IEXPLORE.EXE ponovo

IEXPLORE.EXE ponovo

offline
  • Pridružio: 18 Jul 2008
  • Poruke: 115
  • Gde živiš: Majur

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:18 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Genius\Desktop\MaestrO\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [boldeq] C:\DOCUME~1\Genius\APPLIC~1\SLOWST~1\site shim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6EC9DD-F012-4A5E-B9F8-1515C5A97102}: NameServer = 10.5.0.100,10.5.0.200
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4605 bytes

updejtovao sam sys i dobio ie 7 i oni procesi su se i5 aktivirali a ie mi treba zbog msn-a.
ima li resenjaa da neradim sys?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


U čemu je tačno problem? Može li pojašnjenje ali takvo da ga razumem?


Arrow Deinstaliraj program Messenger Discovery - u pitanju je adware.


Arrow Pokreni HijackThis, skeniraj i čekiraj sledeću liniju:

O4 - HKCU\..\Run: [boldeq] C:\DOCUME~1\Genius\APPLIC~1\SLOWST~1\site shim.exe

Klikni Fix checked.



Arrow Preuzmi Deljob.
Dvoklikom pokreni deljob.exe
Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
Iskopiraj sadržaj tog loga u temu na forumu

offline
  • Pridružio: 18 Jul 2008
  • Poruke: 115
  • Gde živiš: Majur

izvini kad nisam imao msn Discoveryopet ga ima.
ali hvala ti uradicu da poslusam pa cu javiti rezultate poz..

Uradio sam evo izvestaja:

--------------------------------------------------------
Backups created in C:\deljob

AC94F2CA90936ACE.job
--------------------------------------------------------
Files in Windows Tasks folder

1-Click Maintenance.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is F081-204B

Directory of C:\Documents and Settings\Genius\Application Data

08/07/2008 05:10 AM <DIR> .
08/07/2008 05:10 AM <DIR> ..
07/11/2008 11:54 AM <DIR> Adobe
07/19/2008 04:53 PM <DIR> Ahead
01/05/2002 08:10 AM <DIR> ESET
08/05/2008 12:20 PM <DIR> GRETECH
07/18/2008 08:45 AM <DIR> Help
01/05/2002 08:01 AM <DIR> IDENTI~1 Identities
07/11/2008 11:54 AM <DIR> MACROM~1 Macromedia
07/31/2008 05:29 AM <DIR> MICROS~1 Microsoft
08/01/2008 06:30 AM <DIR> Mozilla
07/17/2008 02:12 PM <DIR> PCTOOL~1 PC Tools
07/29/2008 03:04 PM <DIR> SecuROM
08/11/2008 04:40 AM <DIR> SLOWST~1 Slow Stop
07/28/2008 02:59 PM <DIR> Sun
07/24/2008 06:13 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
07/14/2008 07:44 PM <DIR> TUNEUP~1 TuneUp Software
07/22/2008 05:43 PM <DIR> Uniblue
07/10/2008 07:59 AM <DIR> URSoft
07/08/2008 11:55 AM <DIR> Winamp
07/12/2008 06:47 PM <DIR> WinRAR
0 File(s) 0 bytes
21 Dir(s) 17,827,876,864 bytes free
Volume in drive C has no label.
Volume Serial Number is F081-204B

Directory of C:\Documents and Settings\All Users\Application Data

08/11/2008 04:40 AM <DIR> .
08/11/2008 04:40 AM <DIR> ..
01/05/2002 08:09 AM <DIR> ESET
07/08/2008 08:47 PM <DIR> INSTAL~1 InstallShield
07/31/2008 01:28 PM <DIR> MESSEN~1 Messenger Plus!
08/10/2008 03:18 PM <DIR> MICROS~1 Microsoft
07/19/2008 04:33 PM <DIR> Nero
07/19/2008 06:30 PM <DIR> NFSUND~1 NFS Underground
12/31/2001 11:16 PM <DIR> TEMP
07/22/2008 11:35 PM <DIR> TICKFI~1 Tick Find Close Surf
07/14/2008 07:44 PM <DIR> TUNEUP~1 TuneUp Software
07/22/2008 06:31 PM <DIR> WINDOW~1 Windows Genuine Advantage
07/25/2008 12:54 AM <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
13 Dir(s) 17,827,876,864 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
Administrator
All Users
Genius
--------------------------------------------------------


evo uradio sam. sta sada?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Restartuj kompjuter.


Aktiviraj prikaz skrivenih file-ova i foldera:

http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html


Pronađi i obriši sledeće foldere:

C:\Documents and Settings\Genius\Application Data\Slow Stop
C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf



Postavi svež HijackThis logfile i reci mi da li trenutno postoje bilo kakvi problemi.

offline
  • Pridružio: 18 Jul 2008
  • Poruke: 115
  • Gde živiš: Majur

C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf

njega nema ali sam usao u taj folder na drugi nacin i obrisao iz njega jedan fajl koji je bio (Obj date).


evo log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:20 AM, on 1/1/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Genius\Desktop\MaestrO\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6EC9DD-F012-4A5E-B9F8-1515C5A97102}: NameServer = 10.5.0.100,10.5.0.200
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4157 bytes


koliko sam primetio procesa sada nema nestali su posle

kada ste rekli da uradim ovo:

Poz...


U čemu je tačno problem? Može li pojašnjenje ali takvo da ga razumem?


Arrow Deinstaliraj program Messenger Discovery - u pitanju je adware.


Arrow Pokreni HijackThis, skeniraj i čekiraj sledeću liniju:

O4 - HKCU\..\Run: [boldeq] C:\DOCUME~1\Genius\APPLIC~1\SLOWST~1\site shim.exe

Klikni Fix checked.



Arrow Preuzmi Deljob.

* Dvoklikom pokreni deljob.exe
* Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
* Iskopiraj sadržaj tog loga u temu na forumu

Hvala vam!!!1

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Nismo još gotovi.

Potraži i obriši sledeći folder, ako postoji:

C:\Program Files\Slow Stop



Nakon toga isključi a zatim ponovo uključi System Restore:

http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kak.....WinXP.html


To je sve...

offline
  • Pridružio: 18 Jul 2008
  • Poruke: 115
  • Gde živiš: Majur

C:\Program Files\Slow Stop

to sam obrisao Smile

meni je sys restore stalno iskljucen jedino da ga upalim pa ugasim Very Happy

Ko je trenutno na forumu
 

Ukupno su 652 korisnika na forumu :: 9 registrovanih, 2 sakrivenih i 641 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Rade, Battlehammer, cikadeda, gorantrojka, HrcAk47, Kenanjoz, Kruger, sovanova95