|
| |||||||
| Regisztráció | Oldaltérkép Spy | Tagok listája | Donate | Keres | Mai hozzászólások | Megjelöl Fórumok Olvas | Fórum Szabályok |
 |
 |
| | Téma eszközök |
|
#1
28. Sep 2007, 17:13
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások My name is tatjana és im kétségbeesett segítségért, próbáltam majdnem minden víruskeresési outthere, de nem szerencse. Én megpróbáltam letölteni smitfraud meg, de azt nem lehetett Safed, mert a forrás nem található "vagy" ismeretlen hiba történt ".. pontosan ugyanaz a probléma, mert ez a fickó" jól Folyamatosan hülye pop ups mondván én db van fenyegetés révén a tálcán / eszköztár, és egy nagy piros kereszt villog a tálcán, és a háttérkép az asztalon változások piros háttérben egy nagy szimbólum képet, és a Norton cant ez, az egyik a pop-up buborékok a tálcán / eszköztár azt mondja, hogy trojan32.looksky, valamint az otthoni oldalt IE változott a ucleaner.com, végső tisztább, 2007 whicjh egy hamis kémprogram dolog scanner / remover " kérem, segítsen nekem! Saját napló Naplózás a HijackThis v1.99.1 Beolvasás mentett 7:26:18, a 9/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Futó folyamatok: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ System32 \ Services.exe C: \ WINDOWS \ System32 \ Lsass.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ brsvc01a.exe C: \ WINDOWS \ System32 \ brss01a.exe C: \ WINDOWS \ System32 \ Spoolsv.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ WINDOWS \ System32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experience \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ Program Files \ Yahoo! \ Yahoo! Zene Engine \ ymetray.exe C: \ Program Files \ Yahoo! \ Antivirus \ CAVTray.exe C: \ Program Files \ Yahoo! \ Antivirus \ CAVRID.exe C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ QuickTime \ QTTask.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Webroot \ Spy sweeper \ SpySweeperUI.exe C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Yahoo! \ Antivirus \ ISafe.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ WINDOWS \ System32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe C: \ Program Files \ Eset \ nod32krn.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Tablet.exe C: \ Program Files \ Yahoo! \ Antivirus \ VetMsg.exe C: \ WINDOWS \ wanmpsvc.exe C: \ Program Files \ Webroot \ Spy sweeper \ SpySweeper.exe C: \ WINDOWS \ System32 \ MsPMSPSv.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ wscntfy.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ WINDOWS \ System32 \ wuauclt.exe C: \ Program Files \ Webroot \ Spy sweeper \ SSU.EXE C: \ WINDOWS \ explorer.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrowser.exe C: \ Program Files \ Hijackthis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyOverride = helyi N3 - Netscape 7: user_pref (browser.startup.homepage "," http://home.netscape.com/bookmark/7_2/home.html "); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref (browser.search.defaultengine "," motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src "); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ System32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn \ yt.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [VirusScan Online] C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshld.exe O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe" O4 - HKLM \ .. \ Run: [CaAvTray] "C: \ Program Files \ Yahoo! \ Antivirus \ CAVTray.exe" O4 - HKLM \ .. \ Run: [CAVRID] "C: \ Program Files \ Yahoo! \ Antivirus \ CAVRID.exe" O4 - HKLM \ .. \ Run: [YOP] "C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe" / autostart O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 " O4 - HKLM \ .. \ Run: [nod32kui] "C: \ Program Files \ Eset \ nod32kui.exe" / WAITSERVICE O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Program Files \ Webroot \ Spy sweeper \ SpySweeperUI.exe" / startintray O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe" csendes O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: az America Online 9,0 tálca Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fájl hiányzik) O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C: \ WINDOWS \ SYSTEM32 \ WRLogonNTF.dll O21 - SSODL: MSSQL - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmhost - (69F3A520-2471-4FF3-8139-ECFD56DED8DB) - C: \ WINDOWS \ msmhost.dll O21 - SSODL: msmdev - (E8E8584D-8FA5-4641-A934-8A93158794E9) - C: \ WINDOWS \ msmdev.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati Hotkey Poller - Unknown tulajdonos - C: \ WINDOWS \ System32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother spl XP Service) - testvére Industries Ltd. - C: \ WINDOWS \ System32 \ brsvc01a.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C: \ Program Files \ Yahoo! \ Antivirus \ ISafe.exe O23 - Service: CIFPLogAggregator - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ System32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Feliratozó Szolgálat (LightScribeService) - Ismeretlen tulajdonos - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Ismeretlen tulajdonos - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc. - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \ Program Files \ Eset \ nod32krn.exe O23 - Service: TabletService - Wacom Technology Corp. - C: \ WINDOWS \ System32 \ Tablet.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C: \ Program Files \ Yahoo! \ Antivirus \ VetMsg.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe O23 - Service: Webroot Spy sweeper Motor (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Spy sweeper \ SpySweeper.exe O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ SYSTEM32 \ YPCSER ~ 1.EXE |
|
#2
28. Sep 2007, 17:55
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Tatjana Hi, welcome to TCF. * Fontos * Átnevezés a Hijackthis.exe fájl Analyze.exe. Ez azért fontos, mert néhány új formái malware elrejtheti a HijackThis.exe. Kattintson a jobb gombbal a HijackThis.exe fájlt a C: \ Program Files \ HijackThis, és válassza átnevezéséhez. Írd be Analyze.exe, és nyomjuk meg az Enter gombot. Kattintson a jobb gombbal a Analyze.exe fájl, és elküldi a munkaasztalon, hogy hozzon létre egy parancsikont. ============================ Úgy néz ki, mint aki több mint egy víruskereső telepítve. Ha igen, menjen a Programok hozzáadása / eltávolítása és uninstall minden, de egy. Miután több mint egy víruskereső szükségtelen, és konfliktusokat okozhat. ============================ Disable Spybot's TeaTimer. Míg TeaTimer kitűnő eszköz a megelőzés a kémprogramok, a néha előzni, hogy a rögzítő eszközöket, bizonyos dolgokat. Kérjük, kapcsolja ki TeaTimer most, amíg nem tiszta. TeaTimer lehet újra aktiválódik, ha a naplók tiszták. * Nyitott Spybot Search & Destroy. * A Mód menüben kattintson a "Speciális mód"Ha még nincs kijelölve. * Válassza a "Igen"A figyelmeztető gyors. Expand * A "Eszközök"Menü. * Kattintson a "Resident". * Törölje a "Rezidens "TeaTimer" (a teljes rendszer védelme beállítások) aktív."Mezőbe. * A Fájl menüben kattintson a "Kilépés"To exit Spybot Search & Destroy. + Is újra engedélyezni TeaTimer mikor kész. ============================= Kérjük, töltse le az ATF Tisztitószerek Atribune. Ennek segítségével bármely letapogatja távon gyorsabb. ATF Cleaner.exe Ez a program nem igényel telepítést. A program valóban fut a program. MEGJEGYZÉS: ATF Tisztitószerek megszünteti fájlokat a tételeket, hogy ellenőrizze, így ha van süteményt akar menteni. Kérjük át őket egy másik könyvtárba először. * Double-click ATF-Cleaner.exe futtatni a programot. * A Fő választhat: Select All * Kattintson a Üres válogatott gombra. Ha Firefox böngésző * Kattintson a Firefox a tetején, és választja ki: Select All * Kattintson a Üres A kiválasztott gomb. MEGJEGYZÉS: Ha szeretné megtartani a mentett jelszavak, kattintson Nem A gyors. Ha Opera böngésző * Kattintson Opera a tetején, és választja ki: Select All * Kattintson a Üres válogatott gombra. MEGJEGYZÉS: Ha szeretné megtartani a mentett jelszavak, kattintson Nem A gyors. Kattints Kilépés a fő ATF Tisztitószerek menüben, hogy bezárja a programot. =============================== 1. Töltse le ezt a fájlt combofix.exe 2. Kattintson duplán combofix.exe és kövesse az instrukciókat. 3. Ha kész, akkor egy log for you. Post hogy lépjen be a következő válasz. Megjegyzés: Ne mouseclick combofix ablakban miközben fut. Ez okozhatja, hogy az istálló. ===================================== A következő post kérjük, egészítse ki: Combofix napló A friss és átnevezték HijackThis log 
__________________  |
|
#3
28. Sep 2007, 18:31
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Is: Hadd tudja, hogy a dolgok most.
__________________ |
|
#4
29. Sep 2007, 22:23
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Hi-evilfantasy thx a gyors válasz .. én számítógépen fut nagyon lassú, és azt órán kiküldetésére ez .. Én tettem, amit mondott uninstalled NOD32 antivírus-, spysweeper és a Yahoo online védelem .. i csatolt combofix napló és itt van a hijackthis naplót. Naplózás a HijackThis v1.99.1 Beolvasás mentett 1:11:41, on 9/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Futó folyamatok: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ System32 \ Services.exe C: \ WINDOWS \ System32 \ Lsass.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ brss01a.exe C: \ WINDOWS \ System32 \ Spoolsv.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ WINDOWS \ System32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Tablet.exe C: \ WINDOWS \ wanmpsvc.exe C: \ WINDOWS \ System32 \ MsPMSPSv.exe C: \ WINDOWS \ System32 \ wscntfy.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ WINDOWS \ System32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experience \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe C: \ WINDOWS \ System32 \ wuauclt.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ Program Files \ Yahoo! \ Yahoo! Zene Engine \ ymetray.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ QuickTime \ QTTask.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ HijackThis \ Analyze.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyOverride = helyi N3 - Netscape 7: user_pref (browser.startup.homepage "," http://home.netscape.com/bookmark/7_2/home.html "); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref (browser.search.defaultengine "," motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src "); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ System32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe" O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 " O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe" csendes O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: az America Online 9,0 tálca Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fájl hiányzik) O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: MSSQL - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (fájl hiányzik) O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (fájl hiányzik) O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati Hotkey Poller - Unknown tulajdonos - C: \ WINDOWS \ System32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother spl XP Service) - testvére Industries Ltd. - C: \ WINDOWS \ System32 \ brsvc01a.exe O23 - Service: CIFPLogAggregator - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ System32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Feliratozó Szolgálat (LightScribeService) - Ismeretlen tulajdonos - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Ismeretlen tulajdonos - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc. - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: TabletService - Wacom Technology Corp. - C: \ WINDOWS \ System32 \ Tablet.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe |
|
#5
30. Sep 2007, 00:49
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Open HijackThis, és válassza a "Nem a rendszer csak scan"És egy pipa mellett ezeket a bejegyzéseket. R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fájl hiányzik) O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- Zárja be az összes böngészőablakot, beleértve egy, majd kattints a "Fix ellenőrizni" Indítsd újra a gépet és a post friss HijackThis log. Mondd el, hogy a dolgok most.
__________________ |
|
#6
30. Sep 2007, 08:16
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások helllo, ahh a számítógépet és végül nem az a bosszantó pop-up ablakok a figyelmeztetéseket, és a három víruskeresési ikon volt telepítve a számítógépre is elment, yeeeah ..  Úgy tûnik, minden visszaáll a régi kerékvágásba, a piros háttér is elment. Itt van a log.Naplózás a HijackThis v1.99.1 Beolvasás mentett 11:03:37, on 9/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Futó folyamatok: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ System32 \ Services.exe C: \ WINDOWS \ System32 \ Lsass.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Spoolsv.exe C: \ WINDOWS \ System32 \ brss01a.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ WINDOWS \ System32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experience \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Program Files \ Yahoo! \ Yahoo! Zene Engine \ ymetray.exe C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ WINDOWS \ System32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ Program Files \ QuickTime \ QTTask.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Tablet.exe C: \ WINDOWS \ wanmpsvc.exe C: \ WINDOWS \ System32 \ MsPMSPSv.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ WINDOWS \ System32 \ wscntfy.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ wuauclt.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ HijackThis \ Analyze.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyOverride = helyi N3 - Netscape 7: user_pref (browser.startup.homepage "," http://home.netscape.com/bookmark/7_2/home.html "); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref (browser.search.defaultengine "," motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src "); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ System32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: MSVPS System - (88418AA3-16F5-4FC2-A9D8-90B1266DF841) - C: \ WINDOWS \ nsduo.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe" O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 " O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe" csendes O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: az America Online 9,0 tálca Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati Hotkey Poller - Unknown tulajdonos - C: \ WINDOWS \ System32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother spl XP Service) - testvére Industries Ltd. - C: \ WINDOWS \ System32 \ brsvc01a.exe O23 - Service: CIFPLogAggregator - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ System32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Feliratozó Szolgálat (LightScribeService) - Ismeretlen tulajdonos - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Ismeretlen tulajdonos - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc. - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: TabletService - Wacom Technology Corp. - C: \ WINDOWS \ System32 \ Tablet.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe |
|
#7
30. Sep 2007, 08:35
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Örülök a dolgok jobb. De még mindig vannak nasties foglalkozni. Töröl másolata Combofix Önnek és letölt egy új példányt. Combofix folyamatosan frissíti, így az mindig jó, ha kap egy új példányt. 1. Töltse le ezt a fájlt combofix.exe 2. Kattintson duplán combofix.exe és kövesse az instrukciókat. 3. Ha kész, akkor egy log for you. Post hogy jelentkezzen be, a következő választ. Megjegyzés: Ne mouseclick combofix ablakban miközben fut. Ez okozhatja, hogy az istálló. A következő post kérjük adja hozzá a kellékek. Felveheti több csatlakoztatási csak ismételjük meg a lépéseket: Combofix napló Friss HJT log
__________________ |
|
#8
30. Sep 2007, 09:03
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Hello, Próbáltam kattintva combofix.exe a kapcsolatot, de ez a mi jött ki 404 Not Found A kért URL '/ subs / combofix.exe "nem található meg a szerveren. |
|
#9
30. Sep 2007, 09:12
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások
__________________ |
|
#10
30. Sep 2007, 12:50
| |||
| |||
| Zlob, smitfraud, pop ups, piros háttérkép változások Hello, igen, hogy a kapcsolat működik, köszönöm ... A piros háttérkép jött vissza: (és nem az ikonok és a pop-up ".. amúgy is itt van a combofix és HJT log. Naplózás a HijackThis v1.99.1 Beolvasás mentett 3:37:03, a 9/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Futó folyamatok: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ System32 \ Services.exe C: \ WINDOWS \ System32 \ Lsass.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Spoolsv.exe C: \ WINDOWS \ System32 \ brss01a.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ WINDOWS \ System32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Tablet.exe C: \ WINDOWS \ wanmpsvc.exe C: \ WINDOWS \ System32 \ MsPMSPSv.exe C: \ WINDOWS \ System32 \ wscntfy.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ WINDOWS \ System32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experience \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ Program Files \ Yahoo! \ Yahoo! Zene Engine \ ymetray.exe C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ QuickTime \ QTTask.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe C: \ WINDOWS \ System32 \ wuauclt.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ HijackThis \ Analyze.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyOverride = helyi N3 - Netscape 7: user_pref (browser.startup.homepage "," http://home.netscape.com/bookmark/7_2/home.html "); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref (browser.search.defaultengine "," motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src "); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ System32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Monitor Event \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe" O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ Spool \ Drivers \ W32x86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 " O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe" csendes O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: az America Online 9,0 tálca Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (fájl hiányzik) O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (fájl hiányzik) O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 3,0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ismeretlen tulajdonos - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati Hotkey Poller - Unknown tulajdonos - C: \ WINDOWS \ System32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother spl XP Service) - testvére Industries Ltd. - C: \ WINDOWS \ System32 \ brsvc01a.exe O23 - Service: CIFPLogAggregator - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ System32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Ismeretlen tulajdonos - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Feliratozó Szolgálat (LightScribeService) - Ismeretlen tulajdonos - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Ismeretlen tulajdonos - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc. - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: TabletService - Wacom Technology Corp. - C: \ WINDOWS \ System32 \ Tablet.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe PS Próbáltam kapcsolódó HJT log, de ez nem csatolja, bocsi! |
|
| |
| Könyvjelzõk |
Hasonló szálak | ||||
| Szál | Thread Starter | Fórum | Válaszok | Utolsó hozzászólás |
| Kimutatása Trojan.Zlob.G - Sürgős - Please Help! | teenee23 | Vírus, kémprogram és biztonság | 14 | 19. március 2009 07:45 |
| Milyen problémákat Do You Get a Trojan.Zlob | hopthwoks | Vírus, kémprogram és biztonság | 1 | 10. március 2009 11:45 |
| Smitfraud-C Nem akarok meghalni!! | PlatSpin | Vírus, kémprogram és biztonság | 13 | 19. augusztus 2008 10:24 |
| Smitfraud Virus | PK28 | Vírus, kémprogram és biztonság | 12 | 5. február 2008 16:17 |
| Smitfraud-c.msvps | guccijana | Vírus, kémprogram és biztonság | 158 | 30. január 2008 20:07 |
| Téma eszközök | |
| |
