Win32/adware.virtumonde - bigmaq Toolbar

**delboy2028** · #1 1. svibnja 2008, 01:34

ja hve thisvirus na moj Windows vidik stroj ja ne mogu git riješiti to pokušao sam adaware pokušao sam nod32 pokušao sam everthing pokušao sam ručno deleteing to varalica je pravedan ne rad ja sam ostao zbunjen whateva u wonna pozvati ga je prislušni pakao vanjska strana od mene ja ga dobio na msn glasnik kada sam prijavljen na somone ostavi me trenutno poruka s vezom ja nikada kliknuli na vezu ja knw bolje od toga, ali zaražene vidik bilo koji način ovdje je moj oteti ovaj log, sam čak i pokušao sam nod32 undll programu i da je čak i navika dobiti okužen dll izvan sustava trebam pomoć ugoditi lol

Logfile of Trend Micro HijackThis v2.0.2
Spremljena u 13:17:21 Scan, 30-04-2008
Platforma: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C: \\ Windows \\ system32 \\ taskeng.exe
C: \\ Windows \\ system32 \\ Dwm.exe
C: \\ Windows \\ Explorer.exe
C: \\ Program Files \\ Windows Defender \\ MSASCui.exe
C: \\ Program Files \\ ATI Technologies \\ ATI.ACE \\ Core-Static \\ MOM.exe
C: \\ Program Files \\ Java \\ jre1.6.0_05 \\ bin \\ jusched.exe
C: \\ Program Files \\ ESET \\ ESET NOD32 Antivirus \\ egui.exe
C: \\ Program Files \\ Power PC \\ PWRISOVM.EXE
C: \\ Windows \\ windowsmobile \\ wmdSync.exe
C: \\ Windows \\ System32 \\ spool \\ drivers \\ w32x86 \\ 3 \\ E_FATIAIE.EXE
C: \\ Program Files \\ Common Files \\ Nero \\ Lib \\ NMIndexStoreSvr.exe
C: \\ Program Files \\ ATI Technologies \\ ATI.ACE \\ Core-Static \\ CCC.exe
C: \\ Windows \\ system32 \\ RunDll32.exe
C: \\ Windows \\ system32 \\ RunDll32.exe
C: \\ Windows \\ system32 \\ SearchFilterHost.exe
C: \\ Program Files \\ Mozilla Firefox \\ firefox.exe
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ HijackThis.exe
R1 - HKCU \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Search, SearchAssistant =
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Search, CustomizeSearch =
R0 - HKCU \\ Software \\ Microsoft \\ Internet Explorer \\ Toolbar, LinksFolderName =
R3 - URLSearchHook: bigmaq Toolbar - (a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60) - C: \\ Program Files \\ bigmaq \\ tbbigm.dll
O1 - Hosts::: 1 localhost
O2 - BHO: (61072721-1971-3979-0594-bb6f4826e923) - (329e6284-f6bb-4950-9793-179112727016) - C: \\ Windows \\ system32 \\ pxqtjlsa.dll
O2 - BHO: (no name) - (5B8307B3-B75E-4217-9B4A-A72CD3EFC1C2) - (no file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \\ Program Files \\ Java \\ jre1.6.0_05 \\ bin \\ ssv.dll
O2 - BHO: bigmaq Toolbar - (a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60) - C: \\ Program Files \\ bigmaq \\ tbbigm.dll
O2 - BHO: (no name) - (DE856D34-75E1-4F7F-A89C-A0FDA324F057) - C: \\ Windows \\ system32 \\ mlJDvSKe.dll
O3 - Toolbar: bigmaq Toolbar - (a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60) - C: \\ Program Files \\ bigmaq \\ tbbigm.dll
O4 - HKLM \\ .. \\ Run: [Windows Defender]% ProgramFiles% \\ Windows Defender \\ MSASCui.exe skrivanje
O4 - HKLM \\ .. \\ Run: [StartCCC] "C: \\ Program Files \\ ATI Technologies \\ ATI.ACE \\ Core-Static \\ CLIStart.exe"
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Java \\ jre1.6.0_05 \\ bin \\ jusched.exe"
O4 - HKLM \\ .. \\ Run: [egui] "C: \\ Program Files \\ ESET \\ ESET NOD32 Antivirus \\ egui.exe" / hide / waitservice
O4 - HKLM \\ .. \\ Run: [NBKeyScan] "C: \\ Program Files \\ Nero \\ Nero8 \\ Nero BackItUp \\ NBKeyScan.exe"
O4 - HKLM \\ .. \\ Run: [amd_dc_opt] C: \\ Program Files \\ AMD \\ Dual-Core Optimizer \\ amd_dc_opt.exe
O4 - HKLM \\ .. \\ Run: [MSServer] RunDll32.exe C: \\ Windows \\ system32 \\ urqRJApm.dll, # 1
O4 - HKLM \\ .. \\ Run: [PWRISOVM.EXE] C: \\ Program Files \\ Power PC \\ PWRISOVM.EXE
O4 - HKLM \\ .. \\ Run: [Windows Koji se kreće-temeljen sprava za upravljanje]% windir% \\ windowsmobile \\ wmdSync.exe
O4 - HKLM \\ .. \\ Run: [BM11f62ce8] RunDll32.exe "C: \\ Windows \\ system32 \\ uqdgqgex.dll", s
O4 - HKLM \\ .. \\ Run: [12c51f74] RunDll32.exe "C: \\ Windows \\ system32 \\ pgyfqdhl.dll", b
O4 - HKLM \\ .. \\ Run: [EPSON Stylus Photo R220 Series] C: \\ Windows \\ system32 \\ spool \\ drivers \\ W32X86 \\ 3 \\ E_FATIAIE.EXE / FU "C: \\ Windows \\ Temp \\ E_S39A5.tmp" / EF "HKCU"
O4 - HKLM \\ .. \\ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \\ Program Files \\ Common Files \\ Nero \\ Lib \\ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020
O4 - HKLM \\ .. \\ Run: [AlcoholAutomount] "C: \\ Program Files \\ Alcohol Soft \\ Alcohol 120 \\ axcmd.exe" / automount
O4 - HKLM \\ .. \\ Run: [mount.exe] C: \\ Program Files \\ GiPo @ programi \\ FileUtilities.3 \\ mount.exe / z
O4 - HKUS \\ S-1-5-19 \\ .. \\ Run: [Sidebar]% ProgramFiles% \\ Windows Sidebar \\ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \\ S-1-5-19 \\ .. \\ Run: [WindowsWelcomeCenter] RunDll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \\ S-1-5-20 \\ .. \\ Run: [Sidebar]% ProgramFiles% \\ Windows Sidebar \\ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
Ø8 - Extra context menu item: I & zvezi u Microsoft Excel - res: / / C: \\ Program ~ 1 \\ MICROS ~ 3 \\ Office11 \\ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11cf-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_05 \\ bin \\ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11cf-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_05 \\ bin \\ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \\ Program ~ 1 \\ MICROS ~ 3 \\ Office11 \\ REFIEBAR.DLL
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - (E31004D1-A431-826F-41B8-E902F9D95C81) - C: \\ Windows \\ System32 \\ DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \\ Program Files \\ Lavasoft \\ Ad-Aware 2007 \\ aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc - C: \\ Windows \\ system32 \\ Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \\ Program Files \\ ESET \\ ESET NOD32 Antivirus \\ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \\ Program Files \\ ESET \\ ESET NOD32 Antivirus \\ ekrn.exe
O23 - Service: Nero BackItUp Planer 3 - Nero AG - C: \\ Program Files \\ Nero \\ Nero8 \\ Nero BackItUp \\ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \\ Program Files \\ Common Files \\ Nero \\ Lib \\ NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl usluga - obilan Technology Inc - C: \\ Windows \\ system32 \\ IoctlSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C: \\ Users \\ DANIEL ~ 1 \\ AppData \\ Local \\ Temp \\ DX9 \\ SessionLauncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \\ Program Files \\ Alcohol Soft \\ Alcohol 120 \\ StarWind \\ StarWindServiceAE.exe
--
End of file - 6199 bytes

**evilfantasy** · #2 1. svibnja 2008, 09:50

Da ćete sigurno imati dosta nasties na PC-u.

Please download Combofix po subs iz jednog od linkova ispod.
(Pokušajte sva tri ako je potrebno)

Važno! Combofix.exe MUST biti snimljena i ran iz Desktop.

Zatvorite sve otvorene web-preglednici. (Firefox, Internet Explorer, itd.) prije početka Combofix.
Važno! Privremeno onemogućiti tvoj AntiVirus, skripta blokiranje i bilo koji antispyware stvaran vrijeme zaštita prije izvođenje skeniranja.
- Kliknite ovaj link da biste vidjeli popis sigurnosnih programa koji bi trebao biti onemogućen i kako ih onemogućiti.
- Ako tvoj nije na popisu, a vi ne znate kako to onesposobiti, molimo pitati.
Upozorenje: Combofix rastaviti tvoj računalo from Internet. Veza se automatski obnovljena prije Combofix završi svoj mali.
Dvaput kliknite na combofix.exe i slijedite upute.
- Odaberite Da za prihvaćanje od odgovornosti.[
Kada završite, on će proizvesti brisanja za vas.
Post da prijavite vaš sljedeći odgovor.

Upozorenje: Ne mouseclick combofix prozor dok je pokrenut. Taj svibanj uzrokovati da se štala

Ako Combofix radi na teškoće i završava prerano, veza može biti ručno naknađen mimo ponovno pokretanje tvoj računalo.
Važno: Sjećati se to re-ovlastiti tvoj AntiVirus i antispyware prije ponovnog povezivanja na Internet.

---------

Slijedeći post molim dodaj
Combofix log

Similar Threads
Nit	Thread Starter	Forum	Replies	Last Post
Moram Legendarne Heur2 Trogen Win32 i Win32 Alureon Virus? Kako to Škripac?	maddawg512	Virus, Spyware i sigurnost	8	13 listopad 2009 07:29
Trogen Win32 i Win32 Alureon preuzela Moj PC !!!!! Pomoć	acute18	Virus, Spyware i sigurnost	8	2 listopad 2009 14:35
Nafamamo.dll Greška Windows/system32 i Virtumonde	Jacko2983	Virus, Spyware i sigurnost	30	19 travanj 2009 17:24
Help needed s Trojan.vundo.h (virtumonde) + log datoteka i SS	Jasperbak NL	Virus, Spyware i sigurnost	32	22 siječanj 2009 05:48
Virtumonde.dll, Vundo ovdje je moj hijack log ...	mason61391	Virus, Spyware i sigurnost	5	22 rujan 2008 19:46