MyCity » Ambulanta -> Arhiva Ambulante » Kako ukloniti ovog spyware-a?

Kako ukloniti ovog spyware-a?

Napisano na dan: 28.9.2007

Strana:
1
2

Kako ukloniti ovog spyware-a?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Evil Ghost Poslao: 28 Sep 2007 00:51 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dakle evo šta me muči, skidao sam neki ActivX i napakovaše mi se neke gluposti na jednom sajtu. Evo kakva sve obaveštenja dobijam, a ne znam zašto mi je počeo IE da nudi da skidam kojekakve antiSpy i AV: Evo i loga HJT: Logfile of HijackThis v1.99.1 Scan saved at 0:44:58, on 28.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe c:\docume~1\korisnik\locals~1\temp\a2antitrojan\a2service.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bluetooth\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Online Video Add-on\isfmntr.exe C:\Program Files\Online Video Add-on\icthis.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Online Video Add-on\icmntr.exe C:\Program Files\Online Video Add-on\isfmm.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bluetooth\BlueSoleil.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\regmod.exe C:\Program Files\Opera 9.5 alpha\Opera.exe E:\M U Z I K A\Nova fascikla\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ffinder.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\system32\ieffse32.dll O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll (file missing) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Search - ?p=ZN O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{7C316C31-68E5-49BD-9B6D-3B8F479592FF}: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\docume~1\korisnik\locals~1\temp\a2antitrojan\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Bluetooth\BTNtService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

DEMIAN Poslao: 28 Sep 2007 13:27 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronađi ove fajlove: C:\WINDOWS\system32\ieffse32.dll C:\Program Files\Online Video Add-on\isfmdl.dll C:\Program Files\Online Video Add-on\ictmdl.dll C:\WINDOWS\system32\regmod.exe Pošalji mi to sve preko ovog linka > http://www.mycity.rs/ambulanta-upload.php U slučaju da neke od njih ne možeš da pronađeš (vizualno) po putanji, uključi opcije za prikaz skrivenih fajlova. -------------------- 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

Evil Ghost Poslao: 28 Sep 2007 16:38 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ovako: C:\Program Files\Online Video Add-on\ictmdl.dll nema - ga. Log SmitFraudFix v2.232 Scan done at 16:26:00,01, pet 28.09.2007 Run from C:\Documents and Settings\korisnik\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}"="aldoa" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}"="aldoa" »»»»»»»»»»»»»»»»»»»»»»»» End Evo i novog HJT loga: Logfile of HijackThis v1.99.1 Scan saved at 16:34:37, on 28.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\docume~1\korisnik\locals~1\temp\a2antitrojan\a2service.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bluetooth\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Online Video Add-on\isfmntr.exe C:\Program Files\Online Video Add-on\icthis.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Online Video Add-on\icmntr.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bluetooth\BlueSoleil.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Online Video Add-on\isfmm.exe C:\WINDOWS\system32\regmod.exe C:\Program Files\Opera 9.5 alpha\opera.exe C:\Documents and Settings\korisnik\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ffinder.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\system32\ieffse32.dll O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll (file missing) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Search - ?p=ZN O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{7C316C31-68E5-49BD-9B6D-3B8F479592FF}: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\docume~1\korisnik\locals~1\temp\a2antitrojan\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Bluetooth\BTNtService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

DEMIAN Poslao: 28 Sep 2007 19:00 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

Evil Ghost Poslao: 28 Sep 2007 19:13 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-09-21.2 - "Dejan" 2007-09-28 19:08:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.159 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\korisnik\APPLIC~1\inst.exe . ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 ))))))))))))))))))))))))))))))) . 2007-09-28 19:07 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-28 16:01 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-28 16:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-28 16:01 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-28 16:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-28 16:01 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-09-28 16:01 2,732 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-28 00:04 93,878 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-09-28 00:04 299,008 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-09-27 23:51 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-09-27 23:51 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-09-27 23:51 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-09-27 23:51 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-09-27 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-27 18:57 4 --a------ C:\WINDOWS\system32\bsnzafqa.bin 2007-09-27 18:28 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-09-27 18:26 569 --a------ C:\WINDOWS\system32\cfg.dat 2007-09-27 18:26 31,232 --a------ C:\WINDOWS\system32\regmod.exe 2007-09-27 18:26 19,456 --a------ C:\WINDOWS\system32\ieffse32.dll 2007-09-27 18:26 <DIR> d-------- C:\Program Files\Online Video Add-on 2007-09-27 17:54 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy 2007-09-27 17:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy 2007-09-26 15:32 <DIR> d-------- C:\Program Files\MakeHuman 2007-09-26 14:38 <DIR> d-------- C:\Program Files\CyberLink 2007-09-24 14:05 <DIR> d-------- C:\Program Files\Notepad++ 2007-09-24 14:05 <DIR> d-------- C:\DOCUME~1\korisnik\APPLIC~1\Notepad++ 2007-09-24 01:51 0 --a------ C:\WINDOWS\ablebatchconverter.dat 2007-09-19 13:03 <DIR> d-------- C:\Program Files\MSN Messenger 2007-09-15 14:41 92,480 --a------ C:\WINDOWS\system32\ctmmhspu.dll 2007-09-13 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ActMask 2007-09-13 17:16 856,064 --a------ C:\WINDOWS\system32\SaveTo.dll 2007-09-13 17:16 2,380,800 --a------ C:\WINDOWS\SaveTo.exe 2007-09-13 17:16 2,000,124 --a------ C:\WINDOWS\system32\PrtSetupX.exe 2007-09-13 17:16 1,392,640 --a------ C:\WINDOWS\system32\ActPDF.dll 2007-09-13 14:21 666,694 --ahs---- C:\WINDOWS\system32\orutv.bak2 2007-09-12 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage 2007-09-12 16:35 6,414 --ahs---- C:\WINDOWS\system32\orutv.bak1 2007-09-12 02:32 <DIR> d-------- C:\Program Files\Srpski Interfejs za Office 2007 2007-09-11 16:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-11 15:22 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-09-11 15:22 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-09-11 14:59 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-09-11 14:56 <DIR> d-------- C:\Program Files\Microsoft Works 2007-09-11 14:56 <DIR> d-------- C:\Program Files\Microsoft Office 2007 Info Path 2007-09-11 14:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-09-11 14:46 <DIR> dr-h----- C:\MSOCache 2007-09-11 11:16 <DIR> d-------- C:\Program Files\Total Commander 7.02 2007-09-11 01:19 <DIR> d-------- C:\Program Files\Opera 9.5 alpha 2007-09-09 22:48 <DIR> d-------- C:\Program Files\Common Files\Real 2007-09-09 15:13 <DIR> d-------- C:\DOCUME~1\korisnik\APPLIC~1\Aquarius Soft 2007-09-09 15:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aquarius Soft 2007-09-09 15:12 <DIR> d-------- C:\Program Files\Aquarius Soft 2007-09-05 13:55 <DIR> d-------- C:\DOCUME~1\korisnik\APPLIC~1\Corel 2007-09-04 17:36 299,520 --a------ C:\WINDOWS\uninst.exe 2007-09-04 17:36 <DIR> d-------- C:\Program Files\Fisher 2007-09-04 17:36 <DIR> d-------- C:\DOCUME~1\korisnik\WINDOWS 2007-09-03 18:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-09-03 18:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-08-29 23:20 <DIR> d-------- C:\Program Files\Foxit Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-27 23:22 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-26 14:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink 2007-09-26 14:37 505392 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-09-26 12:02 --------- d-------- C:\Program Files\Audio Grabber 2007-09-24 01:17 --------- d-------- C:\Program Files\Mv2Player 2007-09-19 13:48 --------- d-------- C:\Program Files\Yahoo! 2007-09-17 19:05 --------- d-------- C:\Program Files\Tutorials 2007-09-11 02:21 --------- d-------- C:\DOCUME~1\korisnik\APPLIC~1\Opera 2007-09-11 01:49 --------- d-------- C:\Program Files\Opera 2007-09-03 20:32 47360 --a------ C:\DOCUME~1\korisnik\APPLIC~1\pcouffin.sys 2007-08-27 01:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk 2007-08-26 23:53 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-08-24 12:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth 2007-08-24 11:58 --------- d-------- C:\Program Files\Bluetooth 2007-08-05 16:20 --------- d-------- C:\DOCUME~1\korisnik\APPLIC~1\ACD Systems 2007-08-05 16:12 --------- d-------- C:\Program Files\Common Files\ACD Systems 2007-08-05 16:12 --------- d-------- C:\Program Files\ACD Systems 2007-08-05 15:25 --------- d-------- C:\DOCUME~1\korisnik\APPLIC~1\CyberLink 2007-08-05 15:18 --------- d-------- C:\Program Files\Winamp 2007-08-04 23:31 --------- d-------- C:\DOCUME~1\korisnik\APPLIC~1\Ulead Systems 2007-08-04 23:31 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems 2007-08-04 23:30 --------- d-------- C:\Program Files\Ulead Systems 2007-08-04 20:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-08-04 03:57 --------- d-------- C:\Program Files\Lexmark_HostCD 2007-08-04 03:57 --------- d-------- C:\Program Files\Lexmark 2007-08-04 03:43 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-08-04 03:43 299392 --a------ C:\WINDOWS\system32\imon.dll 2007-08-04 03:43 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-08-04 03:14 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-08-04 02:25 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-08-04 02:18 --------- d-------- C:\Program Files\WMA to MP3 Converter 2007-08-04 02:11 --------- d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-04 02:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision 2007-08-04 02:06 --------- d-------- C:\Program Files\HyperSnap-DX 5 2007-08-04 02:03 --------- d-------- C:\Program Files\BS Player 2007-08-04 01:52 --------- d-------- C:\Program Files\YuRecnik 2007-08-04 01:51 --------- d-------- C:\DOCUME~1\korisnik\APPLIC~1\WinRAR 2007-08-04 01:46 --------- d-------- C:\Program Files\Total Commander 6.56 2007-08-04 01:38 --------- d-------- C:\Program Files\ProDESKTOP 8.0 2007-08-04 01:29 --------- d-------- C:\Program Files\Common Files\Corel 2007-08-04 01:28 --------- d-------- C:\Program Files\Corel 2007-08-04 01:24 --------- d-------- C:\Program Files\Alcohol Soft 2007-08-04 00:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems 2007-08-04 00:19 26 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-04 00:16 --------- d-------- C:\Program Files\ASUS USB ADSL Modem 2007-08-03 20:20 --------- d-------- C:\Program Files\Nero 6.6.0 2007-08-03 20:20 --------- d-------- C:\Program Files\Common Files\Ahead 2007-08-03 20:10 --------- d-------- C:\Program Files\My Company Name 2007-08-03 20:09 --------- d-------- C:\Program Files\ATI Technologies 2007-08-03 20:03 --------- d-------- C:\Program Files\VIA 2007-08-03 20:03 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-03 20:02 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-08-03 20:02 --------- d-------- C:\Program Files\AvRack 2007-08-03 20:01 --------- d-------- C:\Program Files\AMD 2007-08-03 19:34 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C6426B-FB16-4123-ACBE-74D94FB0E663}] 2007-09-27 18:26 19456 --a------ C:\WINDOWS\system32\ieffse32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}] 2007-09-28 16:28 11776 --a------ C:\Program Files\Online Video Add-on\isfmdl.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"= C:\Program Files\Online Video Add-on\ictmdl.dll [ ] [HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-04 03:43] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "PrintDisp"="C:\WINDOWS\system32\PrintDisp.exe" [] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-04 02:11:23] BlueSoleil.lnk - C:\Program Files\Bluetooth\BlueSoleil.exe [2007-08-24 11:58:50] DSLMON.lnk - C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe [2007-08-04 00:16:15] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-08-03 20:03:54] C:\DOCUME~1\korisnik\STARTM~1\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54] R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-28 19:10:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-09-28 19:11:23 C:\ComboFix-quarantined-files.txt ... 2007-09-28 19:11 . --- E O F ---

Profil

DEMIAN Poslao: 28 Sep 2007 20:41 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moraću da te "namučim" za još jedan upload. C:\Program Files\Online Video Add-on (kompletan folder) C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\WS2Fix.exe C:\WINDOWS\system32\tmp.reg Strpaj u jedan zip/rar i pošalji. Još jedna stvar usput: Preuzmi LSPFix sa linka ispod: http://www.downloads.subratam.org/lspfix.zip Raspakuj ga iz arhive na Desktop i samo ga pokreni. Ne moj da brišeš ništa. Samo slikaj ekran programa i okači mi tu sliku ovde.

Profil

Evil Ghost Poslao: 28 Sep 2007 21:10 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sorry, sorry, sorry............ Majke mi zaboravio sam da ti upakujem u jedan folder, nadam se da ti neću napraviti neku zbrku?!!! Evo i sličice: Stvarno izvini još jednom, jbg malo sam popzdo! Dopuna: 28 Sep 2007 21:10 Poslao sam i rar. Još jednom sorry......

Profil

DEMIAN Poslao: 28 Sep 2007 22:34 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema problema.. nije bila namera Proverim ovo pa ti javim šta i kako dalje.. Dopuna: 28 Sep 2007 22:34 Pokreni HijackThis i označi ove linije: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ffinder.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/ O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\system32\ieffse32.dll O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll (file missing) O8 - Extra context menu item: &Search - ?p=ZN Klikni na "Fix Checked" Restartuj komp i podigni sistem u Safe Mode. Pronađi i briši fajlove: C:\WINDOWS\system32\regmod.exe C:\WINDOWS\system32\ieffse32.dll I kompletan folder: C:\Program Files\Online Video Add-on Kad podigneš sistem u normalan mod, skeniraj opet HijackThis-om i postavi mi nov log. (btw. promeni ime programa da ne asocira na HijackThis).

Profil

Evil Ghost Poslao: 28 Sep 2007 23:28 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! C:\WINDOWS\system32\ieffse32.dll nema ga u system32 i ako su upaljen i prikaz skrivenih fascikli i prikaz sadržaja sistematskih fascikli, ostalo je uspešno obrisano. Logfile of HijackThis v1.99.1 Scan saved at 23:24:57, on 28.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\docume~1\korisnik\locals~1\temp\a2antitrojan\a2service.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bluetooth\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bluetooth\BlueSoleil.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera 9.5 alpha\opera.exe C:\Documents and Settings\korisnik\Desktop\HJT\Bum.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ffinder.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - (no file) O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O17 - HKLM\System\CCS\Services\Tcpip\..\{7C316C31-68E5-49BD-9B6D-3B8F479592FF}: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\docume~1\korisnik\locals~1\temp\a2antitrojan\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Bluetooth\BTNtService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

DEMIAN Poslao: 29 Sep 2007 11:31 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evil Ghost ::C:\WINDOWS\system32\ieffse32.dll nema ga u system32 i ako su upaljen i prikaz skrivenih fascikli i prikaz sadržaja sistematskih fascikli, ostalo je uspešno obrisano. Ako nema - nema. Ništa sporno. Ja to gledam po onome što je izlistano u logovima, nisam za tvojim računarom Idemo dalje.. Obriši ponovo ovu liniju pomoću HijackThis-a.. O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing) Pronaći mi i pošalji i ove fajlove na proveru: C:\WINDOWS\system32\ctmmhspu.dll C:\WINDOWS\system32\SaveTo.dll C:\WINDOWS\SaveTo.exe C:\WINDOWS\system32\PrtSetupX.exe Reci mi koji si tačno software instalirao odavde ( http://www.emsisoft.com/en/software/ ) i da li se radi o free, trial ili plaćenoj verziji programa?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako ukloniti ovog spyware-a?

Ko je trenutno na forumu

Ukupno su 773 korisnika na forumu :: 2 registrovanih, 0 sakrivenih i 771 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: hyla, panzerwaffe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by