Spyware
 

ovako: imam addaware, spyware doctor, spyware nuker, search and destroy, spyspotter i niti jedan mi nije rijesio problem iako sam ih sve updejta i checka sam cili disk izbrisao ono sto je nasao ali ne jos me to gnjavi. ovo je problem:
kad udem u explorer ie ili mozzila svejedno imam kao neki spyware koji mi pribaci na neku stranicu svako dvi minute. i nemoggu se toga rijesiti. izbrisao sam browsere ali opet se ponavlja isto. poludio sam vise. ima li neki nacin da to zbrisem sve. jos i nemogu cod igrati zbog toga

http://forum.pcekspert.com/showthrea...&threadid=9637
Posebno dio o HijackThis...

evo:
Logfile of HijackThis v1.99.1
Scan saved at 19:41:09, on 28.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Gman\LOCALS~1\Temp\Rar$EX00.062\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{41917F86-3C49-49F6-B8D3-B1D344003091}: NameServer = 195.29.150.3 195.29.150.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{41917F86-3C49-49F6-B8D3-B1D344003091}: NameServer = 195.29.150.3 195.29.150.4
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\jtr2079oe.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

moze netko?

ljudi molim vas pomozite hitno je:confused:

isuse pa zar mi nitko nemoze pomoci

Pošalji Costi PM da pogleda log,možda nije vidio.

nemogu vjerovati... zna li itko osim coste ovo jer on ne odg na pm,

Probaj ovdje : http://forums.spywareinfo.com/index.php?showforum=18

prva stvar: makni si sve te spyware nukere, blastere, doktore, kurcheve. rade samo zlo. ostavi samo ad-aware i spybot s&d.
koristi cwshredder. i hijack this.

nakon sto si unistalirao sva ta sranja, pogledaj ako mozda u add/remove imas kakav internet optimizer, bonzey buddy nekakve toolbarove za internet explore ili slicno. uninstall.

nakon toga sa hijack this makni:
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

(ova dva makni ako ne koristish icq toolbar...a vjerujem da ti ne koriste)

O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
(ako je ostao i nakon unistalla)

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML (takodjer ako ne koristish icq toolbar)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe

u pravilu, ovdje nije nista posebno kriticno.

nakon sto si to sve napravio, sa UPDATE-anim ad-awareom skeniraj disk (neka bude ukljuceno scan within archives) i stavi full scan svih lokalnih diskova.

procesljaj josh jednom hijack this-om i opet postaj log. mozda ne skocim na ovaj podforum precesto, pa me obavijesti i pm-om.

Logfile of HijackThis v1.99.1
Scan saved at 18:49:47, on 1.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Gman\LOCALS~1\Temp\Rar$EX00.662\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{41917F86-3C49-49F6-B8D3-B1D344003091}: NameServer = 195.29.150.3 195.29.150.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{41917F86-3C49-49F6-B8D3-B1D344003091}: NameServer = 195.29.150.3 195.29.150.4
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\ktr8l79u1.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

kakve ti stranice posjecujes?hebote pa 100 programa iams za micanje tih gluposti,ja imam samo firewall,sygate i nikakvih anti spyware programa i nemam niti jedan spyware,virus niti bilo sta drugo....

Zato što su mu svi ti kao "antispywarei" već i sami spywarei.

unistalliraj spyware doctora, za sta god on bio doktor.

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll


ako ne koristis previshe msn messenger, iskljuci njegovo pokretanje prilikom startupa.

isto ti vrijedi i za icq. cisto da si oslobodish memoriju, pa si rucno pokreci te stvari kada se spajash na internet. naravno to sve stoji ako ti ne trebaju odmah. ;)

pozz

AJDE MOLIM VAS LJUDI AKO NETKO IMA VOLJE STVARNO TREBAM POMOC. atha fala ali jos uviijek mi prebacuje na neke str

Bio sam na odmoru tjedan dana pa se nisam mogao javiti. Napravi sve sto je atha rekao pa posalji novi log.