system32/o

1

system32/o

offline
  • Pridružio: 27 Jan 2007
  • Poruke: 26

Imam problem sa virusom koga kaspersky prepozna "windows/system32/o" medjutim i posle brisanja on se ponovo pojavi za sat dva i strasno usporava konekciju..
Logfile of HijackThis v1.99.1
Scan saved at 404021 04 PM, on 11/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\xhpciompjm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtut - C:\WINDOWS\
O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: mljjjji - C:\WINDOWS\
O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing)
O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini VundoFix:
http://www.atribune.org/ccount/click.php?id=4

* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK.
* Uključi se računar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

offline
  • Pridružio: 27 Jan 2007
  • Poruke: 26

Vundofix mi posle skeniranja nije nista nasao tako da je logo prazan .
Evo novi hijack logo posle toga(napominjem da mi je u trentuku skeniranja kaspersky opet pronasao trojan windows/system32/o

Logfile of HijackThis v1.99.1
Scan saved at 06609 24 AM, on 11/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe
C:\WINDOWS\System32\xhpciompjm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtut - C:\WINDOWS\
O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: mljjjji - C:\WINDOWS\
O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing)
O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini CatchMe.

Dvoklikom pokreni program i pređi na tab Script.
U (beli) prozor programa iskopiraj sledeci tekst:

files to kill:
C:\WINDOWS\System32\xhpciompjm.exe


Klikni na dugme Run.

Nakon toga bi na Desktop-u trebao da se nalazi fajl catchme.zip.
Uploaduj mi taj fajl preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Nakon toga napravi novi HijackThis log koji ces ovde postaviti.

offline
  • Pridružio: 27 Jan 2007
  • Poruke: 26

Poslao sam fajl..
evo novi log

Logfile of HijackThis v1.99.1
Scan saved at 535320 43 PM, on 11/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\xhpciompjm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MPlayer for Windows\MPUI.exe
C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe
C:\Program Files\MPlayer for Windows\mplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtut - C:\WINDOWS\
O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: mljjjji - C:\WINDOWS\
O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing)
O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Obrisi catchme.zip koji imas na Desktopu.

Sledeci skript za Catchme, procedura kao i malopre:

files to kill:
C:\Documents and Settings\molder\~tmp0374.exe
C:\WINDOWS\system32\systs.exe
C:\WINDOWS\System32\efeff.dll
C:\WINDOWS\System32\aspi34572.exe


Ponovo mi uploaduj catchme.zip kada ovo odradis.

Onda restartuj racunar, pa napravi novi HijackThis log koji ces ovde postaviti.

offline
  • Pridružio: 27 Jan 2007
  • Poruke: 26

Catch mi izbacuje poruku da je zavrsio skripte ali sa greskom. poslao sam zip koji je svega par kilobajta
evo novi log hj posle restarta

Logfile of HijackThis v1.99.1
Scan saved at 313121 56 PM, on 11/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtut - C:\WINDOWS\
O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: mljjjji - C:\WINDOWS\
O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing)
O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skinuti SDFix na Desktop.

Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakovanju.


Restartovati kompjuter u Safe Mode
Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat
Stisnuti Y da bi se zapocelo skeniranje
Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan
Pritisnuti bilo koji taster da bi se kompjuter restartovao
Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished
Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan
Iskopirati izvestaj u poruku na forumu


Skeniraj ponovo HijackThisom i štikliraj polja ispred sledećih linija:

O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe
O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O20 - Winlogon Notify: awtut - C:\WINDOWS\
O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing)
O20 - Winlogon Notify: mljjjji - C:\WINDOWS\
O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing)
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing)
O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

Klikni Fix Checked

Nakon toga ponovo restartuj racunar, pa nakon restarta napravi novi HijackThis log koji ces ovde postaviti.

offline
  • Pridružio: 27 Jan 2007
  • Poruke: 26

evo izvestaj
SDFix: Version 1.115

Run by molder on Mon 11/19/2007 at 1222 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
aspi113210
Microsoft IE Updater
WinHost Debugger System

Path:
C:\WINDOWS\System32\aspi34572.exe
C:\Documents and Settings\molder\~tmp0374.exe /start
"C:\WINDOWS\system32\systs.exe"

aspi113210 - Deleted
Microsoft IE Updater - Deleted
WinHost Debugger System - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\aspi34572.exe - Deleted
C:\WINDOWS\SYSTEM32\DP.EXE - Deleted
C:\WINDOWS\SYSTEM32\ERA90A~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\ERASEM~3.EXE - Deleted
C:\WINDOWS\SYSTEM32\GE1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SRHOST.EXE - Deleted
C:\WINDOWS\SYSTEM32\WIN32DLL.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINDERVS.EXE - Deleted
C:\WINDOWS\system32\eraseme_00051.exe - Deleted
C:\WINDOWS\system32\eraseme_25833.exe - Deleted
C:\WINDOWS\system32\eraseme_36112.exe - Deleted
C:\WINDOWS\install.exe - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system32\o - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tm_ - Deleted
C:\WINDOWS\system32\setup_24283.exe - Deleted
C:\WINDOWS\system32\TFTP3244 - Deleted
C:\WINDOWS\system32\TFTP3336 - Deleted
C:\WINDOWS\system32\waumgr.exe - Deleted
C:\WINDOWS\Temp\_check32.bat - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\ws386.ini - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-11-19 22:29:08
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fd54eff8
"s2"=dword:c1d5494b
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:1c,3b,a1,d3,b6,3e,1f,9a,dd,77,2d,e7,d4,76,77,0c,fb,bc,0f,5a,ef,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:33,e7,4e,03,ca,a7,a0,bd,04,15,c6,40,04,d0,cb,ca,8a,ef,ab,e9,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:ff,18,9a,c7,f4,d7,9e,d9,99,e7,f2,d1,1e,6b,8b,a3,77,c0,7a,49,08,..
"d0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d5,a6,35,b5,53,02,c3,c6,d2,e4,de,b3,5c,12,17,c3,9a,78,91,d0,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\$winnt32$_test]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:1c,3b,a1,d3,b6,3e,1f,9a,dd,77,2d,e7,d4,76,77,0c,fb,bc,0f,5a,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:33,e7,4e,03,ca,a7,a0,bd,04,15,c6,40,04,d0,cb,ca,8a,ef,ab,e9,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:ff,18,9a,c7,f4,d7,9e,d9,99,e7,f2,d1,1e,6b,8b,a3,77,c0,7a,49,08,..
"d0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d5,a6,35,b5,53,02,c3,c6,d2,e4,de,b3,5c,12,17,c3,9a,78,91,d0,0e,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120% (Trial Version)"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7884A070-A2F3-B9EB-E781-E574CA0E0395}]
"fajfepbpgjfi"=hex:66,61,6c,69,67,70,67,62,69,62,6d,70,00,f6

scanning hidden files ...

C:\Documents and Settings\molder\Local Settings\Application Data\Microsoft\Messenger\foksmolder@hotmail.com\SharingMetadata\pexon333@yahoo.com\DFSR\Staging\CS{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}\01\10-{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}-v1-{BADC0647-A5ED-4622-A9A7-4D27337A850A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\molder\Local Settings\Application Data\Microsoft\Messenger\foksmolder@hotmail.com\SharingMetadata\pexon333@yahoo.com\DFSR\Staging\CS{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}\12\12-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v12-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2440 bytes hidden from API
C:\Documents and Settings\molder\Local Settings\Application Data\Microsoft\Messenger\foksmolder@hotmail.com\SharingMetadata\pexon333@yahoo.com\DFSR\Staging\CS{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}\13\13-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v13-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\11.tmp"="C:\\WINDOWS\\system32\\11.tmp:*:Enabled:Microsoft (R) Windows Protocol Deployment Manager"
"C:\\WINDOWS\\System32\\drivers\\wmiapsrvs.exe"="C:\\WINDOWS\\System32\\drivers\\wmiapsrvs.exe:*:Enabled:WMI Performance Adapter Services"
"C:\\WINDOWS\\System32\\ispmkcbu.exe"="C:\\WINDOWS\\System32\\isp"
"C:\\WINDOWS\\System32\\peqevntk.exe"="C:\\WINDOWS\\System32\\peq"
"C:\\WINDOWS\\System32\\rfmexyll.exe"="C:\\WINDOWS\\System32\\rfm"
"C:\\WINDOWS\\System32\\filjgftq.exe"="C:\\WINDOWS\\System32\\fil"
"C:\\WINDOWS\\System32\\poehwwxf.exe"="C:\\WINDOWS\\System32\\poe"
"C:\\WINDOWS\\System32\\gdwjlunr.exe"="C:\\WINDOWS\\System32\\gdw"
"C:\\WINDOWS\\System32\\bsixdcjc.exe"="C:\\WINDOWS\\System32\\bsi"
"C:\\WINDOWS\\System32\\ccudhwew.exe"="C:\\WINDOWS\\System32\\ccu"
"C:\\WINDOWS\\System32\\asjktwqx.exe"="C:\\WINDOWS\\System32\\asj"
"C:\\WINDOWS\\System32\\tdkspcio.exe"="C:\\WINDOWS\\System32\\tdk"
"C:\\WINDOWS\\System32\\wcunlpro.exe"="C:\\WINDOWS\\System32\\wcu"
"C:\\WINDOWS\\System32\\sgaughgq.exe"="C:\\WINDOWS\\System32\\sga"
"C:\\WINDOWS\\System32\\qfpquhqg.exe"="C:\\WINDOWS\\System32\\qfp"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 30 Jan 2002 22,016 A..H. --- "C:\Program Files\Game Graphic Studio\borlndmm.dll"
Wed 30 Jan 2002 620,544 A..H. --- "C:\Program Files\Game Graphic Studio\stlpmt45.dll"
Tue 20 Aug 2002 1,511,453 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Thu 29 Aug 2002 537,088 ..SHR --- "C:\WINDOWS\system32\depatfjdcg.exe"
Tue 19 Jun 2007 6,594 A.SH. --- "C:\WINDOWS\system32\ffefe.bak1"
Sat 30 Jun 2007 935,577 ..SH. --- "C:\WINDOWS\system32\ffefe.bak2"
Wed 6 Jun 2007 905,535 A.SH. --- "C:\WINDOWS\system32\tutwa.tmp"
Tue 5 Jun 2007 678,715 A.SH. --- "C:\WINDOWS\system32\tutwa.bak1"
Wed 6 Jun 2007 909,089 A.SH. --- "C:\WINDOWS\system32\tutwa.bak2"
Thu 29 Aug 2002 560,128 ..SHR --- "C:\WINDOWS\system32\xhpciompjm.exe"
Thu 11 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 18 Aug 2007 33,280 ...H. --- "C:\Documents and Settings\molder\Desktop\~WRL0236.tmp"

Finished!

Dopuna: 19 Nov 2007 22:47

evo i hj logo posle restarta

Logfile of HijackThis v1.99.1
Scan saved at 454522 02 PM, on 11/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing)
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtut - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Dopuna: 20 Nov 2007 15:15

Posle stikliranja polja u hj i fix checked problem je nestao i konekcija se vratila u normalu , medjutim jutros ponovo problemi sa system32/o

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izgleda da moramo da resavamo u jednom dahu, tj. za jedno vece.
Ja sam za kompom ~18:00 - 22:00 svako vece.
Ukoliko budes tu veceras, pokusacemo ovo onda veceras da resimo.

U svakom slucaju, pusti ponovo SDFix i postavi mi log, pa onda i novi log HijackThisa, pa da probamo da resimo to bez da ponovo startujes komp pre nego sto ti ja postavim uputstva. Lako je moguce da infekcija menja ime fajla pri startovanju kompa.

Drugo, problem je sto imas Windows XP sa Servis Packom 1, tako da ti je sistem podlozan infekcijama bas puno. Cak i ukoliko resimo ovo, inficiraces se ponovo cim se sledeci put prikljucis na internet.

Ko je trenutno na forumu
 

Ukupno su 652 korisnika na forumu :: 30 registrovanih, 9 sakrivenih i 613 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Bane san, branko7, comi991, deb.sr, Duh sa sekirom, dule10savic, elenemste, Georgius, gile58, glada, kayvan6079, MB120mm, Mirage 2000N, Mixelotti, nuke92, pera bager, RJ, ruso, sakota79, SerbFlippy, Singidunumac, Skywhaler, Smd, Toni, Van, virked, voja64, xJeremijAx