Reklama ili stvarno virusi... Kao ovo zaustaviti?

-Air Stefan- · 24.11.2007. u 19:51

Od juce mi se u toku rada na racunaru javljaju poruke kao da mi je windows zarazen sa nekim opasnim virusom, i pita me da li zelim da ga izbrisem. ako pritisnem YES otvori mi stranicu u internet exploreru i nudi mi neko sranje od nekog anitivirusa ili sta vec:???
Uradio sam skeniranje sa NOD32, Spybot Search And destroy, Ad-aware Se professional i oni nista ne otkriju...
S toga sam zakljuchio da je to reklama(ispravite me ako gresim)...
Ali ne mogu nikako da je blokiram, svaka 2 minuta mi se pojavljuje isto, i sto je najgore tako mi usporava, i blokira komp...
Shta da radim:???
PS: Evo tacno linka koji mi se otvara klikom na YES

http://yourprivacyguard.com/privacy...a0005595307021545050e08011353430b541f54580d07, a nije samo ovaj, jer se smjenjuju...

dr_Bora · 24.11.2007. u 20:05

http://forum.krstarica.com/threads/167305

Isprati drugi deo teme (ono o postavljanju HT loga ) pa ćemo rešiti.

Inače, malware je u pitanju... Nije samo reklama.

-Air Stefan- · 24.11.2007. u 20:31

Logfile of HijackThis v1.99.1
Scan saved at 8:31:16 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Recycler\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\hffext\hffsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: The jokwmp - {3E57AE0B-0AAB-4919-B74E-8C29579C6CA5} - C:\WINDOWS\jokwmp.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [toolooze] C:\DOCUME~1\XP\APPLIC~1\METASI~1\Curb that tick.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rmvgor - {FDF95F53-8FC4-49A7-B504-4F8F80F455DF} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: sapnet - {BA4AB521-C47D-4733-9ED1-94EC96DBA8D8} - C:\WINDOWS\sapnet.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EvenSystems - Unknown owner - c:\Recycler\svchost.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

dr_Bora · 24.11.2007. u 21:02

Ovde svašta ima...

Pokreni HT, skeniraj i čekiraj sledeće linije:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: The jokwmp - {3E57AE0B-0AAB-4919-B74E-8C29579C6CA5} - C:\WINDOWS\jokwmp.dll (file missing)
O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
O23 - Service: EvenSystems - Unknown owner - c:\Recycler\svchost.exe

Klikni Fix Checked.

---------------------------------------------------------------------------------------------------------------------------------

Preuzmi The Avenger.
Preuzmi file skripta.txt koji je priložen uz poruku.

Raspakuj arhivu u neki folder
Dvoklikom pokreni avenger.exe
Klikni na taster OK u prozoru koji se otvori
Klikni na taster

- pronađi file skripta.txt, obeleži ga i klikni na taster Open
Klikni na taster

, a zatim klikni na taster Yes u sledeća dva prozora koji će se otvoriti
Kompjuter će se automatski restartovati
Kada proces bude gotov, logfile c:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj tog loga u temu na forumu

Kada sve bude gotovo, postavi svež HT log i avenger-ov log.

Btw, jel koristiš program Hide_Files_&_Folders?

-Air Stefan- · 24.11.2007. u 21:23

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\btsotebs

*******************

Script file located at: \??\C:\mtotjnmt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\popnetnmo.dll deleted successfully.

File C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe not found!
Deletion of file C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe failed!

Could not process line:
C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
Status: 0xc0000034

File c:\Recycler\svchost.exe deleted successfully.
File C:\WINDOWS\rmvgor.dll deleted successfully.
File C:\WINDOWS\sapnet.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

----------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:23:29 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\hffext\hffsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [toolooze] C:\DOCUME~1\XP\APPLIC~1\METASI~1\Curb that tick.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rmvgor - {FDF95F53-8FC4-49A7-B504-4F8F80F455DF} - C:\WINDOWS\rmvgor.dll (file missing)
O21 - SSODL: sapnet - {BA4AB521-C47D-4733-9ED1-94EC96DBA8D8} - C:\WINDOWS\sapnet.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
------------------------------------------------------------------------------------------------------------------------------------------------------------------
@BTW
Trenutno ne koristim Hide_Files_&_Folders, ali kada mi je potrebno da...

-Air Stefan- · 24.11.2007. u 21:44

Boro hvala ti na pomoci, izgleda da mi se posle ovoga, sto si mi rekao vise ono ne pojavljuje... jel to sve ili ima josh neshto shto treba da uradim:???

dr_Bora · 24.11.2007. u 21:53

Ima još...

Pokreni HT, skeniraj i čekiraj sledeće linije:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll (file missing)
O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
O4 - HKCU\..\Run: [toolooze] C:\DOCUME~1\XP\APPLIC~1\METASI~1\Curb that tick.exe
O21 - SSODL: rmvgor - {FDF95F53-8FC4-49A7-B504-4F8F80F455DF} - C:\WINDOWS\rmvgor.dll (file missing)
O21 - SSODL: sapnet - {BA4AB521-C47D-4733-9ED1-94EC96DBA8D8} - C:\WINDOWS\sapnet.dll (file missing)

Klikni Fix Checked.

---------------------------------------------

Obriši foldere:

C:\Program Files\Best_Security_Tips\
C:\avenger\

--------------------------------------------

Preuzmi Deljob.

Dvoklikom pokreni deljob.exe
Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
Iskopiraj sadržaj tog loga u temu na forumu

-Air Stefan- · 25.11.2007. u 09:12

--------------------------------------------------------
File(s) moved to C:\deljob

A355A953918A20E3.job
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is BCB3-CAB3

Directory of C:\Documents and Settings\XP\Application Data

11/23/2007 06:00 PM <DIR> .
11/23/2007 06:00 PM <DIR> ..
09/17/2007 04:31 PM <DIR> BITZIP~1 .BitZip
06/28/2007 11:29 AM <DIR> ACDSYS~1 ACD Systems
11/02/2007 04:15 PM <DIR> Adobe
10/08/2007 04:12 PM <DIR> AIMP
11/23/2007 06:00 PM <DIR> APPLEC~1 Apple Computer
07/29/2007 08:04 AM <DIR> Aston
08/28/2007 09:17 AM <DIR> ATI
07/11/2007 06:41 PM <DIR> BITTOR~1 BitTorrent
07/23/2007 07:12 AM <DIR> BSplayer
07/22/2007 10:07 PM <DIR> BSPLAY~1 BSplayer Pro
06/28/2007 12:42 PM <DIR> Corel
07/01/2007 10:13 AM <DIR> CYBERL~1 CyberLink
07/24/2007 01:56 PM <DIR> DivX
07/01/2007 11:08 AM <DIR> dvdcss
07/01/2007 02:29 PM <DIR> fltk.org
10/20/2007 01:35 PM <DIR> GETRIG~1 GetRightToGo
06/28/2007 11:37 AM <DIR> Google
11/23/2007 05:23 PM <DIR> gtk-2.0
08/20/2007 07:56 AM <DIR> Help
06/28/2007 09:35 AM <DIR> IDENTI~1 Identities
06/28/2007 11:30 AM <DIR> Lavasoft
11/24/2007 06:50 PM <DIR> LimeWire
10/09/2007 02:31 PM <DIR> LOSTMA~1 Lost Marble
11/06/2007 04:27 PM <DIR> MACROM~1 Macromedia
06/30/2007 03:11 PM <DIR> MEGAUP~1 MegauploadToolbar
11/15/2007 04:11 PM <DIR> METASI~1 meta site vc
11/18/2007 07:54 PM <DIR> MICROS~1 Microsoft
06/28/2007 11:38 AM <DIR> Mozilla
09/18/2007 03:58 PM <DIR> NCHSWI~1 NCH Swift Sound
08/22/2007 11:00 AM <DIR> OXIN'S~1 Oxin's Style!
11/03/2007 09:04 AM <DIR> PUBLIS~1 Publish Providers
10/20/2007 04:41 PM <DIR> Real
09/23/2007 02:11 PM <DIR> SEGA
08/20/2007 05:22 PM <DIR> Sony
07/23/2007 02:00 PM <DIR> STOIK
07/03/2007 07:57 PM <DIR> Sun
06/28/2007 11:38 AM <DIR> Talkback
07/09/2007 02:13 PM <DIR> TUNEUP~1 TuneUp Software
09/08/2007 09:32 PM <DIR> VCOM
07/10/2007 12:27 PM <DIR> ViStart
09/30/2007 07:42 PM <DIR> vlc
11/24/2007 02:15 PM <DIR> Vso
11/24/2007 09:20 AM <DIR> WEBPAG~1 Web Page Maker V2
07/03/2007 08:20 PM <DIR> WinRAR
0 File(s) 0 bytes
46 Dir(s) 12,815,458,304 bytes free
Volume in drive C has no label.
Volume Serial Number is BCB3-CAB3

Directory of C:\Documents and Settings\All Users\Application Data

11/23/2007 05:57 PM <DIR> .
11/23/2007 05:57 PM <DIR> ..
06/28/2007 11:29 AM <DIR> ACDSYS~1 ACD Systems
11/02/2007 04:05 PM <DIR> Adobe
11/02/2007 04:06 PM <DIR> ADOBES~1 Adobe Systems
11/23/2007 05:53 PM <DIR> APPLEC~1 Apple Computer
09/08/2007 09:35 PM <DIR> BVRPSO~1 BVRP Software
06/28/2007 11:49 AM <DIR> CYBERL~1 CyberLink
11/15/2007 04:41 PM <DIR> JUMPPO~1 Jump Poll Poke Mp3
10/07/2007 05:34 PM <DIR> MACROM~1 Macromedia
11/06/2007 04:27 PM <DIR> MACROV~1 Macrovision
08/23/2007 09:51 AM <DIR> MICROS~1 Microsoft
07/09/2007 05:18 PM <DIR> MSSCAN~1 MSScanAppDataDir
10/05/2007 06:49 PM <DIR> NCHSWI~1 NCH Swift Sound
08/03/2007 02:11 PM <DIR> NFSUND~1 NFS Underground
06/28/2007 12:58 PM <DIR> Raxco
11/15/2007 05:05 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
08/29/2007 08:16 PM <DIR> Trymedia
07/09/2007 02:12 PM <DIR> TUNEUP~1 TuneUp Software
11/16/2007 03:55 PM <DIR> YOYOGA~1 YoYoGames
0 File(s) 0 bytes
20 Dir(s) 12,815,478,784 bytes free
--------------------------------------------------------

dr_Bora · 25.11.2007. u 09:54

Potrebno je aktivirati prikaz skrivenih file-ova/foldera:
U Windows Explorer-u, Tools meni: Folder options: na View tabu:
-obeleži Show hidden files and folders
-dečekiraj Hide protected operating system files (Recommended)

----------------------------------------------------------------------------------------------------------------------------------

Pronađi i obriši sledeće foldere:

C:\Documents and Settings\XP\Application Data\meta site vc\
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\

Obriši i folder: C:\deljob
----------------------------------------------------------------------------------------------------------------------------------

Potrebno je resetovati System Restore:
Control Panel - System: System Restore tab: čekiraj Turn off System Restore on all drives.
Restartuj kompjuter, a zatim dečekiraj gornju opciju (tj. uključi SR).

Nakon svega, postavi svež HT log da proverim da li je sve u redu.

-Air Stefan- · 25.11.2007. u 18:25

Evo uradio sam sve kako si napisao, ali opet je pocelo da se pojavljuje:???
Evo najnovijeg HT loga:

Logfile of HijackThis v1.99.1
Scan saved at 6:19:50 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\hffext\hffsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: gormet - {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

dr_Bora · 25.11.2007. u 18:42

Sad si drugog skupio...

Preuzmi ComboFix sa jednog od sledećih linkova i sačuvaj ga na Desktop-u:
download link 1, download link 2

Privremeno isključi AV program kako ne bi ometao proces čišćenja
Dvoklikom pokreni ComboFix.exe i isprati uputstva
Nemoj klikati mišem u prozoru ComboFix-a dok radi!
Kada proces bude završen, logfile C:\ComboFix.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj tog logfile-a u temu na forumu

-Air Stefan- · 25.11.2007. u 19:41

ComboFix 07-11-19.3 - XP 2007-11-25 19:06:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.39 [GMT 1:00]
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\XP\Application Data\inst.exe
C:\Documents and Settings\XP\Favorites\Error Cleaner.url
C:\Documents and Settings\XP\Favorites\Privacy Protector.url
C:\Documents and Settings\XP\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\{3CB3C~1
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\unsvchosts.lzma

.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 10:17 348,160 --a------ C:\WINDOWS\gormet.dll
2007-11-25 10:17 319,488 --a------ C:\WINDOWS\werbetdqw.dll
2007-11-25 10:17 294,912 --a------ C:\WINDOWS\pmkret.dll
2007-11-25 10:17 192,512 --a------ C:\WINDOWS\hdtip.dll
2007-11-25 10:17 151,552 --a------ C:\WINDOWS\monhop.exe
2007-11-23 18:14 <DIR> d-------- C:\Program Files\Xilisoft
2007-11-23 18:00 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Apple Computer
2007-11-23 17:54 <DIR> d-------- C:\Program Files\QuickTime
2007-11-23 17:53 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-23 17:53 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-23 17:40 <DIR> d-------- C:\Program Files\Boilsoft MOV Converter
2007-11-23 17:36 <DIR> d-------- C:\Program Files\Boilsoft MP4 Converter
2007-11-23 15:21 81,920 --a------ C:\WINDOWS\nethop.exe
2007-11-23 15:16 <DIR> d-------- C:\Program Files\RichVideoCodec
2007-11-22 19:31 140 --a--c--- C:\Delapp.bat
2007-11-21 22:01 <DIR> d-------- C:\Program Files\eMule
2007-11-12 08:55 <DIR> d-------- C:\Program Files\Video Add-on
2007-11-10 18:48 <DIR> d-------- C:\Documents and Settings\XP\avidemux
2007-11-10 18:47 <DIR> d-------- C:\Program Files\Avidemux 2.4
2007-11-09 14:24 <DIR> d-------- C:\vcs5BGEffects
2007-11-09 14:22 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2007-11-09 09:43 <DIR> d-------- C:\Program Files\meta site vc
2007-11-06 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-11-06 16:24 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-11-06 16:22 <DIR> d-------- C:\Program Files\Macromedia
2007-11-04 21:28 <DIR> d-------- C:\Program Files\Flash Grabber
2007-11-03 08:41 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Publish Providers
2007-11-03 08:33 <DIR> d-------- C:\Program Files\Vstplugins
2007-11-03 08:32 <DIR> d-------- C:\Program Files\Sony
2007-11-03 08:30 <DIR> d-------- C:\Program Files\Sony Setup
2007-11-02 16:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-02 16:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Adobe Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 17:50 --------- d-----w C:\Documents and Settings\XP\Application Data\LimeWire
2007-11-24 13:15 47,360 ----a-w C:\Documents and Settings\XP\Application Data\pcouffin.sys
2007-11-24 13:15 --------- d-----w C:\Documents and Settings\XP\Application Data\Vso
2007-11-24 13:08 --------- d-----w C:\Program Files\Mv2Player
2007-11-24 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-24 08:20 --------- d-----w C:\Program Files\eGames
2007-11-24 08:20 --------- d-----w C:\Documents and Settings\XP\Application Data\Web Page Maker V2
2007-11-23 16:23 --------- d-----w C:\Documents and Settings\XP\Application Data\gtk-2.0
2007-11-21 21:07 --------- d-----w C:\Program Files\SH-spitfireRIP
2007-11-15 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 14:49 --------- d-----w C:\Program Files\Ace Ventura
2007-11-06 15:24 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-11-02 15:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-28 09:36 --------- d-----w C:\Program Files\Game_Maker7
2007-10-27 12:36 --------- d-----w C:\Program Files\Sega
2007-10-20 15:37 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-20 15:37 --------- d-----w C:\Program Files\Common Files\Real
2007-10-20 15:36 --------- d-----w C:\Program Files\Real
2007-10-20 12:35 --------- d-----w C:\Documents and Settings\XP\Application Data\GetRightToGo
2007-10-20 11:26 44,544 ------w C:\WINDOWS\AWuninstall.exe
2007-10-20 11:19 --------- d-----w C:\Program Files\Lokas
2007-10-20 08:51 --------- d-----w C:\Program Files\DivoCodec
2007-10-17 18:32 --------- d-----w C:\Program Files\VirtualDJ
2007-10-14 15:31 --------- d-----w C:\Program Files\MagicISO
2007-10-14 09:20 --------- d-----w C:\Program Files\BMW M3 Challenge
2007-10-09 13:31 --------- d-----w C:\Documents and Settings\XP\Application Data\Lost Marble
2007-10-08 15:12 --------- d-----w C:\Documents and Settings\XP\Application Data\AIMP
2007-10-05 17:55 --------- d-----w C:\Program Files\NCH Swift Sound
2007-10-05 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

-Air Stefan- · 25.11.2007. u 19:41

2007-10-03 16:03 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-03 15:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-03 14:47 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2007-09-30 18:42 --------- d-----w C:\Documents and Settings\XP\Application Data\vlc
2007-09-29 18:52 --------- d-----w C:\Program Files\Winamp
2007-09-28 15:18 --------- d-----w C:\Program Files\NCH Software
2007-09-27 12:25 --------- d-----w C:\Program Files\WoW-2.0.0-deDE-Installer
2005-10-27 23:30 41,238 ----a-w C:\Program Files\RegSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
2007-11-24 16:52 319488 --a------ C:\WINDOWS\werbetdqw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{85B2F289-7128-4C5A-A330-F9FC01432D3A}"= C:\WINDOWS\hdtip.dll [2007-11-24 16:52 192512]

[HKEY_CLASSES_ROOT\clsid\{85b2f289-7128-4c5a-a330-f9fc01432d3a}]
[HKEY_CLASSES_ROOT\hdtip.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}]
[HKEY_CLASSES_ROOT\hdtip.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-25 14:31]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-24 20:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 16:37]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2004-03-26 13:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"hffsrv"="c:\windows\hffext\hffsrv.exe" [2007-02-03 00:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gormet"= {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll [2007-11-24 16:52 348160]
"pmkret"= {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll [2007-11-24 16:52 294912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2007-08-01 09:58 4694016 --a------ C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-04-01 09:52 1368064 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"hffsrv"=c:\windows\hffext\hffsrv.exe

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R1 FDCENT;FDCENT;\??\C:\WINDOWS\system32\drivers\FDCENT.SYS
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys
R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S4 EvenSystems;EvenSystems;c:\Recycler\svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 16:53:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 19:10:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 19:11:24
.
--- E O F ---

dr_Bora · 25.11.2007. u 20:03

OK... Opet ćemo koristiti Avenger.
Postupak kao i gore, samo skripta priložena uz ovu poruku.

Kada bude gotovo, avenger log i HT log...

-Air Stefan- · 25.11.2007. u 20:30

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xfkkpnrq

*******************

Script file located at: \??\C:\WINDOWS\gvwbctpi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\gormet.dll deleted successfully.
File C:\WINDOWS\werbetdqw.dll deleted successfully.
File C:\WINDOWS\pmkret.dll deleted successfully.
File C:\WINDOWS\hdtip.dll deleted successfully.
File C:\WINDOWS\monhop.exe deleted successfully.
File C:\WINDOWS\nethop.exe deleted successfully.
Folder C:\Program Files\RichVideoCodec deleted successfully.
Folder C:\Program Files\Video Add-on deleted successfully.
Folder C:\Program Files\meta site vc deleted successfully.
Folder C:\Program Files\DivoCodec deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:29:49 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\hffext\hffsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: gormet - {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll (file missing)
O21 - SSODL: pmkret - {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

dr_Bora · 25.11.2007. u 20:48

Pokreni Ht, skeniraj i čekiraj sledeće linije:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll (file missing)
O21 - SSODL: gormet - {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll (file missing)
O21 - SSODL: pmkret - {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll (file missing)

Klikni Fix Checked.

Restartuj PC i postavi novi HT log.

-Air Stefan- · 26.11.2007. u 14:56

Logfile of HijackThis v1.99.1
Scan saved at 2:55:52 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\hffext\hffsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

dr_Bora · 26.11.2007. u 16:12

OK... Ovaj log je čist...

Sada bi sve trebalo biti u redu. Ponovi onaj postupak za resetovanje System Restore-a.

-Air Stefan- · 26.11.2007. u 18:15

Boro Hvala ti sto si mi pomogao da resim problem... :lol:

Vise mi se nista ne pojavljuje... hvala sosh jednom... Pozz...

Reklama ili stvarno virusi... Kao ovo zaustaviti?

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Prilozi

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Prilozi

Aktivan član

Aktivan član

Aktivan član

Aktivan član

Aktivan član