trojan.zlob-x.a problem sa ovim..
Prikazujem rezultate 1 do 10 od 10

Tema: trojan.zlob-x.a problem sa ovim..

  1. #1
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano trojan.zlob-x.a problem sa ovim..

    ne znam kako sam zakacio ovo, al jbg, nisam bio tu, i mladji brat kao po "preporuci" google pretrazivaca rjesi da skine neki IE defender. E kako se situacija nije poboljsala, odlucio sam da vidim sta je..ispada da je ovo sve neki malware, ili trojanac, taj IE defender je neki virus, www.iedefender.com, predstavlja se kao program, al na netu nema nidje vise da se skine,e problem je sto se (kada se se surfujem netom) otvara kao upozerenje, da je nadjen taj trojan.zlob-x.a i da se preporucuje da se skine IE defender (sve u warning prozoru) i taj se prozor otvara kada je na yahoo,google,krstarica sajtu... e sada, kaspersky ga nije nasao, isao sam na full scan.
    a evo koje sam sledece programe probao, to da uklonim:
    spybots,search and destroy
    ad-aware 2007
    XoftSpySE (koji se kao "preporucuje" da se skine ovaj djavo)
    windows defender

    e nista nije pomoglo! opet isti problem, naravno da sam prvo sve ove programe updejtovao, da se definicje obnove, al nista, opet sve isto

    pomagajte ljudi!!



  2. #2
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    http://forum.krstarica.com/showthread.php?t=167305

    Kako za sve tako vazi i za tebe, procitaj ovu temu i postavi Hijak This log, pa ce najprije Dr.Bora, ako bude imao vremena da pomogne u rjesavanju problema..

  3. #3
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    Logfile of HijackThis v1.99.1
    Scan saved at 18:38:20, on 30.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HDD Thermometer\HDD Thermometer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Programi\utorrent.exe
    C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Milan\Мои документы\popravka\program.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*

  4. #4
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

  5. #5
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    evo
    mislio sam da ne treba ovaj log za rjesavanje problema, hvala puno!

  6. #6
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    Za početak, isključi TeaTimer ( a možeš i AV).

    Skini http://downloads.malwareteks.com/FixIEDef.zip i raspakuj arhivu.

    Otvori folder koji je raspakovan i pokreni FixIEDef.bat - isprati postupak do kraja...

    Nakon toga postavi novi HT log...

  7. #7
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    uradio kako si i rekao, onda restartovao, i evo log fajla (za sada se ne pojavljuje onaj djavo ):

    Logfile of HijackThis v1.99.1
    Scan saved at 22:39:18, on 30.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3

    SSRP\E_S40RP7.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache

    Group\Apache2\bin\apache.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache

    Group\Apache2\bin\apache.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HDD Thermometer\HDD Thermometer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Milan\Мои документы\popravka\program.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://google.icq.com/search/search_frame.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

    = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet

    Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

    = Ссылки
    R3 - URLSearchHook: ICQ Toolbar -

    {855F3B16-6D32-4fe6-8A56-BBB695989046} -

    C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} -

    C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} -

    (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

    C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

    Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog

    Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

    Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility

    Manager\G-VGA.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky

    Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

    Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program

    Files\ASUS\AASP\1.00.15\AsRunHelp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

    Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD

    Thermometer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office10\OSA.EXE
    O4 - Global Startup: TV Remote Control.lnk = C:\Program

    Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program

    Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics -

    {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky

    Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -

    C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 -

    {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner -

    C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner -

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

    -r (file missing)

  8. #8
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #

    (Bonjour Service) - Apple Computer, Inc. - C:\Program

    Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON

    CORPORATION - C:\Documents and Settings\All Users\Application

    Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт -

    C:\WINDOWS\system32\services.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

    C:\Program Files\Common Files\Macrovision Shared\FLEXnet

    Publisher\FNPLicensingService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) -

    Unknown owner - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) -

    Unknown owner - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe"

    -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) -

    Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация

    Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

    BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

    Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation -

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA

    Corporation - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH -

    C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт -

    C:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner -

    C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола

    (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown

    owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт -

    C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Журналы и оповещения производительности (SysmonLog) -

    Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт -

    C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация

    Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

  9. #9
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    Ala mi prija taj tvoj word wrap...

    Fix-ni sledeće u HT-u:

    O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - (no file)

    To je to... Poz...

  10. #10
    Zainteresovan član
    Učlanjen
    21.10.2006.
    Poruke
    296
    Reputaciona moć
    0

    Podrazumevano Re: trojan.zlob-x.a problem sa ovim..

    e hvala ti puno!!!

Slične teme

  1. Za Dr.Boru & Zlob Trojan 32
    Autor toci u forumu Sigurnost i zaštita
    Odgovora: 13
    Poslednja poruka: 06.03.2009., 18:39
  2. Trojan problem bez resenja...
    Autor d&d u forumu Sigurnost i zaštita
    Odgovora: 7
    Poslednja poruka: 09.04.2008., 10:50
  3. Kako izbrisati ZLOB trojanca ?
    Autor Zakon u forumu Sigurnost i zaštita
    Odgovora: 10
    Poslednja poruka: 16.11.2007., 17:19
  4. HELP !!! Trojan.spy
    Autor frutella u forumu Zanimljivi sajtovi
    Odgovora: 1
    Poslednja poruka: 03.10.2004., 17:08
  5. Trojan horse
    Autor kaktus u forumu Sigurnost i zaštita
    Odgovora: 11
    Poslednja poruka: 07.03.2004., 03:14

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •