SmitFraud - Fix
Prikazujem rezultate 1 do 15 od 15

Tema: SmitFraud - Fix

  1. #1
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano SmitFraud - Fix

    Kada otvorim IE uvek mi je pocetna strana safetyonlinepage.com(pokusao sam da vratim na Use Balnk,ali uvek isto),na toj strani pise kao da mi je komp. zarazen i da treba da se skenira.Kada nisam na liniji i udjem u IE on pokusava da otvori tu stranu tako da mi IE zablokira.Konekcija mi je Dial-Up(Neobee).

    Logfile of HijackThis v1.99.1
    Scan saved at 14:41:26, on 1.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Video Add-on\isfmntr.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\G-VGA.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Documents and Settings\BRANKOV company\Desktop\-VAZNO-\123.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2362982A-85FA-45F1-9594-574AACC18F4C} - C:\WINDOWS\system32\jkhff.dll (file missing)
    O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
    O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Neobee Speeedy Internet Accelerator\PBHelper.dll
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dfomtryn.dll (file missing)
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\opnnnnl.dll (file missing)
    O3 - Toolbar: Neobee Speeedy Internet Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Neobee Speeedy Internet Accelerator\Toolband.dll
    O3 - Toolbar: TurboUpload Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
    O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [L07AXLRD_2162890] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
    O4 - Global Startup: Neobee Speeedy Internet Accelerator.lnk = C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O20 - Winlogon Notify: opnnnnl - opnnnnl.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”



  2. #2
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: SmitFraud - Fix

    Pokreni HT, skeniraj i čekiraj sledeće linije:

    O2 - BHO: (no name) - {2362982A-85FA-45F1-9594-574AACC18F4C} - C:\WINDOWS\system32\jkhff.dll (file missing)
    O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dfomtryn.dll (file missing)
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\opnnnnl.dll (file missing)
    O3 - Toolbar: TurboUpload Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O20 - Winlogon Notify: opnnnnl - opnnnnl.dll (file missing)

    Klikni Fix Checked.


    ---------------------------------------------------------------------------------------------------------------------------------


    Privremeno isključi antivirus a zatim...
    (Ukoliko već imaš smitfraudfix, obriši ga i skini najnoviju verziju sa donjeg linka)


    Preuzmi SmitfraudFix.

    • Restartuj kompjuter u Safe Mode (pritiskuj F8 pri paljenju kompjutera i izaberi Safe Mode iz menija)
    • Dvoklikom pokreni SmitfraudFix.exe
    • Izaberi opciju #2 - Clean kucajući 2 i Enter
    • Sačekaj da se čišćenje i Disk Cleanup završe
    • Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y i Enter
    • Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y i Enter


    Možda će biti potreban restart da bi se završio proces čišćenja; ukoliko se kompjuter automatski ne restartuje, ti to učini.
    Ovaj program će napraviti logfile C:\rapport.txt koji je potrebno iskopirati u temu na forumu.


    Uz C:\rapport.txt postavi i novi HijackThis log...

  3. #3
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    Uspeo sam,hvala,super si objasnio.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:42:58, on 2.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\G-VGA.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\BRANKOV company\Desktop\-VAZNO-\123.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Neobee Speeedy Internet Accelerator\PBHelper.dll
    O3 - Toolbar: Neobee Speeedy Internet Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Neobee Speeedy Internet Accelerator\Toolband.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [L07AXLRD_2162890] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
    O4 - Global Startup: Neobee Speeedy Internet Accelerator.lnk = C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    -----------------------------------------------------------------------------------------------------------------------------------------------------------


    SmitFraudFix v2.256

    Scan done at 14:36:09,37, ned 02.12.2007
    Run from C:\Documents and Settings\BRANKOV company\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{b0883848-1466-4470-a418-3fe7d36694b9}"="bemocked"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\rldyt.dll Deleted
    C:\Program Files\Video Add-on\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  4. #4
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: SmitFraud - Fix

    Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

    Klikni Fix Checked.


    Potrebno je resetovati System Restore:
    Control Panel - System: System Restore tab: čekiraj Turn off System Restore on all drives.
    Restartuj kompjuter, a zatim dečekiraj gornju opciju (tj. uključi SR).


    To bi bilo sve...

  5. #5
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    Ponovo slican problem,samo mi je sada pocetna strana www.serial99.com,opcija Use Blank je van mogucnosti za koriscenje.
    P.S. Koji program mi je najbolji da se zastitim od ovoga,a da bude kompatibilan sa Avast-om.Probao sam da problem resim sa SpyBot-om,ali nisam uspeo.

    Logfile of HijackThis v1.99.1
    Scan saved at 22:52:16, on 8.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\G-VGA.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
    C:\Program Files\WinFast\WFDTV\WFWIZ.exe
    C:\WINDOWS\system32\svehost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\BRANKOV company\Desktop\HT - SmitfraudFix\HT\123.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Neobee Speeedy Internet Accelerator\PBHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Neobee Speeedy Internet Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Neobee Speeedy Internet Accelerator\Toolband.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
    O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [L07AXLRD_2162890] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Neobee Speeedy Internet Accelerator.lnk = C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  6. #6
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: SmitFraud - Fix

    Pa i nije baš sličan problem. Uz to što ti je promenjena početna strana u IE-u, imaš i (bar) jednog crva koga si najverovatnije pokupio skidajući cr*ck-ove sa neke P2P mreže.
    Time ti je i jasno kako da se zaštitiš ubuduće...

    Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Klikni Fix Checked.

    ---------------------------------------------------------------------------------------------------------------------------------

    Restartuj kompjuter...


    Preuzmi ComboFix sa jednog od sledećih linkova i sačuvaj ga na Desktop-u:
    download link 1, download link 2
    • Privremeno isključi AV program kako ne bi ometao proces čišćenja
    • Dvoklikom pokreni ComboFix.exe i isprati uputstva
    • Nemoj klikati mišem u prozoru ComboFix-a dok radi!
    • Kada proces bude završen, logfile C:\ComboFix.txt će se otvoriti u Notepad-u
    • Iskopiraj sadržaj tog logfile-a u temu na forumu

  7. #7
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    Mora iz dva dela...

    ComboFix 07-12-09.1 - GAX company 2007-12-08 23:46:35.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT 1:00]
    Running from: C:\Documents and Settings\GAX company\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\drivers\sfsync02.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\svehost.exe
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\xpdx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NEW_DRV
    -------\LEGACY_SFSYNC02
    -------\NPF
    -------\sfsync02
    -------\xpdx


    ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
    .

    2007-12-08 16:23 . 2007-12-08 16:23 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
    2007-12-08 16:20 . 2007-12-08 16:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-08 16:19 . 2007-12-08 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2007-12-08 15:36 . 2007-12-08 16:06 <DIR> d-------- C:\Program Files\Electronic Arts
    2007-12-08 14:41 . 2006-05-31 08:22 62,232 -r------- C:\WINDOWS\system32\GameuxInstallHelper.dll
    2007-12-08 12:34 . 2007-12-08 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Share-to-Web Upload Folder
    2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
    2007-12-07 23:49 . 2007-12-07 23:50 <DIR> d-------- C:\Program Files\Womble MPEG Editor
    2007-12-06 20:31 . 2007-12-06 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cyberlink
    2007-12-06 15:42 . 2004-07-07 02:33 292,896 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
    2007-12-06 15:42 . 2004-12-23 17:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
    2007-12-06 15:41 . 2002-08-29 18:41 401,462 --a------ C:\WINDOWS\msvcp60.dll
    2007-12-06 15:41 . 2000-04-07 11:10 278,581 --a------ C:\WINDOWS\msvcrt.dll
    2007-12-06 15:10 . 2007-12-08 22:42 2,712 --a------ C:\WINDOWS\u3dedit3.INI
    2007-12-06 15:10 . 2007-12-08 22:42 549 --a------ C:\WINDOWS\ULead32.ini
    2007-12-06 15:10 . 2007-12-06 15:10 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
    2007-12-06 15:09 . 2007-12-06 15:10 <DIR> d-------- C:\WINDOWS\Ulead.dat
    2007-12-06 15:04 . 2004-05-04 11:53 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll
    2007-12-06 15:03 . 2007-12-06 15:06 <DIR> d-------- C:\Program Files\QuickTime
    2007-12-05 15:36 . 2007-12-07 13:47 1,244,962 --a------ C:\fth.bin
    2007-12-05 12:28 . 2007-12-05 17:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-12-04 19:12 . 2007-12-08 14:15 5,700 --a------ C:\Documents and Settings\BRANKOV company\FMCodec.dat
    2007-12-04 19:12 . 2007-12-08 14:15 4 --a------ C:\Documents and Settings\BRANKOV company\WFSCHDL.dat
    2007-12-04 18:39 . 2007-12-08 20:48 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
    2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\WFDB
    2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\Program Files\WinFast
    2007-12-04 18:32 . 2006-10-18 11:37 162,944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys
    2007-12-04 18:32 . 2006-10-18 11:37 50,816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys
    2007-12-04 18:32 . 2006-10-18 11:38 9,728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys
    2007-12-04 18:28 . 2007-12-04 18:28 <DIR> d-------- C:\WINDOWS\system32\WinFox
    2007-12-04 18:28 . 2007-12-04 18:32 <DIR> d-------- C:\WINDOWS\system32\WinFast
    2007-12-04 18:28 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
    2007-12-02 14:36 . 2007-12-02 14:36 3,226 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-29 12:15 . 2007-12-08 14:41 <DIR> d-------- C:\Program Files\Sega
    2007-11-28 18:55 . 2007-11-28 18:55 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2007-11-28 12:21 . 2007-12-04 21:56 <DIR> d-------- C:\Program Files\RACE 07 Offline
    2007-11-28 09:43 . 2007-11-28 09:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-11-28 09:43 . 2007-11-28 09:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-27 22:44 . 2007-11-27 22:44 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-11-27 22:34 . 2007-11-27 22:34 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-11-27 21:50 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-27 21:50 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-27 21:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-27 21:50 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-27 21:50 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-27 19:05 . 2007-11-27 19:05 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\InstallShield
    2007-11-27 15:46 . 2007-11-27 15:46 <DIR> d-------- C:\Program Files\KONAMI
    2007-11-27 13:22 . 2007-11-28 10:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-27 13:06 . 2007-11-27 13:06 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
    2007-11-27 12:40 . 2007-11-27 13:10 1,008 --a------ C:\WINDOWS\ATICIM.INI
    2007-11-26 13:29 . 2007-11-28 10:06 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-25 21:37 . 2007-11-25 22:01 <DIR> d-------- C:\Program Files\DAP
    2007-11-24 16:54 . 2007-11-24 16:54 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Gearbox Software
    2007-11-24 15:06 . 2007-11-24 15:06 <DIR> d-------- C:\Program Files\OpenAL
    2007-11-24 15:06 . 2007-11-24 15:06 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2007-11-24 15:06 . 2007-11-24 15:06 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2007-11-24 15:03 . 2007-11-24 15:03 <DIR> d-------- C:\WINDOWS\system32\xlive
    2007-11-24 14:46 . 2007-11-24 14:46 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Eidos
    2007-11-24 14:38 . 2007-12-06 15:56 <DIR> d-------- C:\Program Files\Eidos
    2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\XviD
    2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\DivX_311alpha
    2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\AC3Filter
    2007-11-23 17:13 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-23 17:13 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2007-11-23 17:13 . 2001-12-28 01:22 315,392 -ra------ C:\WINDOWS\system32\iviaudio.ax
    2007-11-23 17:13 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-11-23 17:13 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
    2007-11-23 17:13 . 2001-04-05 06:57 56,832 -ra------ C:\WINDOWS\system32\mmswitch.ax
    2007-11-23 17:13 . 2001-12-28 01:22 34,816 -ra------ C:\WINDOWS\system32\mpgaudio.ax
    2007-11-22 18:17 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Common Files\Xing Shared
    2007-11-22 18:17 . 1998-12-16 12:08 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
    2007-11-22 18:12 . 2007-11-23 15:51 <DIR> d-------- C:\Program Files\Total Video Converter
    2007-11-22 18:11 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Xing
    2007-11-17 10:49 . 2004-03-10 16:36 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2007-11-17 10:49 . 2004-03-10 16:36 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
    2007-11-17 10:49 . 2004-03-10 16:36 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
    2007-11-17 10:49 . 2004-03-10 16:36 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
    2007-11-17 10:49 . 2004-03-10 16:36 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
    2007-11-17 10:49 . 2004-03-10 16:36 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
    2007-11-17 10:49 . 2004-03-10 16:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-16 14:12 . 2007-11-24 17:57 <DIR> d-------- C:\Program Files\Ubisoft
    2007-11-15 20:45 . 2007-12-08 09:39 <DIR> d-------- C:\Program Files\DAEMON Tools
    2007-11-13 21:53 . 2007-11-13 21:53 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-11-09 19:57 . 2007-12-08 22:30 <DIR> d-------- C:\Temp
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  8. #8
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-12-08 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 14:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-06 15:07 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-12-06 14:57 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\Ulead Systems
    2007-12-06 14:52 --------- d-----w C:\Program Files\Ulead Systems
    2007-12-06 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-12-06 14:51 --------- d-----w C:\Program Files\Common Files\Ulead Systems
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-27 15:58 --------- d-----w C:\Program Files\ATI Technologies
    2007-11-26 12:13 --------- d-----w C:\Program Files\Winamp
    2007-11-24 14:01 --------- d-----w C:\Program Files\EA SPORTS
    2007-11-18 15:14 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\temp
    2007-11-06 10:30 --------- d-----w C:\Program Files\GigaByte
    2007-11-05 15:34 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\ATI
    2007-11-02 14:16 --------- d--h--r C:\Documents and Settings\BRANKOV company\Application Data\SecuROM
    2007-10-21 16:34 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-10-21 16:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
    "ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" []
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
    "L07AXLRD_2162890"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-07-28 14:43]
    "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15]
    "VGAUtil"="C:\WINDOWS\system32\G-VGA.exe" [2003-10-08 15:07]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 14:00]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 C:\WINDOWS\system32\bthprops.cpl]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 C:\WINDOWS\SOUNDMAN.EXE]
    "SlipStream"="C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe" [2005-12-15 10:10]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
    "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
    "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]
    "Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Neobee Speeedy Internet Accelerator.lnk - C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe [2007-07-05 22:58:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoRecentDocsMenu"= 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BRANKOV company^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\BRANKOV company\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    C:\Program Files\D-Tools\daemon.exe -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /dropdisc

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2003-11-10 15:06 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
    C:\Program Files\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe -CheckReg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlz]
    C:\WINDOWS\47681728.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
    C:\WINDOWS\9129837.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebInstall2]
    C:\DOCUME~1\BRANKO~1\LOCALS~1\Temp\WebInstall.exe /R

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "Nla"=3 (0x3)
    "RasAuto"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WebClient"=2 (0x2)
    "hpdj"=2 (0x2)

    R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
    R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
    R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
    R2 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCp lDrv.sys
    R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
    S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actv comm.sys
    S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\sius bmod.sys

    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
    -> C:\DOCUME~1\BRANKO~1\LOCALS~1\Temp\qpspveek.dll
    .
    ************************************************** ************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-09 23:51:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2007-12-09 23:52:47 - machine was rebooted
    .
    --- E O F ---
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  9. #9
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: SmitFraud - Fix

    Potraži i ako postoje, obriši sledeće:

    C:\WINDOWS\47681728.exe
    C:\WINDOWS\9129837.exe
    --------------------------------------------------------

    Proveri da li postoji file:
    C:\Documents and settings\BRANKOV company\Local Settings\Temp\qpspveek.dll

    Ako postoji, zipuj ga i priloži uz poruku.

    Kada odradiš sve ovo, restartuj PC a zatim ponovo pokreni ComboFix i postavi njegov novi log.

  10. #10
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    Pretrazio sam za sva tri nista nije pronasao.Sto se tice Home Page radi.Hvala.
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  11. #11
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: SmitFraud - Fix

    Citat Original postavio dr_Bora Pogledaj poruku
    Kada odradiš sve ovo, restartuj PC a zatim ponovo pokreni ComboFix i postavi njegov novi log.
    . . .

  12. #12
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    ComboFix 07-12-09.1 - BRANKOV company 2007-12-10 17:11:51.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 1:00]
    Running from: D:\DB co.Gagi\Programi\HT - SmitfraudFix\ComboFix\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
    .

    2007-12-10 13:23 . 2007-12-10 13:23 <DIR> d-------- C:\Program Files\Ferrero
    2007-12-08 16:23 . 2007-12-08 16:23 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
    2007-12-08 16:20 . 2007-12-08 16:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-08 16:19 . 2007-12-08 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2007-12-08 15:36 . 2007-12-08 16:06 <DIR> d-------- C:\Program Files\Electronic Arts
    2007-12-08 14:41 . 2006-05-31 08:22 62,232 -r------- C:\WINDOWS\system32\GameuxInstallHelper.dll
    2007-12-08 12:34 . 2007-12-10 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Share-to-Web Upload Folder
    2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
    2007-12-07 23:49 . 2007-12-07 23:50 <DIR> d-------- C:\Program Files\Womble MPEG Editor
    2007-12-06 20:31 . 2007-12-06 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cyberlink
    2007-12-06 15:42 . 2004-07-07 02:33 292,896 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
    2007-12-06 15:42 . 2004-12-23 17:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
    2007-12-06 15:41 . 2002-08-29 18:41 401,462 --a------ C:\WINDOWS\msvcp60.dll
    2007-12-06 15:41 . 2000-04-07 11:10 278,581 --a------ C:\WINDOWS\msvcrt.dll
    2007-12-06 15:10 . 2007-12-10 00:07 2,712 --a------ C:\WINDOWS\u3dedit3.INI
    2007-12-06 15:10 . 2007-12-10 00:07 549 --a------ C:\WINDOWS\ULead32.ini
    2007-12-06 15:10 . 2007-12-06 15:10 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
    2007-12-06 15:09 . 2007-12-06 15:10 <DIR> d-------- C:\WINDOWS\Ulead.dat
    2007-12-06 15:04 . 2004-05-04 11:53 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll
    2007-12-06 15:03 . 2007-12-06 15:06 <DIR> d-------- C:\Program Files\QuickTime
    2007-12-05 15:36 . 2007-12-07 13:47 1,244,962 --a------ C:\fth.bin
    2007-12-05 12:28 . 2007-12-05 17:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-12-04 19:12 . 2007-12-08 14:15 5,700 --a------ C:\Documents and Settings\BRANKOV company\FMCodec.dat
    2007-12-04 19:12 . 2007-12-08 14:15 4 --a------ C:\Documents and Settings\BRANKOV company\WFSCHDL.dat
    2007-12-04 18:39 . 2007-12-10 11:52 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
    2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\WFDB
    2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\Program Files\WinFast
    2007-12-04 18:32 . 2006-10-18 11:37 162,944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys
    2007-12-04 18:32 . 2006-10-18 11:37 50,816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys
    2007-12-04 18:32 . 2006-10-18 11:38 9,728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys
    2007-12-04 18:28 . 2007-12-04 18:28 <DIR> d-------- C:\WINDOWS\system32\WinFox
    2007-12-04 18:28 . 2007-12-04 18:32 <DIR> d-------- C:\WINDOWS\system32\WinFast
    2007-12-04 18:28 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
    2007-12-02 14:36 . 2007-12-02 14:36 3,226 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-29 12:15 . 2007-12-08 14:41 <DIR> d-------- C:\Program Files\Sega
    2007-11-28 18:55 . 2007-11-28 18:55 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2007-11-28 12:21 . 2007-12-04 21:56 <DIR> d-------- C:\Program Files\RACE 07 Offline
    2007-11-28 09:43 . 2007-11-28 09:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-11-28 09:43 . 2007-11-28 09:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-27 22:44 . 2007-11-27 22:44 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-11-27 22:34 . 2007-11-27 22:34 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-11-27 21:50 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-27 21:50 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-27 21:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-27 21:50 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-27 21:50 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-27 19:05 . 2007-11-27 19:05 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\InstallShield
    2007-11-27 15:46 . 2007-11-27 15:46 <DIR> d-------- C:\Program Files\KONAMI
    2007-11-27 13:22 . 2007-11-28 10:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-27 13:06 . 2007-11-27 13:06 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
    2007-11-27 12:40 . 2007-11-27 13:10 1,008 --a------ C:\WINDOWS\ATICIM.INI
    2007-11-26 13:29 . 2007-11-28 10:06 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-25 21:37 . 2007-11-25 22:01 <DIR> d-------- C:\Program Files\DAP
    2007-11-24 16:54 . 2007-11-24 16:54 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Gearbox Software
    2007-11-24 15:06 . 2007-11-24 15:06 <DIR> d-------- C:\Program Files\OpenAL
    2007-11-24 15:06 . 2007-11-24 15:06 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2007-11-24 15:06 . 2007-11-24 15:06 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2007-11-24 15:03 . 2007-11-24 15:03 <DIR> d-------- C:\WINDOWS\system32\xlive
    2007-11-24 14:46 . 2007-11-24 14:46 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Eidos
    2007-11-24 14:38 . 2007-12-06 15:56 <DIR> d-------- C:\Program Files\Eidos
    2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\XviD
    2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\DivX_311alpha
    2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\AC3Filter
    2007-11-23 17:13 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-23 17:13 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2007-11-23 17:13 . 2001-12-28 01:22 315,392 -ra------ C:\WINDOWS\system32\iviaudio.ax
    2007-11-23 17:13 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-11-23 17:13 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
    2007-11-23 17:13 . 2001-04-05 06:57 56,832 -ra------ C:\WINDOWS\system32\mmswitch.ax
    2007-11-23 17:13 . 2001-12-28 01:22 34,816 -ra------ C:\WINDOWS\system32\mpgaudio.ax
    2007-11-22 18:17 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Common Files\Xing Shared
    2007-11-22 18:17 . 1998-12-16 12:08 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
    2007-11-22 18:12 . 2007-11-23 15:51 <DIR> d-------- C:\Program Files\Total Video Converter
    2007-11-22 18:11 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Xing
    2007-11-17 10:49 . 2004-03-10 16:36 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2007-11-17 10:49 . 2004-03-10 16:36 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
    2007-11-17 10:49 . 2004-03-10 16:36 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
    2007-11-17 10:49 . 2004-03-10 16:36 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
    2007-11-17 10:49 . 2004-03-10 16:36 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
    2007-11-17 10:49 . 2004-03-10 16:36 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
    2007-11-17 10:49 . 2004-03-10 16:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-16 14:12 . 2007-11-24 17:57 <DIR> d-------- C:\Program Files\Ubisoft
    2007-11-15 20:45 . 2007-12-08 09:39 <DIR> d-------- C:\Program Files\DAEMON Tools
    2007-11-13 21:53 . 2007-11-13 21:53 <DIR> d--hs---- C:\WINDOWS\ftpcache
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  13. #13
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-12-10 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 14:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-06 15:07 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-12-06 14:59 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-12-06 14:57 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\Ulead Systems
    2007-12-06 14:52 --------- d-----w C:\Program Files\Ulead Systems
    2007-12-06 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-12-06 14:51 --------- d-----w C:\Program Files\Common Files\Ulead Systems
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-27 15:58 --------- d-----w C:\Program Files\ATI Technologies
    2007-11-26 12:13 --------- d-----w C:\Program Files\Winamp
    2007-11-24 14:01 --------- d-----w C:\Program Files\EA SPORTS
    2007-11-18 15:14 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\temp
    2007-11-06 10:30 --------- d-----w C:\Program Files\GigaByte
    2007-11-05 15:34 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\ATI
    2007-11-02 14:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-02 14:16 --------- d--h--r C:\Documents and Settings\BRANKOV company\Application Data\SecuROM
    2007-10-21 16:34 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-10-21 16:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-18 19:21 623,712 --sh--w C:\WINDOWS\system32\ffhkj.ini2
    2007-10-17 19:57 308,302 --sha-w C:\WINDOWS\system32\ffhkj.bak2
    2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
    2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
    2007-09-15 20:27 6,385 --sha-w C:\WINDOWS\system32\ffhkj.bak1
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-09_23.52.03.42 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-08 14:49:17 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVid eoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
    + 2007-12-10 16:03:36 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVid eoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
    - 2007-12-08 14:49:18 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnost ics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
    + 2007-12-10 16:03:36 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnost ics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
    - 2007-12-08 14:49:18 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D \1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
    + 2007-12-10 16:03:37 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D \1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
    - 2007-12-08 14:49:08 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:27 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:10 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:11 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:29 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:12 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:30 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:13 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:31 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:14 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:32 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:14 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:33 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:34 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:19 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    + 2007-12-10 16:03:37 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
    - 2007-12-08 14:49:19 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDr aw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
    + 2007-12-10 16:03:38 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDr aw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
    - 2007-12-08 14:49:20 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectIn put\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
    + 2007-12-10 16:03:38 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectIn put\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
    - 2007-12-08 14:49:20 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPl ay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
    + 2007-12-10 16:03:39 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPl ay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
    - 2007-12-08 14:49:21 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSo und\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
    + 2007-12-10 16:03:39 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSo und\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
    - 2007-12-08 14:49:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902 .0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2007-12-10 16:03:35 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902 .0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2007-12-10 16:10:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  14. #14
    Domaćin Gax (avatar)
    Učlanjen
    27.04.2005.
    Pol
    muški
    Lokacija
    Božićno ostrvo
    Poruke
    3.083
    Reputaciona moć
    81

    Podrazumevano Re: SmitFraud - Fix

    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
    "ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" []
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
    "L07AXLRD_2162890"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe" []
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-07-28 14:43]
    "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15]
    "VGAUtil"="C:\WINDOWS\system32\G-VGA.exe" [2003-10-08 15:07]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 14:00]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 C:\WINDOWS\system32\bthprops.cpl]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 C:\WINDOWS\SOUNDMAN.EXE]
    "SlipStream"="C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe" [2005-12-15 10:10]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
    "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
    "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]
    "Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Neobee Speeedy Internet Accelerator.lnk - C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe [2007-07-05 22:58:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoRecentDocsMenu"= 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BRANKOV company^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\BRANKOV company\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    C:\Program Files\D-Tools\daemon.exe -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /dropdisc

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2003-11-10 15:06 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
    C:\Program Files\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe -CheckReg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlz]
    C:\WINDOWS\47681728.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
    C:\WINDOWS\9129837.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebInstall2]
    C:\DOCUME~1\BRANKO~1\LOCALS~1\Temp\WebInstall.exe /R

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "Nla"=3 (0x3)
    "RasAuto"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WebClient"=2 (0x2)
    "hpdj"=2 (0x2)

    R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
    R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
    R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
    R2 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCp lDrv.sys
    R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
    S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actv comm.sys
    S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\sius bmod.sys

    .
    ************************************************** ************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-10 17:14:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2007-12-10 17:14:59
    C:\ComboFix2.txt ... 2007-12-09 23:52
    .
    --- E O F ---
    Poslednji put ažurirao/la Gax : 09.12.2007. u 17:24
    „Pozdravi Miljojka i metni ga u kofu nek se vozi. Dođi kod mene da ti dam auspuh!”

  15. #15
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: SmitFraud - Fix

    Ovo sada izgleda ok.

    Potrebno je aktivirati prikaz skrivenih file-ova/foldera:
    • Windows Explorer: Tools meni > Folder options: na View tabu:

      • obeleži Show hidden files and folders
      • dečekiraj Hide protected operating system files (Recommended)


    Obriši:

    C:\WINDOWS\system32\ffhkj.ini2
    C:\WINDOWS\system32\ffhkj.bak2
    C:\WINDOWS\system32\ffhkj.bak1

    -----------------------------------------------------------------------------------

    Potrebno je resetovati System Restore:
    • Control Panel > System: na System Restore tabu: čekiraj Turn off System Restore on all drives
    • Restartuj kompjuter
    • Control Panel > System: na System Restore tabu: dečekiraj Turn off System Restore on all drives

    Gornji postupak će obrisati sadržaj System Restore foldera a time i malware koji se nalazi u njemu i kreirati novu, "čistu" tačku za oporavak sistema.

    -----------------------------------------------------------------------------------

    To bi bilo sve.

Slične teme

  1. Troyan-Spy.Html.Smitfraud.C
    Autor vlax u forumu Sigurnost i zaštita
    Odgovora: 2
    Poslednja poruka: 25.08.2005., 06:42

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •