Reklama ili stvarno virusi... Kao ovo zaustaviti?
Prikazujem rezultate 1 do 19 od 19

Tema: Reklama ili stvarno virusi... Kao ovo zaustaviti?

  1. #1
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Od juce mi se u toku rada na racunaru javljaju poruke kao da mi je windows zarazen sa nekim opasnim virusom, i pita me da li zelim da ga izbrisem. ako pritisnem YES otvori mi stranicu u internet exploreru i nudi mi neko sranje od nekog anitivirusa ili sta vec:???
    Uradio sam skeniranje sa NOD32, Spybot Search And destroy, Ad-aware Se professional i oni nista ne otkriju...
    S toga sam zakljuchio da je to reklama(ispravite me ako gresim)...
    Ali ne mogu nikako da je blokiram, svaka 2 minuta mi se pojavljuje isto, i sto je najgore tako mi usporava, i blokira komp...
    Shta da radim:???
    PS: Evo tacno linka koji mi se otvara klikom na YEShttp://yourprivacyguard.com/privacy/...0b541f54580d07, a nije samo ovaj, jer se smjenjuju...
    Poslednji put ažurirao/la -Air Stefan- : 24.11.2007. u 19:53



  2. #2
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    http://forum.krstarica.com/showthread.php?t=167305

    Isprati drugi deo teme (ono o postavljanju HT loga ) pa ćemo rešiti.

    Inače, malware je u pitanju... Nije samo reklama.

  3. #3
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Logfile of HijackThis v1.99.1
    Scan saved at 8:31:16 PM, on 11/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\Recycler\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\hffext\hffsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program files\LimeWire\LimeWire.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: The jokwmp - {3E57AE0B-0AAB-4919-B74E-8C29579C6CA5} - C:\WINDOWS\jokwmp.dll (file missing)
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [toolooze] C:\DOCUME~1\XP\APPLIC~1\METASI~1\Curb that tick.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
    O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: rmvgor - {FDF95F53-8FC4-49A7-B504-4F8F80F455DF} - C:\WINDOWS\rmvgor.dll
    O21 - SSODL: sapnet - {BA4AB521-C47D-4733-9ED1-94EC96DBA8D8} - C:\WINDOWS\sapnet.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: EvenSystems - Unknown owner - c:\Recycler\svchost.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  4. #4
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Ovde svašta ima...


    Pokreni HT, skeniraj i čekiraj sledeće linije:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: The jokwmp - {3E57AE0B-0AAB-4919-B74E-8C29579C6CA5} - C:\WINDOWS\jokwmp.dll (file missing)
    O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
    O23 - Service: EvenSystems - Unknown owner - c:\Recycler\svchost.exe

    Klikni Fix Checked.

    ---------------------------------------------------------------------------------------------------------------------------------


    Preuzmi The Avenger.
    Preuzmi file skripta.txt koji je priložen uz poruku.
    • Raspakuj arhivu u neki folder
    • Dvoklikom pokreni avenger.exe
    • Klikni na taster OK u prozoru koji se otvori
    • Klikni na taster - pronađi file skripta.txt, obeleži ga i klikni na taster Open
    • Klikni na taster , a zatim klikni na taster Yes u sledeća dva prozora koji će se otvoriti
    • Kompjuter će se automatski restartovati
    • Kada proces bude gotov, logfile c:\avenger.txt će se otvoriti u Notepad-u
    • Iskopiraj sadržaj tog loga u temu na forumu



    Kada sve bude gotovo, postavi svež HT log i avenger-ov log.


    Btw, jel koristiš program Hide_Files_&_Folders?
    Priloženi fajlovi Priloženi fajlovi

  5. #5
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\btsotebs

    *******************

    Script file located at: \??\C:\mtotjnmt.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\popnetnmo.dll deleted successfully.


    File C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe not found!
    Deletion of file C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe failed!

    Could not process line:
    C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
    Status: 0xc0000034

    File c:\Recycler\svchost.exe deleted successfully.
    File C:\WINDOWS\rmvgor.dll deleted successfully.
    File C:\WINDOWS\sapnet.dll deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    ----------------------------------------------------------------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 9:23:29 PM, on 11/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\hffext\hffsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [toolooze] C:\DOCUME~1\XP\APPLIC~1\METASI~1\Curb that tick.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
    O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: rmvgor - {FDF95F53-8FC4-49A7-B504-4F8F80F455DF} - C:\WINDOWS\rmvgor.dll (file missing)
    O21 - SSODL: sapnet - {BA4AB521-C47D-4733-9ED1-94EC96DBA8D8} - C:\WINDOWS\sapnet.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------
    @BTW
    Trenutno ne koristim Hide_Files_&_Folders, ali kada mi je potrebno da...

  6. #6
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Boro hvala ti na pomoci, izgleda da mi se posle ovoga, sto si mi rekao vise ono ne pojavljuje... jel to sve ili ima josh neshto shto treba da uradim:???

  7. #7
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Ima još...

    Pokreni HT, skeniraj i čekiraj sledeće linije:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    O2 - BHO: MSVPS System - {05D77B1C-2E50-4C37-B094-3D5695D688F8} - C:\WINDOWS\popnetnmo.dll (file missing)
    O4 - HKLM\..\Run: [OpenGLv32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
    O4 - HKCU\..\Run: [toolooze] C:\DOCUME~1\XP\APPLIC~1\METASI~1\Curb that tick.exe
    O21 - SSODL: rmvgor - {FDF95F53-8FC4-49A7-B504-4F8F80F455DF} - C:\WINDOWS\rmvgor.dll (file missing)
    O21 - SSODL: sapnet - {BA4AB521-C47D-4733-9ED1-94EC96DBA8D8} - C:\WINDOWS\sapnet.dll (file missing)

    Klikni Fix Checked.

    ---------------------------------------------

    Obriši foldere:

    C:\Program Files\Best_Security_Tips\
    C:\avenger\

    --------------------------------------------

    Preuzmi Deljob.
    • Dvoklikom pokreni deljob.exe
    • Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
    • Iskopiraj sadržaj tog loga u temu na forumu

  8. #8
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    --------------------------------------------------------
    File(s) moved to C:\deljob

    A355A953918A20E3.job
    --------------------------------------------------------
    Files remaining after cleaning

    AppleSoftwareUpdate.job
    --------------------------------------------------------
    App data folders

    Volume in drive C has no label.
    Volume Serial Number is BCB3-CAB3

    Directory of C:\Documents and Settings\XP\Application Data

    11/23/2007 06:00 PM <DIR> .
    11/23/2007 06:00 PM <DIR> ..
    09/17/2007 04:31 PM <DIR> BITZIP~1 .BitZip
    06/28/2007 11:29 AM <DIR> ACDSYS~1 ACD Systems
    11/02/2007 04:15 PM <DIR> Adobe
    10/08/2007 04:12 PM <DIR> AIMP
    11/23/2007 06:00 PM <DIR> APPLEC~1 Apple Computer
    07/29/2007 08:04 AM <DIR> Aston
    08/28/2007 09:17 AM <DIR> ATI
    07/11/2007 06:41 PM <DIR> BITTOR~1 BitTorrent
    07/23/2007 07:12 AM <DIR> BSplayer
    07/22/2007 10:07 PM <DIR> BSPLAY~1 BSplayer Pro
    06/28/2007 12:42 PM <DIR> Corel
    07/01/2007 10:13 AM <DIR> CYBERL~1 CyberLink
    07/24/2007 01:56 PM <DIR> DivX
    07/01/2007 11:08 AM <DIR> dvdcss
    07/01/2007 02:29 PM <DIR> fltk.org
    10/20/2007 01:35 PM <DIR> GETRIG~1 GetRightToGo
    06/28/2007 11:37 AM <DIR> Google
    11/23/2007 05:23 PM <DIR> gtk-2.0
    08/20/2007 07:56 AM <DIR> Help
    06/28/2007 09:35 AM <DIR> IDENTI~1 Identities
    06/28/2007 11:30 AM <DIR> Lavasoft
    11/24/2007 06:50 PM <DIR> LimeWire
    10/09/2007 02:31 PM <DIR> LOSTMA~1 Lost Marble
    11/06/2007 04:27 PM <DIR> MACROM~1 Macromedia
    06/30/2007 03:11 PM <DIR> MEGAUP~1 MegauploadToolbar
    11/15/2007 04:11 PM <DIR> METASI~1 meta site vc
    11/18/2007 07:54 PM <DIR> MICROS~1 Microsoft
    06/28/2007 11:38 AM <DIR> Mozilla
    09/18/2007 03:58 PM <DIR> NCHSWI~1 NCH Swift Sound
    08/22/2007 11:00 AM <DIR> OXIN'S~1 Oxin's Style!
    11/03/2007 09:04 AM <DIR> PUBLIS~1 Publish Providers
    10/20/2007 04:41 PM <DIR> Real
    09/23/2007 02:11 PM <DIR> SEGA
    08/20/2007 05:22 PM <DIR> Sony
    07/23/2007 02:00 PM <DIR> STOIK
    07/03/2007 07:57 PM <DIR> Sun
    06/28/2007 11:38 AM <DIR> Talkback
    07/09/2007 02:13 PM <DIR> TUNEUP~1 TuneUp Software
    09/08/2007 09:32 PM <DIR> VCOM
    07/10/2007 12:27 PM <DIR> ViStart
    09/30/2007 07:42 PM <DIR> vlc
    11/24/2007 02:15 PM <DIR> Vso
    11/24/2007 09:20 AM <DIR> WEBPAG~1 Web Page Maker V2
    07/03/2007 08:20 PM <DIR> WinRAR
    0 File(s) 0 bytes
    46 Dir(s) 12,815,458,304 bytes free
    Volume in drive C has no label.
    Volume Serial Number is BCB3-CAB3

    Directory of C:\Documents and Settings\All Users\Application Data

    11/23/2007 05:57 PM <DIR> .
    11/23/2007 05:57 PM <DIR> ..
    06/28/2007 11:29 AM <DIR> ACDSYS~1 ACD Systems
    11/02/2007 04:05 PM <DIR> Adobe
    11/02/2007 04:06 PM <DIR> ADOBES~1 Adobe Systems
    11/23/2007 05:53 PM <DIR> APPLEC~1 Apple Computer
    09/08/2007 09:35 PM <DIR> BVRPSO~1 BVRP Software
    06/28/2007 11:49 AM <DIR> CYBERL~1 CyberLink
    11/15/2007 04:41 PM <DIR> JUMPPO~1 Jump Poll Poke Mp3
    10/07/2007 05:34 PM <DIR> MACROM~1 Macromedia
    11/06/2007 04:27 PM <DIR> MACROV~1 Macrovision
    08/23/2007 09:51 AM <DIR> MICROS~1 Microsoft
    07/09/2007 05:18 PM <DIR> MSSCAN~1 MSScanAppDataDir
    10/05/2007 06:49 PM <DIR> NCHSWI~1 NCH Swift Sound
    08/03/2007 02:11 PM <DIR> NFSUND~1 NFS Underground
    06/28/2007 12:58 PM <DIR> Raxco
    11/15/2007 05:05 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
    08/29/2007 08:16 PM <DIR> Trymedia
    07/09/2007 02:12 PM <DIR> TUNEUP~1 TuneUp Software
    11/16/2007 03:55 PM <DIR> YOYOGA~1 YoYoGames
    0 File(s) 0 bytes
    20 Dir(s) 12,815,478,784 bytes free
    --------------------------------------------------------

  9. #9
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Potrebno je aktivirati prikaz skrivenih file-ova/foldera:
    U Windows Explorer-u, Tools meni: Folder options: na View tabu:
    -obeleži Show hidden files and folders
    -dečekiraj Hide protected operating system files (Recommended)

    ----------------------------------------------------------------------------------------------------------------------------------

    Pronađi i obriši sledeće foldere:

    C:\Documents and Settings\XP\Application Data\meta site vc\
    C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\

    Obriši i folder: C:\deljob
    ----------------------------------------------------------------------------------------------------------------------------------

    Potrebno je resetovati System Restore:
    Control Panel - System: System Restore tab: čekiraj Turn off System Restore on all drives.
    Restartuj kompjuter, a zatim dečekiraj gornju opciju (tj. uključi SR).


    Nakon svega, postavi svež HT log da proverim da li je sve u redu.

  10. #10
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Evo uradio sam sve kako si napisao, ali opet je pocelo da se pojavljuje:???
    Evo najnovijeg HT loga:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:19:50 PM, on 11/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\hffext\hffsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
    O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: gormet - {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll
    O21 - SSODL: pmkret - {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  11. #11
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Sad si drugog skupio...

    Preuzmi ComboFix sa jednog od sledećih linkova i sačuvaj ga na Desktop-u:
    download link 1, download link 2
    • Privremeno isključi AV program kako ne bi ometao proces čišćenja
    • Dvoklikom pokreni ComboFix.exe i isprati uputstva
    • Nemoj klikati mišem u prozoru ComboFix-a dok radi!
    • Kada proces bude završen, logfile C:\ComboFix.txt će se otvoriti u Notepad-u
    • Iskopiraj sadržaj tog logfile-a u temu na forumu

  12. #12
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    ComboFix 07-11-19.3 - XP 2007-11-25 19:06:34.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.39 [GMT 1:00]
    Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\XP\Application Data\inst.exe
    C:\Documents and Settings\XP\Favorites\Error Cleaner.url
    C:\Documents and Settings\XP\Favorites\Privacy Protector.url
    C:\Documents and Settings\XP\Favorites\Spyware&Malware Protection.url
    C:\Program Files\Common Files\{3CB3C~1
    C:\Program Files\VideoAccessCodec
    C:\Program Files\VideoAccessCodec\install.ico
    C:\Program Files\VideoAccessCodec\Uninstall.exe
    C:\WINDOWS\dat.txt
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\rs.txt
    C:\WINDOWS\search_res.txt
    C:\WINDOWS\system32\unsvchosts.lzma

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
    .

    2007-11-25 10:17 348,160 --a------ C:\WINDOWS\gormet.dll
    2007-11-25 10:17 319,488 --a------ C:\WINDOWS\werbetdqw.dll
    2007-11-25 10:17 294,912 --a------ C:\WINDOWS\pmkret.dll
    2007-11-25 10:17 192,512 --a------ C:\WINDOWS\hdtip.dll
    2007-11-25 10:17 151,552 --a------ C:\WINDOWS\monhop.exe
    2007-11-23 18:14 <DIR> d-------- C:\Program Files\Xilisoft
    2007-11-23 18:00 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Apple Computer
    2007-11-23 17:54 <DIR> d-------- C:\Program Files\QuickTime
    2007-11-23 17:53 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-11-23 17:53 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-23 17:40 <DIR> d-------- C:\Program Files\Boilsoft MOV Converter
    2007-11-23 17:36 <DIR> d-------- C:\Program Files\Boilsoft MP4 Converter
    2007-11-23 15:21 81,920 --a------ C:\WINDOWS\nethop.exe
    2007-11-23 15:16 <DIR> d-------- C:\Program Files\RichVideoCodec
    2007-11-22 19:31 140 --a--c--- C:\Delapp.bat
    2007-11-21 22:01 <DIR> d-------- C:\Program Files\eMule
    2007-11-12 08:55 <DIR> d-------- C:\Program Files\Video Add-on
    2007-11-10 18:48 <DIR> d-------- C:\Documents and Settings\XP\avidemux
    2007-11-10 18:47 <DIR> d-------- C:\Program Files\Avidemux 2.4
    2007-11-09 14:24 <DIR> d-------- C:\vcs5BGEffects
    2007-11-09 14:22 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
    2007-11-09 09:43 <DIR> d-------- C:\Program Files\meta site vc
    2007-11-06 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2007-11-06 16:24 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
    2007-11-06 16:22 <DIR> d-------- C:\Program Files\Macromedia
    2007-11-04 21:28 <DIR> d-------- C:\Program Files\Flash Grabber
    2007-11-03 08:41 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Publish Providers
    2007-11-03 08:33 <DIR> d-------- C:\Program Files\Vstplugins
    2007-11-03 08:32 <DIR> d-------- C:\Program Files\Sony
    2007-11-03 08:30 <DIR> d-------- C:\Program Files\Sony Setup
    2007-11-02 16:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2007-11-02 16:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Adobe Systems

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-11-24 17:50 --------- d-----w C:\Documents and Settings\XP\Application Data\LimeWire
    2007-11-24 13:15 47,360 ----a-w C:\Documents and Settings\XP\Application Data\pcouffin.sys
    2007-11-24 13:15 --------- d-----w C:\Documents and Settings\XP\Application Data\Vso
    2007-11-24 13:08 --------- d-----w C:\Program Files\Mv2Player
    2007-11-24 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-24 08:20 --------- d-----w C:\Program Files\eGames
    2007-11-24 08:20 --------- d-----w C:\Documents and Settings\XP\Application Data\Web Page Maker V2
    2007-11-23 16:23 --------- d-----w C:\Documents and Settings\XP\Application Data\gtk-2.0
    2007-11-21 21:07 --------- d-----w C:\Program Files\SH-spitfireRIP
    2007-11-15 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-14 14:49 --------- d-----w C:\Program Files\Ace Ventura
    2007-11-06 15:24 --------- d-----w C:\Program Files\Common Files\Macromedia
    2007-11-02 15:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-10-28 09:36 --------- d-----w C:\Program Files\Game_Maker7
    2007-10-27 12:36 --------- d-----w C:\Program Files\Sega
    2007-10-20 15:37 --------- d-----w C:\Program Files\Common Files\xing shared
    2007-10-20 15:37 --------- d-----w C:\Program Files\Common Files\Real
    2007-10-20 15:36 --------- d-----w C:\Program Files\Real
    2007-10-20 12:35 --------- d-----w C:\Documents and Settings\XP\Application Data\GetRightToGo
    2007-10-20 11:26 44,544 ------w C:\WINDOWS\AWuninstall.exe
    2007-10-20 11:19 --------- d-----w C:\Program Files\Lokas
    2007-10-20 08:51 --------- d-----w C:\Program Files\DivoCodec
    2007-10-17 18:32 --------- d-----w C:\Program Files\VirtualDJ
    2007-10-14 15:31 --------- d-----w C:\Program Files\MagicISO
    2007-10-14 09:20 --------- d-----w C:\Program Files\BMW M3 Challenge
    2007-10-09 13:31 --------- d-----w C:\Documents and Settings\XP\Application Data\Lost Marble
    2007-10-08 15:12 --------- d-----w C:\Documents and Settings\XP\Application Data\AIMP
    2007-10-05 17:55 --------- d-----w C:\Program Files\NCH Swift Sound
    2007-10-05 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

  13. #13
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    2007-10-03 16:03 --------- d-----w C:\Program Files\DAEMON Tools
    2007-10-03 15:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-03 14:47 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
    2007-09-30 18:42 --------- d-----w C:\Documents and Settings\XP\Application Data\vlc
    2007-09-29 18:52 --------- d-----w C:\Program Files\Winamp
    2007-09-28 15:18 --------- d-----w C:\Program Files\NCH Software
    2007-09-27 12:25 --------- d-----w C:\Program Files\WoW-2.0.0-deDE-Installer
    2005-10-27 23:30 41,238 ----a-w C:\Program Files\RegSetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
    2007-11-24 16:52 319488 --a------ C:\WINDOWS\werbetdqw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{85B2F289-7128-4C5A-A330-F9FC01432D3A}"= C:\WINDOWS\hdtip.dll [2007-11-24 16:52 192512]

    [HKEY_CLASSES_ROOT\clsid\{85b2f289-7128-4c5a-a330-f9fc01432d3a}]
    [HKEY_CLASSES_ROOT\hdtip.ToolBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}]
    [HKEY_CLASSES_ROOT\hdtip.ToolBar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-25 14:31]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-24 20:10]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 16:37]
    "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2004-03-26 13:40]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "hffsrv"="c:\windows\hffext\hffsrv.exe" [2007-02-03 00:17]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    "gormet"= {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll [2007-11-24 16:52 348160]
    "pmkret"= {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll [2007-11-24 16:52 294912]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FDCENT.SYS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HideFilesAndFolders_S]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
    2007-08-01 09:58 4694016 --a------ C:\Program Files\VIA\RAID\raid_tool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-04-01 09:52 1368064 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    "hffsrv"=c:\windows\hffext\hffsrv.exe

    R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers \Defrag32b.sys
    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam raid.sys
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys
    R1 FDCENT;FDCENT;\??\C:\WINDOWS\system32\drivers\FDCE NT.SYS
    R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defr ag32.sys
    R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimir r.sys
    S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\noca shio.sys
    S4 EvenSystems;EvenSystems;c:\Recycler\svchost.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-23 16:53:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    ************************************************** ************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-25 19:10:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2007-11-25 19:11:24
    .
    --- E O F ---

  14. #14
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    OK... Opet ćemo koristiti Avenger.
    Postupak kao i gore, samo skripta priložena uz ovu poruku.

    Kada bude gotovo, avenger log i HT log...
    Priloženi fajlovi Priloženi fajlovi

  15. #15
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\xfkkpnrq

    *******************

    Script file located at: \??\C:\WINDOWS\gvwbctpi.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\gormet.dll deleted successfully.
    File C:\WINDOWS\werbetdqw.dll deleted successfully.
    File C:\WINDOWS\pmkret.dll deleted successfully.
    File C:\WINDOWS\hdtip.dll deleted successfully.
    File C:\WINDOWS\monhop.exe deleted successfully.
    File C:\WINDOWS\nethop.exe deleted successfully.
    Folder C:\Program Files\RichVideoCodec deleted successfully.
    Folder C:\Program Files\Video Add-on deleted successfully.
    Folder C:\Program Files\meta site vc deleted successfully.
    Folder C:\Program Files\DivoCodec deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.


    ------------------------------------------------------------------------------


    Logfile of HijackThis v1.99.1
    Scan saved at 8:29:49 PM, on 11/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\hffext\hffsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll (file missing)
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
    O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: gormet - {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll (file missing)
    O21 - SSODL: pmkret - {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  16. #16
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Pokreni Ht, skeniraj i čekiraj sledeće linije:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll (file missing)
    O21 - SSODL: gormet - {061DDA3F-2C15-45A9-A526-3FAF5F6702B8} - C:\WINDOWS\gormet.dll (file missing)
    O21 - SSODL: pmkret - {96058703-D1B6-44BC-9166-BA428EE7D753} - C:\WINDOWS\pmkret.dll (file missing)

    Klikni Fix Checked.

    Restartuj PC i postavi novi HT log.

  17. #17
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Logfile of HijackThis v1.99.1
    Scan saved at 2:55:52 PM, on 11/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\hffext\hffsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\XP\Desktop\Raznesi Ovo.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\amv conventer\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - D:\amv conventer\MediaManager\grab.html
    O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3402451ee1ffd0ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC8E9C2-9384-4280-80DD-D04CDB6F4FCB}: NameServer = 195.66.160.1 195.66.160.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2250B6BE-2E07-4B6A-AE98-A56DAA69D2E0}: NameServer = 195.66.160.1,195.66.160.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  18. #18
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    OK... Ovaj log je čist...

    Sada bi sve trebalo biti u redu. Ponovi onaj postupak za resetovanje System Restore-a.

  19. #19
    Aktivan član -Air Stefan- (avatar)
    Učlanjen
    04.01.2007.
    Pol
    muški
    Lokacija
    -Above The Rim-
    Poruke
    1.848
    Reputaciona moć
    59

    Podrazumevano Re: Reklama ili stvarno virusi... Kao ovo zaustaviti?

    Boro Hvala ti sto si mi pomogao da resim problem... Vise mi se nista ne pojavljuje... hvala sosh jednom... Pozz...

Slične teme

  1. da li je bolje stvarno voleti ili stvarno biti voljen?
    Autor khm,veronika u forumu Tinejdžeri
    Odgovora: 138
    Poslednja poruka: 05.11.2010., 01:55
  2. Zaustaviti brojač kilometara?
    Autor ArnoldLayne u forumu Automobilizam
    Odgovora: 15
    Poslednja poruka: 21.04.2009., 17:35
  3. Kako zaustaviti starenje?
    Autor miodragm2 u forumu Arhiva
    Odgovora: 27
    Poslednja poruka: 18.12.2008., 13:28
  4. Odgovora: 39
    Poslednja poruka: 30.06.2005., 16:55

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •