desktop spyware

[vxr180]

kako ukloniti ovo, i promijeniti pozadinu?

[sNNooPY]

http://forum.pcekspert.com/showthrea...threadid=20567
http://forum.pcekspert.com/showthrea...&threadid=9637

[atha]

cwshredder. scanirati.

ad-aware, scanirati.

hijackthis. scanirati i postati log ovdje.

[vxr180]

atha da li si na ovo mislio?


Logfile of HijackThis v1.99.1
Scan saved at 22:45:57, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Sven\Local Settings\Temp\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Hello from Picasa Capture - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in &Hello from Picasa - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://wanwanhouse.homeip.net/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AC59EE-C7FC-492E-97D4-D698DBC861C5}: NameServer = 195.29.150.3,195.29.150.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[atha]

ukloni slijedece:

R3 - Default URLSearchHook is missing
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

-------------------
download accelerator ti zaista nece pomoci, stoga predlazem njegov uninstall i uklanjanje slijedecih:

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

----------------
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://wanwanhouse.homeip.net/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll


vidim da si nakupio masu govanaca sa interneta, odnosno volish skinuti sve sto ti ponude... pripazi malo na to.

sto je ti ono sto se nalazi u "C:\Program Files\Hello\PicasaCapture" ?

ako ne koristish, preporucam da uklonish, i nakon toga za provjertu postaj josh jednom hijack this log.

jesi scanirao sa cwshredder?

[vxr180]

uklonio sam ono sto si mi napisao i sve je izgledalo kao da je ok dok nisam restartao komp. nakon sto sam otvorio IE i upisao neku adresu dosao je neki error: IE can not open this page.

a posto windowse nisam reinstralirao vise od 2 godine,pala je odluka na format c:

eh sada..kad vec idem ispocetka volio bi kad bi mi preporucio koji antivirus koristiti (dosad sam imao norton2005) i koje programe antispy..imao sam ad aware pro, i spyboot ali nisu mi se cinili previse dobri pa trazim preporuku. znam da si mi dao gore nekoliko linkova ali neznam da si mislio da ih sve skinem i koristim?

btw zelio bi nabracit backup ali neznam kako se to radi. kad sad usnimim sve drivere i sve potrebno to bih napravio u slucaju da mi se nesto smrda da samo vratim na to pocetno stanje. sa kojim programom?! kako? znam da je ovo podforum virusi ali da ne otvaram neki topic bezveze negdje..



malo sam razvukao al eto


hvala

[atha]

samo si promijeni "home page" kada si u IE, idesh na tools --> internet options -- > home page.

ali svakako toplo preporucam format c: s obzirom da 2 godine nisi stavljao sustav na "fishko".
nemoj sada raditi nikakav backup, jedan duboko format ti treba, ponovno si podesi drivere,
samo si osobne podatke snimi na cd ili prebaci na drugu particiju ako je imash i to je to.

ako nemash xp, preporucam xp sa sp2.
antivirus: avg. jednosatavno mi se pokazao najbolji od svih antivirusa koje sam isprobavao.
sa time da niti avast niti nod32 nisu loshi.

ad-aware je meni najbolji tool za ciscenje spyware-a i odrazavnje racunala.
koristim i spybot s&d. takodjer sa cwshredderom preporucam tu i tamo sknenirati disk i sa hijack this.
ako ne znash samo sto uklonish, copy/pasteash log na forum.

od firewalla preporucam zone alarm. takodjer dobri su kerio i sygate personal firewall.

[vxr180]

evo osposobio sam sustav, imam sp2

zasad imam nortona jer zanjega imam cd key ali probat cu nabaviti avg .

e sada jos jedna stvar, imam spyboot ali kada htio downloadat updates nesto mi nije htio ovo ono..pogledat cu mozda ima novija verzija.

ali kod ad-aware pro. skinem update i vidim datum tog updateda je 2004 godina..nekako mi se to cini staro. probam opet update i kaze da nema novih. ???!!!

[vxr180]

e da, i jos jedno pitanje. kakav je ewido? vrijedili li to sta? naspram ad aware spyboota itd?

[atha]

Citiraj:

Originally posted by vxr180
evo osposobio sam sustav, imam sp2

zasad imam nortona jer zanjega imam cd key ali probat cu nabaviti avg .

e sada jos jedna stvar, imam spyboot ali kada htio downloadat updates nesto mi nije htio ovo ono..pogledat cu mozda ima novija verzija.

ali kod ad-aware pro. skinem update i vidim datum tog updateda je 2004 godina..nekako mi se to cini staro. probam opet update i kaze da nema novih. ???!!!

osposobio si stari sustav ili si digao novi?

nabavi se ad-ware se personal. mislim da je verzija 1.06. cisto dovoljno i uredno update-a.

avg je potpuno free verzija, samo sto te svakih godinu dana pita da potvrdish besplatni key koji ti i dodijele prilikom instalacije.
imho, ad-aware ima prednost pred ostalima alatima za ciscenje spyware-a.

[vxr180]

digao novi. mislio sam osposobio, slozio da mogu na net,drivere i ostalo

ok nabavit cu avg.
i probat cu skinuti negdje taj adaware personal

tnx za sve informacije.

nego sad samo da usnimim jos neke gluposti onda cu postat ovdje log file pa me bas zanima da li imam vec nesto sto nije potrebno. sa hijackthi

[atha]

imash tu na sofwtawareu neke teme i preporuke za osnovni software i podeshavanje sistema. koristi samo siguran i vec isproban sofftware od strane drugih korisnika sa iskustvima. ne instaliraj svasta sto ti se ponudi na netu, koristi samo ono sto ti treba, uz pravi AV te ostali software i utilitiese za sigurnost i odrzavanje, neces nikad imati vecih problema.

[Moki]

Isto se i meni ovo desilo o i vxr180 i nista mi nije pomoglo nego format c:
Prije sam koristio Nortona a sad koriszim NOD u kombinaciji s ZA i Ad-Aware pa se nadam da da mi se ovo nece vise desiti. Usput evi i Hijacktis log pa ako mozes atha da ga provjeris.

Logfile of HijackThis v1.99.1
Scan saved at 9:10:00 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BIL-ISDN\isdnsta.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\StatBar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\PC\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter/Exploder
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISDNStatus] C:\Program Files\BIL-ISDN\isdnsta.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stat Bar 2.46.lnk = C:\StatBar.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Pozdrav Moki!

[atha]

sve je ok, samo sto ce ti toliko pluginova za acrobat reader? radish puno sa pdf-om ili?

[Moki]

Ne nekoristim se puno s pdf-om nego to je automatski instalirano. Dali da ih uklonim.
Pozdrav Moki!

[atha]

ja sebi obicno skinem sve "viskove", odnosno sve sto ne koristim.

nek se costa malo javi, da vidimo sto on kaze.

[Moki]

Ok pricekat cemo savjet od coste
Pozdrav

[spawn]

Ovih dana isprobavam SPYWARE DOCTOR i mogu slobodno reci da je bolji od ad aware-a i s&d. Skinuo mi je desktop hijacker-e ,web hijackere i sve ostale "srvarcice". Za sada je za mene no1 SPYWARE DOCTOR.
Kosta 30 dolara .

http://www.pctools.com/spyware-doctor/

[domy_os]

Spy Sweeper je isto odličan.

[demetrius]

Citiraj:

Originally posted by Bruno_Rv
Ovih dana isprobavam SPYWARE DOCTOR i mogu slobodno reci da je bolji od ad aware-a i s&d. Skinuo mi je desktop hijacker-e ,web hijackere i sve ostale "srvarcice". Za sada je za mene no1 SPYWARE DOCTOR.
Kosta 30 dolara .

http://www.pctools.com/spyware-doctor/

taj kažeš budem skinuo i probao maknuo sam spybuta,koristim samo ZA:SS spywer,30 dolara kažeš,naći se negdje i freeware verzija .

[rendula]

Danas mi je sestra uspjela pokupiti taj desktop spyware, postupak uklanjanja, nakon što sam sve pročešljao svim programima koji nisu uspjeli, je bio sljedeći:
control panel-display-desktop-customize desktop-web i tamo izbrisati security.

[atha]

da, moze se, ali i ne uvijek. postoje razne instance desktop spyware-a, no ne implementiraju se bash sve kao postavka unutar display propertiesa.

[LightForce1308]

Pozdrav svima.

Meni je isto bila ta slika i uspio sam maknit Spybot S&D-om i NOD32 sta sam bio pokupio.

Dobio sam ga tako d sam iso sa braticem zaigrat Frozen trone u mrezi, i nisam skonto da sam na netu, a iskljucio sam firewall. odjednom je pocelo stekat, minimiziram i pojavi se ta slika. Nakon restarta NOD32 i ZA nemogu uopce pokrenit, pobrisem sta sam uspio sa S&D, instaliram NOD, pobrisem sta je on imo, sredim Registry sa Registry Mechanicom i sad mi nista vise ne nalazi. Ali nemogu istalirat ZA. Probo sam i Outpost on jednostavno nee se pokrenit.

Za ZA mi kaze da je TrueVector Monitor vec pokrenut, da ga u servisima iskljucim i da ce onda moc instalirat. C:\windows\system32\zonelabs\vsmon.exe mi nemoze uopce izbrisat ni iz dosa, pokuso sam podici sa NTFSboot-om i nemoguga izbrist. ostale fileove iz foldera sam izbriso al njega nemogu. Isto tako mi je naso sa RootkitRevealerom jedno 8 fileova za koje kaze "Hidden from Windows API".

U proslih 2 tjedna sam formatiro jedno 10-ak puta tak da jednostavno nemam zivaca ponovo formatirat. jel imo ko taj broblem il da zna neko rjesenje osim formata.


Hvala

[demetrius]

Citiraj:

Originally posted by LightForce1308
Pozdrav svima.

Meni je isto bila ta slika i uspio sam maknit Spybot S&D-om i NOD32 sta sam bio pokupio.

Dobio sam ga tako d sam iso sa braticem zaigrat Frozen trone u mrezi, i nisam skonto da sam na netu, a iskljucio sam firewall. odjednom je pocelo stekat, minimiziram i pojavi se ta slika. Nakon restarta NOD32 i ZA nemogu uopce pokrenit, pobrisem sta sam uspio sa S&D, instaliram NOD, pobrisem sta je on imo, sredim Registry sa Registry Mechanicom i sad mi nista vise ne nalazi. Ali nemogu istalirat ZA. Probo sam i Outpost on jednostavno nee se pokrenit.

Za ZA mi kaze da je TrueVector Monitor vec pokrenut, da ga u servisima iskljucim i da ce onda moc instalirat. C:\windows\system32\zonelabs\vsmon.exe mi nemoze uopce izbrisat ni iz dosa, pokuso sam podici sa NTFSboot-om i nemoguga izbrist. ostale fileove iz foldera sam izbriso al njega nemogu. Isto tako mi je naso sa RootkitRevealerom jedno 8 fileova za koje kaze "Hidden from Windows API".

U proslih 2 tjedna sam formatiro jedno 10-ak puta tak da jednostavno nemam zivaca ponovo formatirat. jel imo ko taj broblem il da zna neko rjesenje osim formata.


Hvala

si pokušao u safet modu izbrisati??

[LightForce1308]

Da. u safe modu. pise da je proces pokrenut
pokuso sam ga i iz DOSa izbrisat, i sve fajlove u tom folderu je pobriso, ali za njega mi kaze da je invalid directory. to nikad nisam vidio. nemam vise ideja, a jednostavno mi se neda ponovno formatirat.

Nekako mi smrdi na rootkite. Nekontam se bas u njih, mal sam cito o njima na sysinternalsovoj stranici kad je bilo ono sranje sa sonyjem i DRM-om, ali sam iz fore probo skenirat rootkit revealerom, i pronaso ih je mislim 8, i pise za njih hidden from windows API.

[grizli]

Meni je ista slika kao onome prvome ali ima neki program za micanje toga pa mije izbrisao taj natpis i ostavio mi bijeli ekran pa opet nemrem staviti desktop po izboru
Evo ti od hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:50:33, on 23.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Segal\My Documents\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{274063A4-A9B2-4CAD-837C-DA0828951255}: NameServer = 85.255.116.55,85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{404FCE20-8CCC-46B7-B496-F0B9BCC7249B}: NameServer = 85.255.116.55 85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBCADCCB-D3BC-443B-B765-3C45FB836F8E}: NameServer = 85.255.116.55,85.255.112.188
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

[atha]

ok je.

jel mozesh vrtiti svoj antivirus, zone alaram, ad-aware uredno?
ako mozesh procesljaj sve.

kako en mozesh staviti desktop pozadinu po izboru? desni klik na desktop, active desktop -->show web content.

mozda ti je ostalo ukljuceno, iskljuci pa probaj.

[grizli]

Cijeli problem je što je meni na desktopu stavio html stranicu i ona ti prekriva tvoj desktop.
Meni je desktop normalno uključen

[grizli]

Ne treba skužio sam on mi je automatski na desktop stavljo securety stranice pa sam to zgasio i sve je u redu
Puno hvala

[atha]

nema na chemu, samo pitaj, a evo tu na podforumu ima dosta uputa kako ukloniti spyware te kako rjeshiti razne druge probleme.