Nova poruka

Nametnici - što obrisati

poruka: 8
|
čitano: 7.988
|
moderatori: pirat, XXX-Man, vincimus
1
+/- sve poruke
ravni prikaz
starije poruke gore
cassini 
16 godina
protjeran
offline
uto 29.9.2009 11:20
Odgovori Citiraj
Nametnici - što obrisati

pozz ekipa, opet nametnici!!! ja bi na doživotnu robiju onoga koji radi te trojane i sl!!!!

 

evo što hijacktihs veli:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:27, on 29.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Documents and Settings\allen\restorer32_a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\4078,44.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\VRTD.tmp
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\VRTE.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: usenext Toolbar - {b099d5e8-7bff-458b-bd4a-d0ed099437f9} - C:\Program Files\usenext\tbusen.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: usenext Toolbar - {b099d5e8-7bff-458b-bd4a-d0ed099437f9} - C:\Program Files\usenext\tbusen.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: usenext Toolbar - {b099d5e8-7bff-458b-bd4a-d0ed099437f9} - C:\Program Files\usenext\tbusen.dll
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [24415] C:\WINDOWS\TEMP\VRT8.tmp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /M "Stylus D88" /EF "HKCU"
O4 - HKCU\..\Run: [zmmclr] C:\WINDOWS\system32\xcllsx.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\allen\restorer32_a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\english\PhysX_9.09.0408_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [restorer32_a] "C:\WINDOWS\TEMP\VRTE.tmp" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [restorer32_a] "C:\WINDOWS\TEMP\VRTE.tmp" (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7689 bytes

Moj PC  
trajni link
0 0
Buffer Overflow 
16 godina
protjeran
offline
uto 29.9.2009 11:40
Odgovori Citiraj
Nametnici - što obrisati

Ovo apsolutno ničemu ne služi.

Life is all about ass; you are either covering it,laughing it off, kicking it, kissing it, busting it, or trying to get a piece of it.
Moj PC  
trajni link
0 0
Whalter vT 
17 godina
neaktivan
offline
uto 29.9.2009 11:48
Odgovori Citiraj
RE: Nametnici - što obrisati
cassini kaže...

pozz ekipa, opet nametnici!!! ja bi na doživotnu robiju onoga koji radi te trojane i sl!!!!

 

evo što hijacktihs veli:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:27, on 29.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:

R3 - URLSearchHook: usenext Toolbar - {b099d5e8-7bff-458b-bd4a-d0ed099437f9} - C:\Program Files\usenext\tbusen.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: usenext Toolbar - {b099d5e8-7bff-458b-bd4a-d0ed099437f9} - C:\Program Files\usenext\tbusen.dll
O3 - Toolbar: usenext Toolbar - {b099d5e8-7bff-458b-bd4a-d0ed099437f9} - C:\Program Files\usenext\tbusen.dll
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [24415] C:\WINDOWS\TEMP\VRT8.tmp.exe
O4 - HKCU\..\Run: [zmmclr] C:\WINDOWS\system32\xcllsx.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\allen\restorer32_a.exe

--
End of file - 7689 bytes

 Evo, meni je sumnjivo ovo što sam boldirao, ovako na brzinu. Ma skini Malwarebytes' Anti-Malware, updejtaj i preskeniraj!

 

Edit by F1-IVO:

Skratio sam citat i ostavio samo ono sto si naglasio (boldano)

Poruka je uređivana zadnji put uto 29.9.2009 13:42 (F1-IVO).
Moj PC  
trajni link nadporuka
0 0
cassini 
16 godina
protjeran
offline
uto 29.9.2009 11:53
Odgovori Citiraj
Nametnici - što obrisati

jesam sa "malware" al opet ih ostane, on kao pobriše (u safe modu i full modu) al opet ostanu.

Moj PC  
trajni link
0 0
191x7 
17 godina
offline
uto 29.9.2009 12:26
Odgovori Citiraj
Nametnici - što obrisati

C:\4078,44.exe
O4 - HKLM\..\Run: [24415] C:\WINDOWS\TEMP\VRT8.tmp.exe
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w

Ta tri pod hitno moraš ukloniti (fixati).
Možeš to preko HijackThisa, no ja preporučam SpyBot Search & Destroy u kombinaciji s nekim boljim antivirusom.

Razer neću kupiti iz principa. Ne mare za arahnofičnu i ofidijofobičnu rulju.
Moj PC  
trajni link
1 0
seneka 
16 godina
neaktivan
offline
uto 29.9.2009 13:32
Odgovori Citiraj
Nametnici - što obrisati

ako imaš malwarebytes free i čistio si s njm..skini superantispyware free edition i on će dovršiti posao(nadam se..)
i makni taj spybot,još ga imaš u rezidentnoj zaštiti..još bi se dalo tu svašta maknut/isključit iz startup-a,npr taj ctfmon.exe., quick time,spybot tea timer..itd
.. pri tom mislim na to da se odčekira u  startupu:start->run-> upis: msconfig ->OK->startup  ...  ali ovo ti je sad bitnije..

EDIT:za fix u hijacku treba biti sto posto siguran..
EDIT:bilo bi interesantno vidjeti šta to malwarebytes ne briše..ili u njegovoj karanteni ili u zanemarenim stavkama..

Poruka je uređivana zadnji put uto 29.9.2009 14:34 (seneka).
Moj PC  
trajni link
0 0
cassini 
16 godina
protjeran
offline
sri 30.9.2009 9:18
Odgovori Citiraj
Nametnici - što obrisati

hvala na prijedlozima, ali nije pomoglo - uvijek se nađe poneki novi malware,trojan i sl...

pa sam napravio repair - al kod učitavanja nije našao network fileove (iako je repair išao sa istog CDa kao i instalacija) pa sad ne mogu na net!!

kako to popraviti???

Poruka je uređivana zadnji put sri 30.9.2009 9:18 (cassini).
Moj PC  
trajni link
0 0
Razer_Copperhead 
17 godina
neaktivan
offline
sri 30.9.2009 9:40
Odgovori Citiraj
Nametnici - što obrisati

Za riješiti se napasnika skreniraj PC s CounterSpyareom , a mrežu pokušaj popraviti s ovim programom.

''I have seen the promised land, but I may not get there with you.'' - Martin Luther King Jr.
 
trajni link
0 0
1
Nova poruka
Pronađi
Prijava korisnika
E-mail:
Lozinka:
 
Aktivne teme
vrh stranice
Copyright © 2008 - 2025 Bug d.o.o. sva prava pridržana.