da li neko zna u cemu je stvar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E , nisam ti se javio jer je Ljuba (ortak) van grada.
Siguran sam da nema fles animaciju ali se nedavno stekovao na nett sa adsl-om i sada zuji okolo non-stop .
Javicu se veoma uskoro da zavrsimo ovo !

E sada !!!!
Meni licno , je iskrsao mali problem jer sa sa seriskim brojem za jedn program instalirao jedan fail koji se odmah smestio u program files i nikako nije hteo da se obrise.U task menadjeru se stalno iznova pojavljivala 2 procesa koji isto nisu hteli da prestanu da budu aktivni a reg.bazi su bili u policis pa run a kada ih izbrises oni se opet iznova vracaju .
Onda sam ja odradio ceo ovaj , od tebe , opisani postupak i sada je SVE ok !
Evo postavicu log posle svega ,pa vidi da li je nesto ostalo . A da , ovaj sada vec bivsi programcic je bio nesto kao Video i jos nesto , nisam zapisao moja greska .
SmitFraudFix v2.128

Scan done at 2:34:09.81, Sun 12/10/2006
Run from C:\Documents and Settings\Tomic Srdjan\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Dopuna: 10 Dec 2006 3:11

Uffffff !
Evo ga prvi log !
SmitFraudFix v2.128

Scan done at 2:31:47.79, Sun 12/10/2006
Run from C:\Documents and Settings\Tomic Srdjan\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"

[HKEY_CLASSES_ROOT\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\System32\vcehaeb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\System32\vcehaeb.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\vcehaeb.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\vcehaeb.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\local.html Deleted
C:\WINDOWS\onlineshopping.ico Deleted
C:\WINDOWS\removeadware.ico Deleted
C:\WINDOWS\sexpersonals.ico Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ista infekcija kao i na kompu mog zeta

Daj svez HJT log, da vidimo kako stoje stvari.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zarazio sam se kada sam skinuo seriski broj za AVP.
Evo log :
Logfile of HijackThis v1.99.1
Scan saved at 12:52:06 AM, on 12/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
E:\TEAC\Cika Ljuba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5FA0A2C-6A31-4556-BBAF-D73D203C2ED4}: NameServer = 212.200.108.17 212.200.108.18
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obrisi folder C:\Program Files\Video ActiveX Object
Mozda ces to morati da odradis u Safe Mode ukoliko brisanje ne uspe u normalnom modu.

Sto se tice serijskog, ispostuj nas barem tako sto neces da pricas o pirateriji, posto je na ovom forumu zabranjena.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vec je obrisan,bar se ne pojavljuje u program files.

Sorry za seriski ....

javicu se da pogledas onaj drugi log uskoro , naravno kada budes imao malo vremena .