|
22.08.2006., 17:08 | #1 |
Doktor znanosti!
Datum registracije: Apr 2005
Lokacija: Zg,Peščenica/borongaj
Postovi: 1,311
|
Neki novi virus?kako ga se riješiti?
Nije to virus, nego više trojanac ili tako nešto. Stalno mi blinka u traju da imam virus neki i tjera me da skinem program ovaj Google mi je namješten kao homepage ali mi ulazi u ovo http://img174.imageshack.us/img174/2226/bezimenatv2.jpg Prpbao sam s ewido i AVG ali mi ne riješava problem. I nemogu nikako isključiti to.. Help? |
22.08.2006., 17:24 | #2 |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,064
|
U safe-modu pročešljaj sa spybot search & destroy, ad-aware, i hijack this-om. Ako nisi siguran za hijack this, postaj tu log. |
|
|
Oglas
|
|
22.08.2006., 18:02 | #3 |
Contra bonos mores
Datum registracije: May 2006
Lokacija: Osijek
Postovi: 159
|
Neka od smitfraud verzija, trebat ce ti hijack u ovom slucaju. Prvo baci pogled OVDJE i vidi sto su još od dodatnih alata koristili da ne čitamo sad sve ( zašto si ne uštediti vrijeme ) a pregled hijack log-a obavimo ovdje.
__________________
|
22.08.2006., 18:49 | #4 |
Premium
Datum registracije: Dec 2005
Lokacija: na sombra
Postovi: 1,044
|
AVG je ''šupalj'' za te stvari ak se nemreš riješit virusa probaj system restore ili image ak imaš |
22.08.2006., 19:12 | #6 |
Premium
Datum registracije: Mar 2006
Lokacija: Opatija
Postovi: 33,433
|
Standardan savjet: prijeđi na Firefox ili Operu pa ćeš imati manje s**nja sa raznim spywareom.
__________________
"Dvije stvari su beskonačne - svemir i ljudska glupost. Za svemir nisam siguran." A. Einstein |
22.08.2006., 19:20 | #7 |
Doktor znanosti!
Datum registracije: Apr 2005
Lokacija: Zg,Peščenica/borongaj
Postovi: 1,311
|
Evo loga. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 19:09:14 22.8.2006 + Scan result: HKU\S-1-5-21-1177238915-1202660629-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined). ::Report end Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Bano\Desktop\HijackThis.exe O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe O4 - HKLM\..\Run: [691267d1.exe] C:\WINDOWS\system32\691267d1.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [691267d1.exe] C:\Documents and Settings\Bano\Local Settings\Application Data\691267d1.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) smitRem © log file version 3.1 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: uto 22.08.2006 The current time is: 19:09:54,78 Running from C:\Documents and Settings\Bano\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url Security Troubleshooting.url ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ ismon.exe isnotify.exe issearch.exe amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 808 'explorer.exe' Killing PID 808 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! |
22.08.2006., 19:22 | #8 |
Doktor znanosti!
Datum registracije: Apr 2005
Lokacija: Zg,Peščenica/borongaj
Postovi: 1,311
|
T su logovi od ewida , hijackthis-a i smitfiles. Dajte mi neko bolje riješenje a ne prijeđi na firefox i slično..Ja koristim lisicu a starci IE.. Navikli se i nemogu drugačije.. |
22.08.2006., 19:40 | #9 |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,064
|
E ovako briši slijedeće: O2-BHO(noname)-{873eb32d-ae1a-4183-89bd-45a77f761be4}-C:\WINDOWS\system32\ixt0.dll O4 - HKLM\..\Run: [691267d1.exe] C:\WINDOWS\system32\691267d1.exe O4-HKCU\..\Run:[691267d1.exe]C:\DocumentsandSettings\Bano\LocalSettings\Application Data\691267d1.exe O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) Probaj Spybot S&D kao anti-spyware, jer ima imunizaciju za IE Zadnje izmijenjeno od: tutix. 22.08.2006. u 19:50. |
|
|
Oglas
|
|
|
|