problem sa messanger virusom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pomagajte ljudi: Logfile of HijackThis v1.99.1
Scan saved at 00:14:51, on 07-May-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\hobehfxn.exe
C:\WINDOWS\system32\zwfwrhbdtwp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Korisnik\Desktop\tr3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dcads - {3f080d62-5f33-7ae5-0218-e5c23f1a0e14} - C:\WINDOWS\system32\nsyC.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsx53.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [hobehfxn] C:\WINDOWS\system32\hobehfxn.exe
O4 - HKLM\..\Run: [zwfwrhbdtwp] C:\WINDOWS\system32\zwfwrhbdtwp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ee15405904f6487fa480ea943084a2b7
O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ee15405904f6487fa480ea943084a2b7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CommServer (ikic8adinxdluern) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe
O23 - Service: DeepSight Extractor Service for NP08 (ovaehtyayoou1) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...




Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O2 - BHO: dcads - {3f080d62-5f33-7ae5-0218-e5c23f1a0e14} - C:\WINDOWS\system32\nsyC.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsx53.dll
O4 - HKLM\..\Run: [hobehfxn] C:\WINDOWS\system32\hobehfxn.exe
O4 - HKLM\..\Run: [zwfwrhbdtwp] C:\WINDOWS\system32\zwfwrhbdtwp.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O23 - Service: CommServer (ikic8adinxdluern) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe
O23 - Service: DeepSight Extractor Service for NP08 (ovaehtyayoou1) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe

Klikni Fix checked.



-------------------------------------------------------------------------------------



Preuzmi program OTMoveIt2 na Desktop.

Dvoklikom pokreni OTMoveIt2.exe

U (levi) prozor programa (ispod Paste List of Files/Folders to Move) iskopiraj sve što se nalazi unutar Kod polja:

C:\WINDOWS\system32\hobehfxn.exe
C:\WINDOWS\system32\zwfwrhbdtwp.exe
C:\WINDOWS\system32\nsyC.dll
C:\WINDOWS\system32\nsx53.dll

Klikni MoveIt!
Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?

kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.



Takođe, postavi i novi HT logfile.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

C:\WINDOWS\system32\hobehfxn.exe moved successfully.
C:\WINDOWS\system32\zwfwrhbdtwp.exe moved successfully.
File/Folder C:\WINDOWS\system32\nsyC.dll not found.
C:\WINDOWS\system32\nsx53.dll unregistered successfully.
C:\WINDOWS\system32\nsx53.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05072008_165102

Dopuna: 07 Maj 2008 16:59

pozzz


ja nisam uradila ono sa skeniranjem jel neke one tachke ne mogu da nadjem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Samo pokreni HijackThis, klikni Do a system scan and save a logfile i iskopiraj ovde log koji se otvori u Notepad-u.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 20:15:49, on 07-May-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Korisnik\Desktop\tr3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ee15405904f6487fa480ea943084a2b7
O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ee15405904f6487fa480ea943084a2b7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CommServer (ikic8adinxdluern) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe (file missing)
O23 - Service: DeepSight Extractor Service for NP08 (ovaehtyayoou1) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini LSPFix na Desktop:

[Link mogu videti samo ulogovani korisnici]

Za sada nema potrebe za korišćenjem ovog programa...



Pokreni HijackThis, klikni Do a system scan only i čekiraj sledeće linije:

O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O23 - Service: CommServer (ikic8adinxdluern) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe (file missing)
O23 - Service: DeepSight Extractor Service for NP08 (ovaehtyayoou1) - Unknown owner - C:\WINDOWS\system32\zwfwrhbdtwp.exe (file missing)

Klikni Fix checked.


Obriši sledeći folder ukoliko postoji: c:\program files\webhancer



Restartuj kompjuter.


Ukoliko nakon restarta nisu u mogućnosti da se spojiš na internet, raspakuj file lspfix.zip (onaj koji si skinula na početku), pokreni program LSP-Fix i klikni Finish.

Nakon svega, postavi svež HijackThis log i reci mi kakvo je sada stanje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nece da mi se obrise webhancer?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Restartuj kompjuter pa onda probaj.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nece ni kad ga restartujem?

Dopuna: 08 Maj 2008 1:37

izbaci mi:

cannot delete webhdll.dll; access is denied make sure the disc is not full or write-protected and that the file is not currently in use

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK. Nikakav problem. Rešićemo...


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.