Yahoo Messenger / Ostalo

**Warrenisit** · #1 9 siječnja 2008, 11:36

Kad sam Dvoklik na kontakt moj računalo ponovo pokreće. Također, kad moj računalo sluga gore "My Documents" je već otvorio. JA pravedan pokušao otvoriti power dvd, a ima i ponovno podizanje sustava moj računalo. Što je uzrok ovoj i kako ću to popraviti? Puno vam hvala za sve vaše pomoći.

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 12:35:07, dana 1/9/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spyware Doctor \ pctsTray.exe
C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
C: \ Program Files \ Spyware Doctor \ pctsSvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
F2 - REG: SYSTEM.INI: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, userinit. Exe
O2 - BHO: e404 pomagač - (F10587E9-0E47-4CBE-84AE-7DD20B8684BB) - C: \ Program Files \ Helper \ superfindout.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [ISTray] "C: \ Program Files \ Spyware Doctor \ pctsTray.exe"
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O12 - Plugin for. Spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O21 - SSODL: bklgvsf - (91B4E850-CB64-4E58-A6D7-CB77098ABE11) - (no file)
O21 - SSODL: ampkfst - (DE891973-DFFB-4992-8CFE-7C98636EE248) - C: \ WINDOWS \ ampkfst.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C: \ Windows \ System32 \ Drivers \ KodakCCS.exe
O23 - Service: PC Tools Pomoćne službe (sdAuxService) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsSvc.exe

--
End of file - 4226 bytes

**evilfantasy** · #2 9 siječnja 2008, 12:23

Dobrodošli na TCF.

Ja sam ovaj thread seli na virus spyware i sigurnost forum.

Omogućava provjeru za Smitfraud virus real quick.

Preuzimanje SmitfraudFix (by S! Ri) na svoj Desktop.

Ekstrakt svi kartoteka na vaš Destop. A zove SmitfraudFix folder će biti kreiran na vašem Desktopu.

Otvorite mapu i SmitfraudFix dvokliknete smitfraudfix.cmd
Odaberite opciju # 1 - Traži utipkajući 1 i pritisnite Enter
Ovaj program će skenirati velike količine datoteka na vašem računalu za poznate obrasce tako da Vas molimo budite strpljivi dok se to radi. Kad je to učinio, rezultati skeniranje bit će prikazan i on će se napraviti zapisnik zove rapport.txt u root Vašeg pogona, npr.: Local Disk C: particiji ili na kojima se Vaš operacijski sustav instaliran. Molimo Vas da se prijavite u priložiti sljedeći odgovor.

Napomena: process.exe (Koji se koristi SmitFraudFIx) je otkriven neki protuvirusni programi (AntiVir, Dr.Web, Kaspersky) kao "RiskTool"; to nije virus, Ali je program koristi sustav za zaustavljanje procesa. Antivirusni programi ne mogu razlikovati "dobre" i "zlonamjernih" Korištenje takvih programa, dakle, oni svibanj upozorenja korisnika.
http://www.beyondlogic.org/consultin...rocessutil.htm

**Warrenisit** · #3 9. siječanj 2008, 18:55

Ovdje možete ići. Hvala za jedan dan pomoć.

Scan učinjeno na 19:34:34.71, srijeda 01/09/2008
Run from C: \ Documents and Settings \ Owner \ Desktop \ SmitfraudFix
OS: Microsoft Windows XP [Version 5/1/2600] - Windows_NT
The filesystem tip NTFS
Škripac vožnji u normalnom načinu rada

»»»»»»»»»»»»»»»»»»»»»»»» Process

C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
C: \ Program Files \ Spyware Doctor \ pctsSvc.exe
C: \ Program Files \ Spyware Doctor \ pctsTray.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Spyware Doctor \ pctsGui.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ cmd.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» Domaćini

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Windows \ System

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32 \ LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Vlasnik

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Owner \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ Owner \ FAVORI ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

C: \ Program Files \ Helper \ found!

»»»»»»»»»»»»»»»»»»»»»»»» Ošteti ključeva

Desktop »»»»»»»»»»»»»»»»»»»»»»»» Komponente

[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Desktop \ Components \ 0]
"Izvor" = "O: Početna »
"SubscribedURL" = "O: Početna »
"FriendlyName" = "My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Pozor, slijedeće tipke nisu neizbježno inficirane!

IEDFix.exe by S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
! Pozor, slijedeće tipke nisu neizbježno inficirane!

SrchSTS.exe by S! Ri
Traži SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Pozor, slijedeće tipke nisu neizbježno inficirane!

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Pozor, slijedeće tipke nisu neizbježno inficirane!

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Opis: Compatible VIA Fast Ethernet Adapter - Packet Planer Miniport
DNS server Pretraga Narudžba: 24.117.109.232
DNS server Pretraga Narudžba: 24.116.2.34

HKLM \ SYSTEM \ CCS \ Services \ TCPIP \ .. \ (01A68D67-4FD7-4EF9-88A6-5AA96325A443): DhcpNameServer = 24.117.109.232 24.116.2.34
HKLM \ SYSTEM \ CS1 \ Services \ TCPIP \ .. \ (01A68D67-4FD7-4EF9-88A6-5AA96325A443): DhcpNameServer = 24.117.109.232 24.116.2.34
HKLM \ SYSTEM \ CCS \ Services \ TCPIP \ Parameters: DhcpNameServer = 24.117.109.232 24.116.2.34
HKLM \ SYSTEM \ CS1 \ Services \ TCPIP \ Parameters: DhcpNameServer = 24.117.109.232 24.116.2.34

»»»»»»»»»»»»»»»»»»»»»»»» Traženje Wininet.dll infekcije

»»»»»»»»»»»»»»»»»»»»»»»» Kraj

**evilfantasy** · #4 9 siječnja 2008, 19:18

Vi svibanj želite ispisati ovim uputama ili kopirajte i zalijepite ih u notepad i spremi ga na radnoj površini kako nećete biti u mogućnosti vidjeti ovu stranicu u sigurnom načinu rada

Molim ponovno pokrenuti računalo u sigurnom načinu rada kuckanje po tipku F8 prije pokretanja sustava Windows da biste učitali i odaberete Safe Mode.

Otvorite SmitfraudFix mapu na radnoj površini, a zatim dvokliknite smitfraudfix.cmd datoteku da biste pokrenuli alat.

Odaberite opciju # 2 - Čisto utipkajući 2 i pritisnite Enter.
Program će započeti čišćenje Vašeg računala i idi kroz niz čišćenje procesa. Pričekajte za alat za potpuni i Disk Cleanup do kraja. Ovaj proces može potrajati neko vrijeme ovisno o vašem računalu, pa vas molimo budite strpljivi. Kada je završena, ona će se automatski zatvoriti i te bi trebao nastaviti sa sljedećim korakom.

Bit ćete upitani: "Matični čišćenje - Želite li očistiti registry? "Odgovor Da utipkajući Y i pritisnite Enter.

Alat će također provjeriti ako Wininet.dll zaraženo. Ako je zaraženo i čistu verziju pronađe, bit ćete upitani za zamjenu zaraženih Wininet.dll s čistim datoteku. Odgovor Da na pitanje "Zamijenite zaražene datoteke?"Utipkajući Y i pritisnite Enter.

Verdana] A pokretanje svibanj biti potrebno kako bi završili proces čišćenja. Izvještaj se može naći i na korijenu pogona sustava, obično na C: \ rapport.txt

Verdana]Predloženi korak:
Da biste vratili Trusted site i Restricted zonu, odaberite 3 i pritisnite Enter.
Vas će se tražiti: Vraćanje Trusted Zone? odgovor Y (da) i pritisnite Enter za brisanje pouzdanih zonu.

Sada ponovno podizanje sustava u normalnom načinu rada i dodati ovaj novi rapport.txt u sljedećem postu.

UPOZORENJE Running ovu opciju ne okužen na računalo će maknuti radna površina pozadina. Tako se samo jednom!

Next post molimo dodaj
Smitfraudfix log

**Warrenisit** · #5 10 sij 2008, 14:51

Dobro pa sam učinio sve što je moje vrijeme ručka i sad sam na poslu. Ja ću poslati smitfraudfix zapisnik kada se vratim kući. Ništa ne mogu učiniti pravu kad sam se vratiti, osim objavljivanja da se prijavite?

**evilfantasy** · #6 10 siječanj 2008, 14:54

Postojat će više učiniti, moramo ubiti ovo jedan prvi iako zato ne ometati druge ispravke.

Mogli biste postavili nove hijackthis log tako da mogu vidjeti koji put otići odande.

**Warrenisit** · #7 10 siječanj 2008, 16:28

Evo nove logove čovjeka. Radovi Vaše magija. BTW ..... Moj desktop pozadine je uklonjena. Ne znam da li je dobro ili loše.

SmitFraudFix v2.274

Sastavljeno u 12:51:54.35 Scan, čet 01/10/2008
Run from C: \ Documents and Settings \ Owner \ Desktop \ SmitfraudFix
OS: Microsoft Windows XP [Version 5/1/2600] - Windows_NT
The filesystem tip NTFS
Škripac pokrenuti u sigurnom načinu rada

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Prije SmitFraudFix
! Pozor, slijedeće tipke nisu neizbježno inficirane!

SrchSTS.exe by S! Ri
Traži SharedTaskScheduler's. Dll

Ubistvo »»»»»»»»»»»»»»»»»»»»»»»» proces

»»»»»»»»»»»»»»»»»»»»»»»» Domaćini

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S! Ri's WS2Fix: LSP nije pronađen.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S! Ri

Brisanje »»»»»»»»»»»»»»»»»»»»»»»» zaražene datoteke

C: \ Program Files \ Helper \ Obrisani

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Temp »»»»»»»»»»»»»»»»»»»»»»»» Brisanje datoteka

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Pozor, slijedeće tipke nisu neizbježno inficirane!

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Čišćenje Registry

Čišćenje Registry učinili.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Nakon SmitFraudFix
! Pozor, slijedeće tipke nisu neizbježno inficirane!

SrchSTS.exe by S! Ri
Traži SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» Kraj

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 5:25:05 Na 1/10/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ PC Tools Firewall Plus \ FWService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spyware Doctor \ pctsTray.exe
C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ ThreatFire \ TFTray.exe
C: \ Program Files \ PC Tools Firewall Plus \ FirewallGUI.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
C: \ Program Files \ Spyware Doctor \ pctsSvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ ThreatFire \ TFService.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Alwil Software \ Avast4 \ Setup \ avast.setup
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ NOTEPAD.EXE

R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
F2 - REG: SYSTEM.INI: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, userinit. Exe
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [ISTray] "C: \ Program Files \ Spyware Doctor \ pctsTray.exe"
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [ThreatFire] C: \ Program Files \ ThreatFire \ TFTray.exe
O4 - HKLM \ .. \ Run: [00PCTFW] "C: \ Program Files \ PC Tools Firewall Plus \ FirewallGUI.exe"-s
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O12 - Plugin for. Spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O21 - SSODL: bklgvsf - (91B4E850-CB64-4E58-A6D7-CB77098ABE11) - (no file)
O21 - SSODL: ampkfst - (DE891973-DFFB-4992-8CFE-7C98636EE248) - C: \ WINDOWS \ ampkfst.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C: \ Windows \ System32 \ Drivers \ KodakCCS.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C: \ Program Files \ PC Tools Firewall Plus \ FWService.exe
O23 - Service: PC Tools Pomoćne službe (sdAuxService) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C: \ Program Files \ ThreatFire \ TFService.exe

--
End of file - 4822 bytes

**evilfantasy** · #8 10 siječanj 2008, 17:22

Quote:

Moj desktop pozadine je uklonjena. Ne znam da li je dobro ili loše.

To se događa ponekad kad uklanjanjem smitfraud. To hijacks preglednik i desktop tako gubljenja desktop je zapravo dobra stvar.

Koji je dobio najveći broj je, ali ima još nekoliko stvari u Hijackthis log baviti. Zatim ćemo pokrenuti drugi scan vidjeti ako je nešto drugo krije.

Otvori HijackThis i odaberite Da li je sustav skenirati samo zatim staviti kvačica pored:

O21 - SSODL: bklgvsf - (91B4E850-CB64-4E58-A6D7-CB77098ABE11) - (no file)
O21 - SSODL: ampkfst - (DE891973-DFFB-4992-8CFE-7C98636EE248) - C: \ WINDOWS \ ampkfst.dll (file missing)

Zatvori sve prozore osim HijackThis i kliknite Fix checked

Izlaz Hijackthis.

---------------

Molimo download DrWeb CureIt & Spremili na radnu površinu.

Skeniraj sa DrWeb-CureIt kako slijedi:

Dvaput kliknite na drweb-cureit.exe a zatim Početak.
An Express skeniranja računala obavijesti će se pojaviti.
Pod Pokrenite Express Scan Now Kliknite U redu za početak.
- Ovo je kratka skeniranja koji će skenirati datoteke trenutno izvodi u memoriji
- Ako ili kada nešto nije pronađena, kliknite na Da gumb kad ga pita želite li izliječiti ga.
Nakon što je kratko scan završite, kliknite Opcije> Promijeni postavke
Izaberite Scan karticu i Isključi Heurističan analiza i kliknite U redu
Natrag na glavnom prozoru, odaberite Cijela scan gumb.
Zatim kliknite na Green Arrow Start Scanning gumb na desnoj strani, a počet će skenirati.
- Kliknite Da za sve ako se pita ako želite liječiti / pomaknuti bilo koju datoteku (e).
Kada se vrši skeniranje.
U Dr.Web CureIt lijevom izborniku na vrhu, kliknite na Datoteka te odabrati Spremi izvješće lista.
Spremite DrWeb.csv Izvještaj na svoj Desktop.
Izlaz Dr.Web Cureit.

Važno! Ponovno pokrenuti računalo, jer bi to moglo biti moguće da se datoteka u upotrebi će biti premještena / obrisane tijekom rada računala.

Nakon što ponovno podizanje sustava, Desnom tipkom miša kliknite Dr.Web se prijavite na radnu površinu i izabrati Otvori S> Notepad
Kopirajte i zalijepite da se prijavite u sljedećem odgovoru

---------------

Nakon što je završio Dr. Web pokrenuli novo skeniranje i post sa Hijackthis log.

Next post molimo dodaj
Dr. Web log
Novi Hijackthis log

**Warrenisit** · #9 10 siječanj 2008, 19:11

Stalno objavljivanja i ne prikazuje. Ima previše info se stavljaju na ovoj stranici?

**Warrenisit** · #10 10 siječanj 2008, 19:31

Hi there, bio sam raditi sa evilfantasy i stvari su bile dobro ide, ali sam težak to držati moj sljedeći post logove i neće ostati, tako da sam ovdje nastavlja na novu nit. Hvala opet za svu pomoć.

Prijavite DrWeb:

Process.exe; C: \ Documents and Settings \ Owner \ Desktop \ SmitfraudFix; Tool.Prockill; Incurable.Deleted.;
restart.exe; C: \ Documents and Settings \ Owner \ Desktop \ SmitfraudFix; Tool.ShutDown. 11; Incurable.Deleted.;
A0010067.exe; C: \ System Volume Information \ _restore (95153BD2-996B-4F5E-85AE-D02B24510357) \ RP46; Adware.ClickSpring; Incurable.De leted.;
Process.exe; C: \ WINDOWS \ system32; Tool.Prockill; Incu rable.Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 8:30:50 Na 1/10/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ PC Tools Firewall Plus \ FWService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spyware Doctor \ pctsTray.exe
C: \ Program Files \ ThreatFire \ TFTray.exe
C: \ Program Files \ PC Tools Firewall Plus \ FirewallGUI.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
C: \ Program Files \ Spyware Doctor \ pctsSvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ ThreatFire \ TFService.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ NOTEPAD.EXE
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.myspace.com
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn0 \ yt.dll
F2 - REG: SYSTEM.INI: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, userinit. Exe
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn0 \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ programa ~ 1 \ Yahoo! \ Companion \ Instalira \ cpn0 \ yt.dll
O4 - HKLM \ .. \ Run: [ISTray] "C: \ Program Files \ Spyware Doctor \ pctsTray.exe"
O4 - HKLM \ .. \ Run: [ThreatFire] C: \ Program Files \ ThreatFire \ TFTray.exe
O4 - HKLM \ .. \ Run: [00PCTFW] "C: \ Program Files \ PC Tools Firewall Plus \ FirewallGUI.exe"-s
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 4 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O12 - Plugin for. Spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ ispred \ InCD \ InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C: \ Windows \ System32 \ Drivers \ KodakCCS.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C: \ Program Files \ PC Tools Firewall Plus \ FWService.exe
O23 - Service: PC Tools Pomoćne službe (sdAuxService) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C: \ Program Files \ ThreatFire \ TFService.exe

--
End of file - 4716 bytes