Poslao: 28 Nov 2006 16:38
|
offline
- Pridružio: 11 Maj 2006
- Poruke: 52
- Gde živiš: nis
|
Ovako :
prilikom startovanja windows eksplorera , odmah me salje na youricsecure.com i trazi neke pare ......
Navodno sam zarazen sa w32.myzor.fk@yf
firefox radi normalno
Kasperski 6 nije nasao nista ?
I sad ......
|
|
|
|
|
Poslao: 30 Nov 2006 10:00
|
offline
- DraganZR
- Novi MyCity građanin
- Pridružio: 09 Nov 2006
- Poruke: 10
|
Ja sam imao slican problem...
resio sam ga na sledeci nacin:
Problem sam resio koriscenjem AVG Antispyware (bivsi Ewido):
ewido.net/en/download/
Skinuo sam taj program, proskenirao racunar i nakon ciscenja koje taj program obavio, postavio sam svez HijackThis log.
Pre nego sto sam napravio sledeci log, promenio sam ime programa iz HijackThis.exe u H2.exe (ili moze i bilo koje drugo ime), pa tek onda napravio log. Ime foldera u kome se program nalazi takodje sam promenio da ne asocira na HijackThis.
Dopuna: 30 Nov 2006 10:00
pogledaj ovu temu na forumu:
mycity.rs/Ambulanta/Kako-se-resiti-W32-Myzor-FKyf.html
|
|
|
|
Poslao: 30 Nov 2006 10:50
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
@DraganZR
Ambulanta ima tim koji u njoj radi i koji je zaduzen za resavanje slucajeva koji se ovde nalaze. Svaki slucaj se posebno tretira, i ne ostavljamo korisnicima da sami resavaju probleme koje su ovde postavili.
|
|
|
|
Poslao: 01 Dec 2006 21:08
|
offline
- Pridružio: 11 Maj 2006
- Poruke: 52
- Gde živiš: nis
|
Ok boby,moj prijatelj ima sp1,i pre jedno mesec-dva se prikljucio na adsl i nije nesto preterano iskusan korisnik .
da li da ti saljem log ili ne?
Dopuna: 01 Dec 2006 21:06
ili da napravim log na mom komp-y i da uporedim sa njegovim pa da obrisem sve sto nije isto?
Dopuna: 01 Dec 2006 21:08
kazem,firefox koji sam mu instalirao kao privremeno resenje radi potpuno normalno.
|
|
|
|
Poslao: 01 Dec 2006 21:26
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Bolje nama posalji log. Ne mozes stvar da resis uporedjivanjem logova jer mozes da zeznes ucitavanje drajvera koji su vam razliciti.
To sto je samo IE otet od strane ove napasti, a FF radi, to nije dovoljan razlog na tome se zaustaviti. Vecina malicioznih programa ima mogucnot auto-updatea, pa moze jednog dana da se pojavi nova verzija koja ce napraviti neku vecu stetu.
|
|
|
|
|
|
Poslao: 05 Dec 2006 21:18
|
offline
- Pridružio: 11 Maj 2006
- Poruke: 52
- Gde živiš: nis
|
Logfile of HijackThis v1.99.1
Scan saved at 5:57:21 PM, on 12/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Video Wonder Pro III\RecSche.exe
C:\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alarm\Alarm Tray.exe
C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\NCLAUNCH.EXe
D:\Ljubisa\3333333\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RecSche] C:\Video Wonder Pro III\RecSche.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\System32\oebxpba.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Sa malim zakasnjenjem , evo log file !
Komp. je skeniran sa AVP i ovo je log posle tog skena.Kasperski 6.0.0.300 nista ne nalazi .
Pa , Boby , kada budes imao pogledaj .
poz.
|
|
|
|
|