Невидљива spyware инфекција (шта да радим ?)

Toolbar

Pravilnik foruma

Burek marketing

Najčešća pitanja

Posetite Burek Prodavnicu

Zatvori

BUREK marketing

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Невидљива spyware инфекција (шта да радим ?) (Moderatori: enaB, chelavi1)

Trenutno vreme je: 31. Avg 2025, 15:20:36

Korisnici koji su trenutno na forumu 0 članova i 0 gostiju pregledaju ovu temu.

Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu!

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Stranice:

Tema: Невидљива spyware инфекција (шта да радим ?) (Pročitano 5887 puta)

Гамбино

Poruka #10

05. Jul 2008, 16:21:31

Svedok stvaranja istorije

Zodijak
Pol
Poruke	21826
Zastava

	Windows XP
	Mozilla Firefox 2.0.0.14;
	Qtek 小米

Ушао сам у Safe Mode, избацио ми је гомилу ехе-а, али нисам могао да означим ни један, померао сам горе доле стрелицу и ништа, затим је учитао лог ин где сам могао да бирам корисник или администратор ... Smile

IP sačuvana

Zatvori

genije1

Poruka #11

05. Jul 2008, 16:37:19

Jet set burekdzija

Zodijak
Pol
Poruke	7658

	Windows XP
	Mozilla Firefox 2.0.0.15

pa udji kao korisnik i pokusaj opet Smile

« Poslednja izmena: 05. Jul 2008, 16:39:14 od genije1 »

IP sačuvana

Zatvori

Гамбино

Poruka #12

05. Jul 2008, 16:40:06

Svedok stvaranja istorije

Zodijak
Pol
Poruke	21826
Zastava

	Windows XP
	Mozilla Firefox 2.0.0.14;
	Qtek 小米

А шта је са combofix-om ?

IP sačuvana

Zatvori

milelc

Poruka #13

05. Jul 2008, 16:40:38

Zvezda u usponu

Zodijak
Pol
Poruke	1826
Zastava

	Windows XP
	Internet Explorer 7.0
	Apple k750i

Kao administrator udji

IP sačuvana

Zatvori

genije1

Poruka #14

05. Jul 2008, 17:07:32

Jet set burekdzija

Zodijak
Pol
Poruke	7658

	Windows XP
	Mozilla Firefox 2.0.0.15

Citat: Гамбино 05. Jul 2008, 16:40:06

А шта је са combofix-om ?

combofix bi mozda resio problem ali na ovom forumu ga nesto nevole.. Smile

fix ovo sto ti je filip dao

« Poslednja izmena: 05. Jul 2008, 17:08:28 od genije1 »

IP sačuvana

Zatvori

Filip93

Poruka #15

05. Jul 2008, 17:17:49

Moderator

Legenda foruma

Zodijak
Pol
Poruke	31625
Zastava

	Windows XP
	Opera 9.25
	Nokia 6120

Citat: Гамбино 05. Jul 2008, 16:40:06

А шта је са combofix-om ?

Nista, sta bi bilo?! Ja sam rekao sta da uradis.

IP sačuvana

Zatvori

Гамбино

Poruka #16

05. Jul 2008, 17:29:27

Svedok stvaranja istorije

Zodijak
Pol
Poruke	21826
Zastava

	Windows XP
	Mozilla Firefox 2.0.0.14;
	Qtek 小米

Citat: filip93 05. Jul 2008, 15:47:42

Sledece sve radis iz Safe Mode-a:

Idi i rucno obrisi sledeca dva:

C:\WINDOWS\system32\braviax.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe

Kada to uradis, pokreni Hijackthis, Scan Only, i stikliraj sledece:

O2 - BHO: (no name) - {B2D6C36A-CE09-43F0-B21A-DD9720BC2708} - c:\windows\system32\abebabe.dll (file missing)
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [IEFilter] C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O20 - Winlogon Notify: dzdtmbiu - abebabe.dll (file missing)
O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Restartuj racunar, i okaci novi log.

Филипе урадио сам све како си и навео.
Избрисао оба из safe moda, затим штиклирао ово горе наведено и рестартовао.
Престао је да смара са оним упозорењем и мислим да је проблем решен (тек када сам избрисао овај други вирус ''и експлорер 32''), и ево шта каже нови лог.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:08, on 5.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\korisnik\Desktop\HiJackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {B2D6C36A-CE09-43F0-B21A-DD9720BC2708} - c:\windows\system32\abebabe.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IEFilter] C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFixer2008\RegistryCleanFixer2008.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dzdtmbiu - abebabe.dll (file missing)
O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 4927 bytes

IP sačuvana

Zatvori

Filip93

Poruka #17

05. Jul 2008, 17:43:36

Moderator

Legenda foruma

Zodijak
Pol
Poruke	31625
Zastava

	Windows XP
	Opera 9.25
	Nokia 6120

Kada budes fixovao ovo sto sam ti rekao okaci log. Smile

IP sačuvana

Zatvori

Гамбино

Poruka #18

05. Jul 2008, 17:56:55

Svedok stvaranja istorije

Zodijak
Pol
Poruke	21826
Zastava

	Windows XP
	Mozilla Firefox 2.0.0.14;
	Qtek 小米

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:26, on 5.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\korisnik\Desktop\HiJackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {B2D6C36A-CE09-43F0-B21A-DD9720BC2708} - c:\windows\system32\abebabe.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFixer2008\RegistryCleanFixer2008.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dzdtmbiu - abebabe.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 4747 bytes

IP sačuvana

Zatvori

Filip93

Poruka #19

05. Jul 2008, 17:59:36

Moderator

Legenda foruma

Zodijak
Pol
Poruke	31625
Zastava

	Windows XP
	Opera 9.25
	Nokia 6120

Ok. Skini sada System Mechanic, i ocisti komp i to je to. Wink

IP sačuvana

Zatvori

Stranice:

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Невидљива spyware инфекција (шта да радим ?) (Moderatori: enaB, chelavi1)

Trenutno vreme je: 31. Avg 2025, 15:20:36

Prebaci se na:

Oznake: richvideo data avast4 infekcija braviax dll rthdcpl alcmtr wmiprvse msnmsgr
atk0100 exe vttimer userinit onenotem files virus spyware application

Poslednji odgovor u temi napisan je pre više od 6 meseci.

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Nova godina Beograd :: nova godina restorani :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Sudski tumač Novi Beograd

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.