Da li je sustav skenirati samo. Stavite oznaku uz sljedeće stavke: (ako postoji)
HijackThis Izađi i ponovo pokrenite računalo da se registrirate i izmjene koje HijackThis. ---------- Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop. Link # 1 Link # 2 ** Napomena: Važno je da se sprema izravno na svoj Desktop Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix. Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih. (McAfee ne može pretvoriti u potpunosti isključiti. Pravedan trčanje ComboFix anyway i dopustiti Internet to trčanje ako išta pokuša blokirati ga.) Dvaput kliknite combofix.exe i slijedite upute. Kada završite ComboFix će proizvesti prijava za vas. Objaviti ComboFix log i novu HijackThis log u sljedećem odgovoru. Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti. Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.
__________________ |
|
#5
22. Ruj 2008, 19:14
| |||
| |||
| ok ja ran kombinirani popraviti, ovdje je reslults ... ComboFix 08-09-20.05 - Administrator 2008-09-23 4:07:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.526 [GMT 2:00] Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe * Created novu točku vraćanja UPOZORENJE-ovaj stroj nema Recovery Console Installed! . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ djynmrpe.ini C: \ WINDOWS \ system32 \ EMVwxyay.ini C: \ WINDOWS \ system32 \ fxdehybr.ini C: \ WINDOWS \ system32 \ hgillUtv.ini C: \ WINDOWS \ system32 \ hwpdknag.ini C: \ WINDOWS \ system32 \ hytrocfv.ini C: \ WINDOWS \ system32 \ jrawajwy.ini C: \ WINDOWS \ system32 \ kruvwslm.ini C: \ WINDOWS \ system32 \ ljbuenel.ini C: \ WINDOWS \ system32 \ mbpyegow.ini C: \ WINDOWS \ system32 \ MSINET.oca C: \ WINDOWS \ system32 \ oopfgjdw.ini C: \ WINDOWS \ system32 \ oujogpou.ini C: \ WINDOWS \ system32 \ ovbmvuhg.ini C: \ WINDOWS \ system32 \ rmkrhevi.ini C: \ WINDOWS \ system32 \ uhikvuhh.ini C: \ WINDOWS \ system32 \ vpgysgqj.ini . ((((((((((((((((((((((((( Files Created from 2008/08/23 da 2008/09/23 ))))))))))) )))))))))))))))))))) . 2008-09-23 01:06. 2008-09-23 01:06 <DIR> d -------- C: \ Program Files \ DivX 2008-09-22 22:11. 2008-09-22 22:20 1.374 - a ------ C: \ WINDOWS \ imsins.BAK 2008-09-22 21:30. 2008-05-01 16:33 331.776 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ msadce.dll 2008-09-22 21:25. 2008-04-11 21:04 691.712 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ inetcomm.dll 2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2008-09-22 20:47. 2008-09-10 00:04 38.528 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys 2008-09-22 20:47. 2008-09-10 00:03 17.200 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys 2008-09-22 04:54. 2008-09-22 20:47 <DIR> d -------- C: \ Desktop 2008-09-22 04:47. 2008-09-22 04:48 <DIR> d -------- C: \ Program Files \ Windows Defender 2008-09-22 04:36. 2008-09-22 04:36 <DIR> d - h ----- C: \ WINDOWS \ system32 \ GroupPolicy 2008-09-22 02:58. 2008-09-22 02:58 268 - ah ----- C: \ sqmdata00.sqm 2008-09-22 00:30. 2008-09-22 00:30 <DIR> d -------- C: \ VundoFix sigurnosne kopije . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 23:08 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire 2008-09-22 20:34 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype 2008-09-22 20:25 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM 2008-09-22 03:36 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-09-22 00:07 --------- d ----- w C: \ Program Files \ McAfee 2008-08-14 04:47 --------- d ----- w C: \ Documents and Settings \ Gost \ Application Data \ SiteAdvisor 2008-08-02 01:04 --------- d ----- w C: \ Program Files \ Enigma Software Group 2008-07-30 03:57 876.883 - SHA-w C: \ WINDOWS \ system32 \ EMVwxyay.ini2 2008-07-30 03:49 --------- d ----- w C: \ Program Files \ CCleaner 2008-07-30 03:05 --------- d ----- w C: \ Documents and Settings \ Gost \ Application Data \ ATI 2008-07-29 03:35 --------- d ----- w C: \ Program Files \ Common Files \ LogiShrd 2008-07-27 03:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Roxio 2008-07-26 06:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ McAfee 2008-07-26 03:45 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-07-25 08:36 524.288 AW ---- C: \ WINDOWS \ system32 \ DivXsm.exe 2008-07-24 18:28 --------- d ----- w C: \ Program Files \ SiteAdvisor 2008-07-24 16:32 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ SiteAdvisor 2008-07-23 16:50 9.464 w ------ C: \ Windows \ System32 \ Drivers \ cdralw2k.sys 2008-07-23 16:50 9.336 w ------ C: \ Windows \ System32 \ Drivers \ cdr4_xp.sys 2008-07-23 16:50 43.528 w ------ C: \ Windows \ System32 \ Drivers \ PxHelp20.sys 2008-07-23 16:50 3.596.288 AW ---- C: \ WINDOWS \ system32 \ QT-dx331.dll 2008-07-23 16:50 129.784 w ------ C: \ WINDOWS \ system32 \ pxafs.dll 2008-07-23 16:50 120.056 w ------ C: \ WINDOWS \ system32 \ pxcpyi64.exe 2008-07-23 16:50 118.520 w ------ C: \ WINDOWS \ system32 \ pxinsi64.exe 2008-07-23 16:48 200.704 AW ---- C: \ WINDOWS \ system32 \ ssldivx.dll 2008-07-23 16:48 1.044.480 AW ---- C: \ WINDOWS \ system32 \ libdivx.dll 2008-07-23 16:46 12.288 AW ---- C: \ WINDOWS \ system32 \ DivXWMPExtType.dll 2008-07-21 13:33 890.828 - SHA-w C: \ WINDOWS \ system32 \ hgillUtv.ini2 2008-07-21 10:06 10.520 AW ---- C: \ WINDOWS \ system32 \ avgrsstx.dll 2008-07-18 20:10 94.920 AW ---- C: \ WINDOWS \ system32 \ cdm.dll 2008-07-18 20:10 53.448 AW ---- C: \ WINDOWS \ system32 \ wuauclt.exe 2008-07-18 20:10 45.768 AW ---- C: \ WINDOWS \ system32 \ wups2.dll 2008-07-18 20:10 36.552 AW ---- C: \ WINDOWS \ system32 \ wups.dll 2008-07-18 20:09 563.912 AW ---- C: \ WINDOWS \ system32 \ wuapi.dll 2008-07-18 20:09 325.832 AW ---- C: \ WINDOWS \ system32 \ wucltui.dll 2008-07-18 20:09 205.000 AW ---- C: \ WINDOWS \ system32 \ wuweb.dll 2008-07-18 20:09 1.811.656 AW ---- C: \ WINDOWS \ system32 \ Wuaueng.dll 2008-07-18 20:07 210.976 AW ---- C: \ WINDOWS \ system32 \ muweb.dll 2008-07-18 14:29 77 AW ---- C: \ Documents and Settings \ Administrator \ 2064.bat 2008-07-07 20:26 253.952 AW ---- C: \ WINDOWS \ system32 \ es.dll 2008-06-24 16:43 74.240 AW ---- C: \ WINDOWS \ system32 \ mscms.dll 2008-06-23 16:57 826.368 AW ---- C: \ WINDOWS \ system32 \ Wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI" = "C: \ WINDOWS \ system32 \ WLTRAY.exe" [2007-03-16 1392640] "StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ CLIStart.exe" [2006-11-10 90112] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" [2008-03-25 144784] "RoxioDragToDisc" = "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Povucite za Disk \ DrgToDsc.exe" [2004-01-27 1179648] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-05-27 413696] "SiteAdvisor" = "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe" [2007-06-21 36640] "McENUI" = "C: \ programa ~ 1 \ McAfee \ MHN \ McENUI.exe" [2007-11-30 1164576] "mcagent_exe" = "C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe" [2007-11-01 582992] "SigmatelSysTrayApp" = "stsystra.exe" [2006/02/10 C: \ WINDOWS \ stsystra.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce] "WUAppSetup" = "C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe" [2007-02-04 435736] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar] "AntiVirusDisableNotify" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ McAfeeAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ McAfeeFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ Common Files \ \ McAfee \ \ MNA \ \ McNASvc.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = S1 AvgLdx86; AVG Free AVI Loader Driver x86; C: \ Windows \ System32 \ Drivers \ avgldx86.sys [2008-07-21 96520] S4 avg8wd; AVG Free8 Watchdog; C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [] * Nedavno Created Service * - CATCHME * Nedavno Created Service * - PROCEXP90 . Sadržaj je 'Scheduled Tasks' folder . - - - - Orphans Odstranjena - - - -- HKCU-Run-LogitechSetup - D: \ Setup \ setup.exe . ------- Supplementary Scan ------- . FireFox -: Profil - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ aqi5r52b.default \ . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2008-09-23 04:09:28 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . Completion time: 2008-09-23 4:10:26 ComboFix-u karanteni-files.txt 2008-09-23 02:10:23 Pre-Run: 62363549696 bytes free Post-Run: 62437605376 bytes free 153 --- EOF --- 2008-09-22 20:32:15 * * * * Onda sam išla ponovno ovu kidnapovati * * Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 4:11:27 Na 9/23/2008 Platforma: Windows XP SP3 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ programa ~ 1 \ McAfee \ MSC \ mcmscsvc.exe C: \ Program Files \ zajedničko Files \ McAfee \ mna \ mcnasvc.exe c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ McAfee \ mcproxy \ mcproxy.exe C: \ Program Files \ McAfee \ VirusScan \ McShield.exe C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe C: \ WINDOWS \ system32 \ Svchost.exe c: \ programa ~ 1 \ mcafee.com \ agent \ mcagent.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ WINDOWS \ system32 \ WLTRAY.exe C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Povucite za Disk \ DrgToDsc.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ MOM.EXE C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ ccc.exe c: \ programa ~ 1 \ McAfee \ mr.sc. \ mcuimgr.exe C: \ WINDOWS \ system32 \ imapi.exe C: \ WINDOWS \ system32 \ notepad.exe C: \ WINDOWS \ explorer.exe C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless UI Manager] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Povucite za Disk \ DrgToDsc.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe" O4 - HKLM \ .. \ Run: [McENUI] C: \ programa ~ 1 \ McAfee \ MHN \ McENUI.exe / sakrij O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video logitech-m-D 10.5. 1,2023 (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video logitech m-d 10.5.1.2023 (User 'Default user ') O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1222115615015 O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: McAfee Usluge (mcmscsvc) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ MSC \ mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc - c: \ program files \ zajedničko Files \ McAfee \ mna \ mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ programa ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - c: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ McAfee \ mcproxy \ mcproxy.exe O23 - Service: McAfee stvarnom vremenu Scanner (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown vlasnika - C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe O23 - Service: Dell Wireless WLAN Trake Service (wltrysvc) - Unknown vlasnika - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of file - 6865 bytes .... bilo koji ideja yet? |
|
#6
22. Ruj 2008, 19:46
| |||
| |||
| Sve izgleda u redu sada. Koji problemi su još uvijek ima? ---------- Preuzimanje CCleaner Slim i spremite je na svoj Desktop. Kada je datoteka spremljena, odite na svoj Desktop i dvostrukim klikom na ccsetupxxx_slim.exe Slijedite upute za instaliranje programa. Kompletna instalacija onda:
---------- Vaš Java je zastarjela. Starije verzije imaju propusta koji zlonamjernim web stranice možete koristiti za zaraziti sustav. Prvo instalirajte novi Nedjelja Java Runtime Environment Budite sigurni da zatvorite sve prozore preglednika prije nego počnu instalirati. Izvadite staru verziju (s)
---------- Preuzimanje Onemogući / Remove Windows Messenger na radnu površinu da uklonite Windows Messenger. Nemojte brkati Windows Messenger s MSN Messenger jer nisu isti. Windows Messenger jedan je od čestih uzroka popups. Otvoriti rajsfešlus datoteku na radnu površinu. Otvori MessengerDisable.exe dno, te odaberite okvir -- Deinstalirajte Windows Messenger i kliknite Primijeniti. Izlaz iz MessengerDisable zatim izbrišite dvije datoteke koje su stavili na radnoj površini.
__________________ |
