Isti problem 2. racunar

3

Isti problem 2. racunar

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Nema je vise...samo ona sa Macromediom je ostala...

Logfile of HijackThis v1.99.1
Scan saved at 12:24:41 PM, on 3/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\issrch.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
G:\Opera\op.com
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\zekaThis\zekaThis.exe

R3 - URLSearchHook: radiostanica Toolbar - {a10dc0cb-728f-456b-90f9-7fd1351e841a} - C:\Program Files\radiostanica\tbradi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: radiostanica Toolbar - {a10dc0cb-728f-456b-90f9-7fd1351e841a} - C:\Program Files\radiostanica\tbradi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: radiostanica Toolbar - {a10dc0cb-728f-456b-90f9-7fd1351e841a} - C:\Program Files\radiostanica\tbradi.dll
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet.....hcImpl.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4958/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: Macromedia Updater (mmupdate) - Unknown owner - C:\WINDOWS\TEMP\2CB.tmp".exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Da li je potreban Gmer log? Bio je pokrenut Gmer, radio je skoro 40 min. i iylistavao svaki moguci fajl na racunaru, da li to tako treba? Prekinuo sam kada si rekao da mozda nece biti potreban poslije restarta...

Dopuna: 07 Mar 2007 12:28

ups...pogrijesio sam..ima je! Ali vise nije (file missing)...ovo postaje smijesno...

Dopuna: 07 Mar 2007 12:44

Zaboravio sam izbrisati onaj Zlob, evo sada log, poslije njegovog brisanja...samo sam (glupan) slucajno izbrisao i fajl issrch, mislim da se tako zove, iz System32..da li je to opasno? Restartovao sam, izgleda da sada definitivno nema one linije sa ixt0.dll...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

issrch.exe treba obrisati, i on je deo infekcije.
Buni me samo sto ne mozemo da obrisemo ovu O23 liniju. Moguce je da je zasticena pravima pristupa u reg. bazi.

Mozemo da probamo da je obrisemo na sledeci nacin:
Prvo otvori Control Panel> Administrative Tools> Services. Pronadji na listi Macromedia Updater.
Klikni desno dugme na njega pa tu odaberi Stop.
Klikni opet desno dugme na njega pa odaberi Properties. Na prozoru koji se otvori postavi Startup type na Disabled.
Startuj HJT i na samom pocetku odaberi Open the Misc Tools section, pa na prozoru koji ce da se pojavi odaberi Delete an NT service.
Pojavice se dijalog za unos imena servisa koji treba da se brise, tu unesi mmupdate


Sada mi objasni nesto posto vidim da opet imamo ixt0.dll u zadnjem logu koji si postavio. Kazes u zadnjoj recenici tvoje poruke da ga vise nema, jel to znaci da imas jos sveziji log od ovog gore?

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Mozda sam postavio stari...greska pri kopiranju...

Logfile of HijackThis v1.99.1
Scan saved at 2:02:16 PM, on 3/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
G:\Opera\op.com
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\zekaThis\zekaThis.exe

R3 - URLSearchHook: radiostanica Toolbar - {a10dc0cb-728f-456b-90f9-7fd1351e841a} - C:\Program Files\radiostanica\tbradi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: radiostanica Toolbar - {a10dc0cb-728f-456b-90f9-7fd1351e841a} - C:\Program Files\radiostanica\tbradi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: radiostanica Toolbar - {a10dc0cb-728f-456b-90f9-7fd1351e841a} - C:\Program Files\radiostanica\tbradi.dll
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet.....hcImpl.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4958/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: Macromedia Updater (mmupdate) - Unknown owner - C:\WINDOWS\TEMP\2CB.tmp".exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


A sad cu probati ovo za liniju 023

Dopuna: 07 Mar 2007 14:03

Na desni klik na Macromedia Updater u Servisima imam opciju Start...znaci stopiran je vec...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Onda mu jos samo uradi Disable i izbrisi ga uz pomoc HJT-a kako sam ti gore opisao.

offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Uradjeno. Valjda je sada OK.

Dopuna: 13 Mar 2007 8:51

Hm...pojavio se problem 2. vrste. U system tray-u mi treperi crveni trokutic sa usklicnikom i izbacuje mi poruke da mi je racunar zarazen. Sa ovim se srecem milioniti put ali do sada sam ga uspjesno cistio. Sada...pustio sam mu bezbroj programa za ciscenje...ali nista. Sta mi savjetujes?

Dopuna: 13 Mar 2007 8:53

Smitfraud?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvori novu temu i postavi HJT log. Teram te da otvoris drugu temu zbog preglednosti.

Ko je trenutno na forumu
 

Ukupno su 1336 korisnika na forumu :: 33 registrovanih, 4 sakrivenih i 1299 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, amaterSRB, antonije64, Asparagus, Batinas, bojank, bokisha253, Boris90, BSD, Dimitrije Paunovic, DonRumataEstorski, drimer, Fabius, Georgius, gorval, JimmyNapoli, Kibice, kihot, kuntalo, Leonov, Mcdado, milenko crazy north, milutin134, novator, sasa87, shadower78, Skywhaler, Srky Boy, stegonosa, Toper, Trpe Grozni, vasa.93, vathra