MyCity » Ambulanta -> Arhiva Ambulante » Explorer nestaje i pojavljuje se...

Explorer nestaje i pojavljuje se...

Napisano na dan: 4.11.2007

Strana:
1
2
3

Explorer nestaje i pojavljuje se...

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Milance86 Poslao: 04 Nov 2007 02:01 Idi na vrh
offline Milance86 Novi MyCity građanin Pridružio: 04 Nov 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako... imao sam neki virus (valjda pokupljen sa MSN-a) i sad... mislim da ni virusa, spy-ova i ostalih cuda nema! Proerio sam sa KIS6, SpyBot-om i AD-Aware-om i sada nista ne pronalaze... nalazi li si inace neke Backdoor.WIN32.IRCBot trojance u agtsvc.exe i asrsvc.exe! Posle sam obrisao (tj. odradio fix) istih tih uz pomoc Hijack-a (bilo je nesto 04 - HKLM....) i sad... ...imam cudan problem kao sto glasi naslov teme! Windows se startuje, sve normalno i posle 15sek. nestane explorer, pa se posle 5sek. opet ucita... i sve tako u krug do god ga ja ne uhvatim (kad se aktivira i pojavi u procesima u taskmanager-u) i ne uradim endtask! Tad komp sasvim lepo radi, ali nemam explorer! Poskusao sam originalni explorer.exe da vratim, kao i operaciju sfc /scannow... ima li jos neke pomoci??? Da prilozim i trenutni Hijack log: Logfile of HijackThis v1.99.1 Scan saved at 1:47:43 AM, on 11/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\UpsPilot\Winpower.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TechniSat DVB\bin\Server4PC.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\UpsPilot\monitor.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\UpsPilot\wpRMI.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\My Download Files\Programi\Antivirusi\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MSI/Live%20Update%203/MSI.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: msi.com.tw O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com/dev/GoPetsWeb.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: HJKHEK - Unknown owner - C:\DOCUME~1\Athlon\LOCALS~1\Temp\HJKHEK.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe Dopuna: 04 Nov 2007 2:01 Ovde nema izmeni, ali zaboravih nesto da kazem... kada prebacim "novi" explorer.exe, sa instalacionog diska i startujem komp KIS-ov anti-hacker mi javi za explorer.exe i sve dok mu ja ne kazem Allow... on ne nestaje, ako mu kazem Deny on nestane, vrati se u sekundi i opet mi pojavi Anti-Hacker novi "zahtev", a promenjen je samo ProcessID! Tako da... ja ga uglavnom tako kopiram i ostavim da mi stoji ta poruka!

Profil

bobby Poslao: 04 Nov 2007 09:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! POkusaj da pronadjes sledeci fajl: C:\Documents and Settings\Athlon\Local Settings\Temp\HJKHEK.exe Potrebno ti je da bude ukljuceno prikazivanje skrivenih fajlova (vidi sledece uputstvo): http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html Kada nadjes taj fajl, uploaduj mi ga na proveru preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Dopuna: 04 Nov 2007 9:21 Preimenuj HijackThis.exe pre nego sto napravis sledeci log. Preimenuj HIjackThis.exe u recimo TY1.exe pa napravi novi log koji ces postaviti u sledecoj poruci.

Profil

Milance86 Poslao: 04 Nov 2007 11:16 Idi na vrh
offline Milance86 Novi MyCity građanin Pridružio: 04 Nov 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj fajl ne postoji! Inace, ja sam ubedjen da virus, tj spy ili sta li je vec jos postoji na mom kompu! Kad sam instalirao opet MSN i startovao ga sinoc (srecom pa nisam imao on-line prijatelje) odma' se pojavio imagexx.zip i ponekad xx.exe fajlove u ovom gore Temp-u... a vec sam video da njega pravi virus, jer mi je bas taj fajl pre svima slao! Ali to mi jednostavno nije jjasno... svi koji su imali tih problema, su jednostavno resili problem sa SpyBot-om... ne znam sta se meni desava... Ali.. kao sto rekoh preskenirao sam ceo komp sa KIS6, SpyBot-om, AD-Aware-om, posle sam i sa on-line scan sa Trend Micro sajta, pa sa Hiren's Boot CD-a, pa posle sa ClamWin (i njega mi neko preporucio (naravno iskljucio sam tada bio KIS)), pa sam posle i VundoFix, pa MSN-Virus-Removal... i stvarno mi nije jasno kako ne mogu da se oslobodim svih problema! Preimenovao sam i evo log-a: Logfile of HijackThis v1.99.1 Scan saved at 11:05:57 AM, on 11/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\UpsPilot\monitor.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\UpsPilot\Winpower.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TechniSat DVB\bin\Server4PC.exe C:\PROGRA~1\UpsPilot\wpRMI.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\totalcmd\TOTALCMD.EXE D:\HijackThis\TY1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MSI/Live%20Update%203/MSI.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {38C4EEFC-D740-4E10-A883-3BF32E0CD9AB} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\iifdbyw.dll O2 - BHO: (no name) - {69E81DA4-7D00-4B90-9C08-974E0045CB74} - C:\WINDOWS\system32\jkhhe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7A6008D0-B2E9-4E69-89A5-411442B7083C} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: msi.com.tw O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: iifdbyw - C:\WINDOWS\SYSTEM32\iifdbyw.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: HJKHEK - Unknown owner - C:\DOCUME~1\Athlon\LOCALS~1\Temp\HJKHEK.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe Dopuna: 04 Nov 2007 11:16 Sad videh u log-u da su mi se opet pojavili no name - no file obavestenja u Hijack-u, pod 02... otkud' sad oni...

Profil

bobby Poslao: 04 Nov 2007 11:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Milance86, zamolio bih te da ne pokusavas sam razno-razne alatke za ciscenje jer time meni samo otezavas potragu jer mozes da unistis tragove koji su meni potrebni da bih nasao infekciju. Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

Milance86 Poslao: 04 Nov 2007 12:02 Idi na vrh
offline Milance86 Novi MyCity građanin Pridružio: 04 Nov 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK Vundo nije nista pronasao! VundoFix V6.5.11 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 11:57:18 AM 11/4/2007 Listing files found while scanning.... No infected files were found. Hijack, ne bi trebalo da se promenio, ali evo opet log-a: Logfile of HijackThis v1.99.1 Scan saved at 12:00:45 PM, on 11/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\UpsPilot\monitor.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\UpsPilot\Winpower.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\TechniSat DVB\bin\Server4PC.exe C:\PROGRA~1\UpsPilot\wpRMI.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\UpsPilot\jre\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE D:\HijackThis\TY1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MSI/Live%20Update%203/MSI.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {38C4EEFC-D740-4E10-A883-3BF32E0CD9AB} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\iifdbyw.dll O2 - BHO: (no name) - {69E81DA4-7D00-4B90-9C08-974E0045CB74} - C:\WINDOWS\system32\jkhhe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7A6008D0-B2E9-4E69-89A5-411442B7083C} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O15 - Trusted Zone: msi.com.tw O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: iifdbyw - C:\WINDOWS\SYSTEM32\iifdbyw.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: HJKHEK - Unknown owner - C:\DOCUME~1\Athlon\LOCALS~1\Temp\HJKHEK.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe

Profil

bobby Poslao: 04 Nov 2007 12:02 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

Milance86 Poslao: 04 Nov 2007 12:19 Idi na vrh
offline Milance86 Novi MyCity građanin Pridružio: 04 Nov 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-11-01.1** - Athlon 2007-11-04 12:10:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.493 [GMT 1:00] Running from: D:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\WINDOWS\system32\bund1 C:\WINDOWS\system32\bund1\temp.txt C:\WINDOWS\system32\ehhkj.bak2 C:\WINDOWS\system32\ehhkj.ini C:\WINDOWS\system32\ehhkj.ini2 C:\WINDOWS\system32\ehhkj.tmp C:\WINDOWS\system32\jkhhe.dll C:\WINDOWS\system32\winsys.exe D:\RECYCLER\desktop.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_WINCOM32 ((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))) . 2007-11-04 12:04 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-04 11:55 <DIR> d-------- C:\Program Files\MSN Messenger 2007-11-03 16:08 36,352 --a------ C:\WINDOWS\system32\efcdeby.dll 2007-11-03 16:07 36,352 --a------ C:\WINDOWS\system32\iifdbyw.dll 2007-11-03 09:42 <DIR> d-------- C:\Program Files\Kaspersky Lab 2007-11-03 09:42 16,846,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-03 09:42 167,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-03 00:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-02 23:26 <DIR> d-------- C:\VundoFix Backups 2007-11-02 23:22 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\Media Player Classic 2007-11-02 22:11 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\HouseCall 6.6 2007-11-02 19:38 <DIR> d-------- C:\Program Files\CCleaner 2007-11-02 16:49 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-02 16:47 1,032,192 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-11-02 16:47 1,032,192 --a------ C:\WINDOWS\explorer.exe 2007-11-02 16:38 122,880 --a------ C:\WINDOWS\system32\Sky2PCUI.dll 2007-11-02 16:38 118,784 --a------ C:\WINDOWS\system32\SkyDll.dll 2007-11-02 16:38 102,400 --a------ C:\WINDOWS\system32\libbz2.dll 2007-11-02 03:03 6,470 --ahs---- C:\WINDOWS\system32\vyadd.bak2 2007-11-02 02:52 <DIR> d-------- C:\Program Files\ClamWin 2007-11-02 02:52 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\.clamwin 2007-11-02 02:52 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2007-11-01 14:54 <DIR> d-------- C:\Documents and Settings\Athlon\.housecall6.6 2007-11-01 04:17 10,752 -rahs---- C:\WINDOWS\system32\avrsvc.exe 2007-11-01 01:14 3,377 --a------ C:\WINDOWS\msnchk.exe 2007-10-31 01:46 6,510 --ahs---- C:\WINDOWS\system32\uttss.bak2 2007-10-29 00:30 <DIR> d-------- C:\Pro_Evolution_Soccer_2008-FLT 2007-10-27 09:57 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\Nokia Multimedia Player 2007-10-25 23:39 <DIR> d---s---- C:\Documents and Settings\Athlon\UserData 2007-10-21 23:00 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\IMVU 2007-10-21 22:59 <DIR> d-------- C:\Program Files\IMVU 2007-10-21 01:35 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2007-10-21 01:11 <DIR> d-------- C:\Program Files\TERMINAL Studio 2007-10-21 00:25 <DIR> d-------- C:\Program Files\Oberon Media 2007-10-20 19:29 <DIR> d-------- C:\Program Files\Atlantis 2007-10-19 21:53 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\Apple Computer 2007-10-19 21:48 <DIR> d-------- C:\Program Files\QuickTime 2007-10-19 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-19 21:45 <DIR> d-------- C:\Program Files\Apple Software Update 2007-10-19 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-15 22:03 11,648 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-10-12 19:04 <DIR> d-------- C:\Downloads 2007-10-12 18:44 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\FlashGet 2007-10-09 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited 2007-10-05 23:53 <DIR> d-------- C:\Program Files\MySpace 2007-10-05 23:53 <DIR> d-------- C:\Documents and Settings\Athlon\Application Data\MySpace 2007-10-04 00:06 <DIR> d-------- C:\Program Files\Magicbit 2007-10-04 00:00 <DIR> d-------- C:\Program Files\MIKSOFT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 11:14 230,852 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-04 11:14 17,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-04 05:32 --------- d-----w C:\Program Files\UpsPilot 2007-11-03 11:50 3,001 --sha-w C:\Documents and Settings\Athlon\ppUser.dat 2007-11-03 00:42 --------- d-----w C:\Documents and Settings\Athlon\Application Data\uTorrent 2007-11-02 22:22 --------- d-----w C:\Program Files\TechniSat DVB 2007-11-02 22:22 --------- d-----w C:\Program Files\DVBViewerTE 2007-11-02 22:22 --------- d-----w C:\Program Files\Common Files\Real 2007-11-02 22:22 --------- d-----w C:\Documents and Settings\Athlon\Application Data\Bioshock 2007-11-02 15:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-02 15:02 --------- d-----w C:\Program Files\uTorrent 2007-11-02 15:02 --------- d-----w C:\Program Files\Tunebite 2007-11-02 15:02 --------- d-----w C:\Program Files\Tetrix 2007-11-02 15:02 --------- d-----w C:\Program Files\LimeWire 2007-11-02 15:02 --------- d-----w C:\Program Files\FlashFXP 2007-11-02 15:02 --------- d-----w C:\Program Files\Disc2Phone 2007-11-02 15:02 --------- d-----w C:\Program Files\CloneDVD 2007-11-02 15:02 --------- d-----w C:\Program Files\AutoGK 2007-11-02 01:55 --------- d-----w C:\Documents and Settings\Athlon\Application Data\.clamwin 2007-11-01 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-31 11:54 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-31 11:53 --------- d-----w C:\Program Files\CoolWallpaper 2007-10-21 21:59 --------- d-----w C:\Program Files\FlashGet 2007-10-15 21:03 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-15 13:25 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-10-15 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-10-10 15:07 --------- d-----w C:\Program Files\DivX 2007-10-06 21:00 --------- d-----w C:\Program Files\Common Files\ACD Systems 2007-10-06 21:00 --------- d-----w C:\Program Files\ACD Systems 2007-10-06 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-09-26 21:23 --------- d-----w C:\Documents and Settings\Athlon\Application Data\Sony 2007-09-23 21:25 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-09-20 11:09 --------- d-----w C:\Documents and Settings\Athlon\Application Data\MyPhoneExplorer 2007-09-20 10:49 --------- d-----w C:\Program Files\MyPhoneExplorer 2007-09-20 10:15 --------- d-----w C:\Documents and Settings\Athlon\Application Data\Teleca 2007-09-20 08:26 --------- d-----r C:\Documents and Settings\Athlon\Application Data\SecuROM 2007-09-20 08:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-09-20 00:56 --------- d-----w C:\Program Files\Java 2007-09-19 23:41 --------- d-----w C:\Documents and Settings\Athlon\Application Data\Sony Ericsson 2007-09-19 23:39 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-09-19 23:39 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2007-09-19 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2007-09-19 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-09-18 13:29 --------- d-----w C:\Program Files\Incomplete 2007-09-13 14:29 --------- d-----w C:\Program Files\eMule 2007-09-09 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-08-12 21:59 84,992 ----a-w C:\WINDOWS\system32\vrty.exe 2007-08-02 12:45 1 ----a-w C:\Documents and Settings\Athlon\SI.bin 2007-01-31 17:43 87,608 ----a-w C:\Documents and Settings\Athlon\Application Data\ezpinst.exe 2007-01-31 17:43 47,360 ----a-w C:\Documents and Settings\Athlon\Application Data\pcouffin.sys 2006-12-01 18:36 20,328 ----a-w C:\Documents and Settings\Athlon\Application Data\GDIPFONTCACHEV1.DAT 2006-10-28 08:41:34 56 --sh--r C:\WINDOWS\system32\5160F755D4.sys 2007-08-02 18:25:54 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0739B961-B226-4496-9FE9-8108B535396C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38C4EEFC-D740-4E10-A883-3BF32E0CD9AB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}] 2007-11-03 16:07 36352 --a------ C:\WINDOWS\system32\iifdbyw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69E81DA4-7D00-4B90-9C08-974E0045CB74}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6008D0-B2E9-4E69-89A5-411442B7083C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 10:58] "CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21] "Winpower"="C:\Program Files\UpsPilot\Winpower.exe" [2007-08-03 14:25] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "P17Helper"="P17.dll" [2005-05-03 19:38 C:\WINDOWS\system32\P17.dll] "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Winpower"=C:\Program Files\UpsPilot\Winpower.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-19 19:05:02] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-12-04 11:53:20] Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2007-11-02 16:38:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\iifdbyw.dll [2007-11-03 16:07 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbyw] iifdbyw.dll 2007-11-03 16:07 36352 C:\WINDOWS\system32\iifdbyw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhe.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "matlabserver"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "P17Helper"=Rundll32 P17.dll,P17Helper "SW24"=C:\WINDOWS\system32\sw24.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "WinSys2"=C:\WINDOWS\system32\winsys2.exe "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray "DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE "nwiz"=nwiz.exe /install "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" --logon R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S1 Cinemsup;Cinemsup;\??\C:\WINDOWS\system32\drivers\cinemsup.sys S2 DbgMsg;Debug Message;\??\C:\WINDOWS\System32\Drivers\DbgMsg.sys S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc S3 HJKHEK;HJKHEK;C:\DOCUME~1\Athlon\LOCALS~1\Temp\HJKHEK.exe S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys S3 RTCore;RTCore;\??\D:\My Download Files\Programi\RightMark Memory Analyzer 3.45\RTCore.sys S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys S4 VZDBGXGIKN;VZDBGXGIKN;C:\DOCUME~1\Athlon\LOCALS~1\Temp\VZDBGXGIKN.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc860c3-32d5-11dc-bf5e-001109d57c1f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-11-04 12:15:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-04 12:17:23 - machine was rebooted . --- E O F ---

Profil

bobby Poslao: 04 Nov 2007 12:34 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Muko, ovo je malo komplikovano posto imas infekcije koje menjaju imena fajlova, pa ih je malo teze pokupiti. Koliko ces jos dugo biti na netu? Bitno mi je da znam jer ce infekcije ponovo promeniti imena nakon sto budes restartovao racunar.

Profil

Milance86 Poslao: 04 Nov 2007 12:37 Idi na vrh
offline Milance86 Novi MyCity građanin Pridružio: 04 Nov 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma tu sam ja! Samo da napomenem da mi je prilikom prvog pokretanja tog programa (tj. scan-a) pojavio plavi ekran (IRQ _NOT LESS_OR_EQUAL)... pa sam tek iz drugog puta uspeo... kao i to da mi je nekoliko puta SpyBot prikazivao od njega poruke i ja sam sve dozvoljavao! Znaci tu sam ja... nego sta da radim sa Anti-Hacker-ovom porukom... da dozvolim, pa da end-task-ujem Explorer.exe!

Profil

bobby Poslao: 04 Nov 2007 12:51 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Antihacker dok ne odradimo ciscenje. Skini sledeci program: http://files.thespykiller.co.uk/catchme.exe Startuj i klikni gore na Script tab. Iskopiraj sledeci listing u polje za upis scripta: `files: C:\WINDOWS\system32\efcdeby.dll C:\WINDOWS\system32\iifdbyw.dll C:\DOCUME~1\Athlon\LOCALS~1\Temp\VZDBGXGIKN.exe C:\WINDOWS\system32\winsys2.exe C:\WINDOWS\system32\sw24.exe C:\WINDOWS\system32\drivers\tmcomm.sys C:\WINDOWS\system32\vyadd.bak2 C:\WINDOWS\system32\avrsvc.exe C:\WINDOWS\msnchk.exe C:\WINDOWS\system32\uttss.bak2` Klikni Run Kada Catchme zavrsi posao, na Desktopu ce biti napravljen fajl Catchme.zip, koji ces mi uploadovati preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Kada pregledam te fajlove, javljam sta cemo i kako dalje. Moram da vidim sa cime imamo posla ovde.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Explorer nestaje i pojavljuje se...

Ko je trenutno na forumu

Ukupno su 1033 korisnika na forumu :: 45 registrovanih, 7 sakrivenih i 981 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Andrija357, bladesu, darios, dekan.m, Denaya, Dimitrise93, djboj, DonRumataEstorski, dule10savic, FOX, Georgius, Joja, karevski, Karla, kybonacci, Lucije Kvint, Mcdado, mercedesamg, milenko crazy north, Mixelotti, Mlav, mnn2, mrav pesadinac, nemkea71, nenad81, Nikolaa11, NoOneEver Dreams, ObelixSRB, Panter, Parker, pein, procesor, robertino, samsung, sasa87, slonic_tonic, Smiljke, solic, SR-3m, Srki94, ss10, stegonosa, Stoilkovic, Vlada78, YU-UKI

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by