MyCity » Ambulanta -> Arhiva Ambulante » system32/o

system32/o

Napisano na dan: 18.11.2007

Strana:
1
2

system32/o

Sledeća strana

Pagination

Odgovori

Strana:
1
2

foksmolder Poslao: 18 Nov 2007 21:47 Idi na vrh
offline foksmolder Novi MyCity građanin Pridružio: 27 Jan 2007 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem sa virusom koga kaspersky prepozna "windows/system32/o" medjutim i posle brisanja on se ponovo pojavi za sat dva i strasno usporava konekciju.. Logfile of HijackThis v1.99.1 Scan saved at 404021 04 PM, on 11/18/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\xhpciompjm.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10 O17 - HKLM\System\CS3\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtut - C:\WINDOWS\ O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: mljjjji - C:\WINDOWS\ O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing) O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

Profil

bobby Poslao: 18 Nov 2007 22:02 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

foksmolder Poslao: 19 Nov 2007 09:09 Idi na vrh
offline foksmolder Novi MyCity građanin Pridružio: 27 Jan 2007 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vundofix mi posle skeniranja nije nista nasao tako da je logo prazan . Evo novi hijack logo posle toga(napominjem da mi je u trentuku skeniranja kaspersky opet pronasao trojan windows/system32/o Logfile of HijackThis v1.99.1 Scan saved at 06609 24 AM, on 11/19/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe C:\WINDOWS\System32\xhpciompjm.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10 O17 - HKLM\System\CS3\Services\Tcpip\..\{1B15A45C-67B8-4A13-A849-9A010A16F738}: NameServer = 212.200.120.9,212.200.120.10 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtut - C:\WINDOWS\ O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: mljjjji - C:\WINDOWS\ O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing) O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

Profil

bobby Poslao: 19 Nov 2007 19:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini CatchMe. Dvoklikom pokreni program i pređi na tab Script. U (beli) prozor programa iskopiraj sledeci tekst: `files to kill: C:\WINDOWS\System32\xhpciompjm.exe` Klikni na dugme Run. Nakon toga bi na Desktop-u trebao da se nalazi fajl catchme.zip. Uploaduj mi taj fajl preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Nakon toga napravi novi HijackThis log koji ces ovde postaviti.

Profil

foksmolder Poslao: 19 Nov 2007 20:55 Idi na vrh
offline foksmolder Novi MyCity građanin Pridružio: 27 Jan 2007 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslao sam fajl.. evo novi log Logfile of HijackThis v1.99.1 Scan saved at 535320 43 PM, on 11/19/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\xhpciompjm.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MPlayer for Windows\MPUI.exe C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe C:\Program Files\MPlayer for Windows\mplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtut - C:\WINDOWS\ O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: mljjjji - C:\WINDOWS\ O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing) O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

Profil

bobby Poslao: 19 Nov 2007 21:19 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi catchme.zip koji imas na Desktopu. Sledeci skript za Catchme, procedura kao i malopre: `files to kill: C:\Documents and Settings\molder\~tmp0374.exe C:\WINDOWS\system32\systs.exe C:\WINDOWS\System32\efeff.dll C:\WINDOWS\System32\aspi34572.exe` Ponovo mi uploaduj catchme.zip kada ovo odradis. Onda restartuj racunar, pa napravi novi HijackThis log koji ces ovde postaviti.

Profil

foksmolder Poslao: 19 Nov 2007 21:35 Idi na vrh
offline foksmolder Novi MyCity građanin Pridružio: 27 Jan 2007 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Catch mi izbacuje poruku da je zavrsio skripte ali sa greskom. poslao sam zip koji je svega par kilobajta evo novi log hj posle restarta Logfile of HijackThis v1.99.1 Scan saved at 313121 56 PM, on 11/19/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - drivecleaner.com/.freeware/installdrivecleanerstart.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtut - C:\WINDOWS\ O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: mljjjji - C:\WINDOWS\ O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing) O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing)

Profil

bobby Poslao: 19 Nov 2007 21:57 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinuti SDFix na Desktop. Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakovanju. Restartovati kompjuter u Safe Mode Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat Stisnuti Y da bi se zapocelo skeniranje Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan Pritisnuti bilo koji taster da bi se kompjuter restartovao Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan Iskopirati izvestaj u poruku na forumu Skeniraj ponovo HijackThisom i štikliraj polja ispred sledećih linija: O4 - HKLM\..\Run: [Winds Seersc Agts] xhpciompjm.exe O4 - HKLM\..\RunServices: [Winds Seersc Agts] xhpciompjm.exe O4 - HKCU\..\Run: [Winds Seersc Agts] xhpciompjm.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab O20 - Winlogon Notify: awtut - C:\WINDOWS\ O20 - Winlogon Notify: efeff - C:\WINDOWS\System32\efeff.dll (file missing) O20 - Winlogon Notify: mljjjji - C:\WINDOWS\ O20 - Winlogon Notify: mljkhhf - C:\WINDOWS\ O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi34572.exe (file missing) O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\molder\~tmp0374.exe (file missing) O23 - Service: WinHost Debugger System - Unknown owner - C:\WINDOWS\system32\systs.exe (file missing) Klikni Fix Checked Nakon toga ponovo restartuj racunar, pa nakon restarta napravi novi HijackThis log koji ces ovde postaviti.

Profil

foksmolder Poslao: 20 Nov 2007 15:15 Idi na vrh
offline foksmolder Novi MyCity građanin Pridružio: 27 Jan 2007 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo izvestaj SDFix: Version 1.115 Run by molder on Mon 11/19/2007 at 1222 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: aspi113210 Microsoft IE Updater WinHost Debugger System Path: C:\WINDOWS\System32\aspi34572.exe C:\Documents and Settings\molder\~tmp0374.exe /start "C:\WINDOWS\system32\systs.exe" aspi113210 - Deleted Microsoft IE Updater - Deleted WinHost Debugger System - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\aspi34572.exe - Deleted C:\WINDOWS\SYSTEM32\DP.EXE - Deleted C:\WINDOWS\SYSTEM32\ERA90A~1.EXE - Deleted C:\WINDOWS\SYSTEM32\ERASEM~3.EXE - Deleted C:\WINDOWS\SYSTEM32\GE1.EXE - Deleted C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted C:\WINDOWS\SYSTEM32\SRHOST.EXE - Deleted C:\WINDOWS\SYSTEM32\WIN32DLL.EXE - Deleted C:\WINDOWS\SYSTEM32\WINDERVS.EXE - Deleted C:\WINDOWS\system32\eraseme_00051.exe - Deleted C:\WINDOWS\system32\eraseme_25833.exe - Deleted C:\WINDOWS\system32\eraseme_36112.exe - Deleted C:\WINDOWS\install.exe - Deleted C:\WINDOWS\s32.txt - Deleted C:\WINDOWS\system32\o - Deleted C:\WINDOWS\system32\RunOnce.t__ - Deleted C:\WINDOWS\system32\RunOnce.tm_ - Deleted C:\WINDOWS\system32\setup_24283.exe - Deleted C:\WINDOWS\system32\TFTP3244 - Deleted C:\WINDOWS\system32\TFTP3336 - Deleted C:\WINDOWS\system32\waumgr.exe - Deleted C:\WINDOWS\Temp\_check32.bat - Deleted C:\WINDOWS\Temp\removalfile.bat - Deleted C:\WINDOWS\ws386.ini - Deleted Folder C:\Documents and Settings\All Users\Documents\Settings - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-11-19 22:29:08 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:fd54eff8 "s2"=dword:c1d5494b "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:1c,3b,a1,d3,b6,3e,1f,9a,dd,77,2d,e7,d4,76,77,0c,fb,bc,0f,5a,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:33,e7,4e,03,ca,a7,a0,bd,04,15,c6,40,04,d0,cb,ca,8a,ef,ab,e9,30,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:ff,18,9a,c7,f4,d7,9e,d9,99,e7,f2,d1,1e,6b,8b,a3,77,c0,7a,49,08,.. "d0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d5,a6,35,b5,53,02,c3,c6,d2,e4,de,b3,5c,12,17,c3,9a,78,91,d0,0e,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\$winnt32$_test] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:1c,3b,a1,d3,b6,3e,1f,9a,dd,77,2d,e7,d4,76,77,0c,fb,bc,0f,5a,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:33,e7,4e,03,ca,a7,a0,bd,04,15,c6,40,04,d0,cb,ca,8a,ef,ab,e9,30,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:ff,18,9a,c7,f4,d7,9e,d9,99,e7,f2,d1,1e,6b,8b,a3,77,c0,7a,49,08,.. "d0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:d5,a6,35,b5,53,02,c3,c6,d2,e4,de,b3,5c,12,17,c3,9a,78,91,d0,0e,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120% (Trial Version)" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7884A070-A2F3-B9EB-E781-E574CA0E0395}] "fajfepbpgjfi"=hex:66,61,6c,69,67,70,67,62,69,62,6d,70,00,f6 scanning hidden files ... C:\Documents and Settings\molder\Local Settings\Application Data\Microsoft\Messenger\foksmolder@hotmail.com\SharingMetadata\pexon333@yahoo.com\DFSR\Staging\CS{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}\01\10-{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}-v1-{BADC0647-A5ED-4622-A9A7-4D27337A850A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\molder\Local Settings\Application Data\Microsoft\Messenger\foksmolder@hotmail.com\SharingMetadata\pexon333@yahoo.com\DFSR\Staging\CS{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}\12\12-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v12-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2440 bytes hidden from API C:\Documents and Settings\molder\Local Settings\Application Data\Microsoft\Messenger\foksmolder@hotmail.com\SharingMetadata\pexon333@yahoo.com\DFSR\Staging\CS{149B5FCD-B1E8-C9CE-87AE-8A824ADB76A0}\13\13-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v13-{E345A38C-496A-4FDF-907D-6F359624BE0C}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe::Enabled:BitTorrent" "C:\\WINDOWS\\system32\\11.tmp"="C:\\WINDOWS\\system32\\11.tmp::Enabled:Microsoft (R) Windows Protocol Deployment Manager" "C:\\WINDOWS\\System32\\drivers\\wmiapsrvs.exe"="C:\\WINDOWS\\System32\\drivers\\wmiapsrvs.exe:*:Enabled:WMI Performance Adapter Services" "C:\\WINDOWS\\System32\\ispmkcbu.exe"="C:\\WINDOWS\\System32\\isp" "C:\\WINDOWS\\System32\\peqevntk.exe"="C:\\WINDOWS\\System32\\peq" "C:\\WINDOWS\\System32\\rfmexyll.exe"="C:\\WINDOWS\\System32\\rfm" "C:\\WINDOWS\\System32\\filjgftq.exe"="C:\\WINDOWS\\System32\\fil" "C:\\WINDOWS\\System32\\poehwwxf.exe"="C:\\WINDOWS\\System32\\poe" "C:\\WINDOWS\\System32\\gdwjlunr.exe"="C:\\WINDOWS\\System32\\gdw" "C:\\WINDOWS\\System32\\bsixdcjc.exe"="C:\\WINDOWS\\System32\\bsi" "C:\\WINDOWS\\System32\\ccudhwew.exe"="C:\\WINDOWS\\System32\\ccu" "C:\\WINDOWS\\System32\\asjktwqx.exe"="C:\\WINDOWS\\System32\\asj" "C:\\WINDOWS\\System32\\tdkspcio.exe"="C:\\WINDOWS\\System32\\tdk" "C:\\WINDOWS\\System32\\wcunlpro.exe"="C:\\WINDOWS\\System32\\wcu" "C:\\WINDOWS\\System32\\sgaughgq.exe"="C:\\WINDOWS\\System32\\sga" "C:\\WINDOWS\\System32\\qfpquhqg.exe"="C:\\WINDOWS\\System32\\qfp" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 30 Jan 2002 22,016 A..H. --- "C:\Program Files\Game Graphic Studio\borlndmm.dll" Wed 30 Jan 2002 620,544 A..H. --- "C:\Program Files\Game Graphic Studio\stlpmt45.dll" Tue 20 Aug 2002 1,511,453 ...H. --- "C:\Program Files\Messenger\msmsgs.exe" Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll" Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll" Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll" Thu 29 Aug 2002 537,088 ..SHR --- "C:\WINDOWS\system32\depatfjdcg.exe" Tue 19 Jun 2007 6,594 A.SH. --- "C:\WINDOWS\system32\ffefe.bak1" Sat 30 Jun 2007 935,577 ..SH. --- "C:\WINDOWS\system32\ffefe.bak2" Wed 6 Jun 2007 905,535 A.SH. --- "C:\WINDOWS\system32\tutwa.tmp" Tue 5 Jun 2007 678,715 A.SH. --- "C:\WINDOWS\system32\tutwa.bak1" Wed 6 Jun 2007 909,089 A.SH. --- "C:\WINDOWS\system32\tutwa.bak2" Thu 29 Aug 2002 560,128 ..SHR --- "C:\WINDOWS\system32\xhpciompjm.exe" Thu 11 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 18 Aug 2007 33,280 ...H. --- "C:\Documents and Settings\molder\Desktop\~WRL0236.tmp" Finished! Dopuna: 19 Nov 2007 22:47 evo i hj logo posle restarta Logfile of HijackThis v1.99.1 Scan saved at 454522 02 PM, on 11/19/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Documents and Settings\molder\Desktop\hj\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jccatch.dll (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\getflash.dll (file missing) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [USB Safely Remove] C:\Downloads\USB_Safely_Remove5\USBSafelyRemove.exe /startup O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\molder\LOCALS~1\Temp\RarSFX0\jc_link.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\molder\Local Settings\Temp\RarSFX0\FlashGet.exe (file missing) O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtut - C:\WINDOWS\ O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVP - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Dopuna: 20 Nov 2007 15:15 Posle stikliranja polja u hj i fix checked problem je nestao i konekcija se vratila u normalu , medjutim jutros ponovo problemi sa system32/o

Profil

bobby Poslao: 20 Nov 2007 17:45 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izgleda da moramo da resavamo u jednom dahu, tj. za jedno vece. Ja sam za kompom ~18:00 - 22:00 svako vece. Ukoliko budes tu veceras, pokusacemo ovo onda veceras da resimo. U svakom slucaju, pusti ponovo SDFix i postavi mi log, pa onda i novi log HijackThisa, pa da probamo da resimo to bez da ponovo startujes komp pre nego sto ti ja postavim uputstva. Lako je moguce da infekcija menja ime fajla pri startovanju kompa. Drugo, problem je sto imas Windows XP sa Servis Packom 1, tako da ti je sistem podlozan infekcijama bas puno. Cak i ukoliko resimo ovo, inficiraces se ponovo cim se sledeci put prikljucis na internet.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » system32/o

Ko je trenutno na forumu

Ukupno su 1115 korisnika na forumu :: 53 registrovanih, 5 sakrivenih i 1057 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AC-DC, Apok, Bluper, bojcistv, BRATORIII, Bubimir, cavatina, ccoogg123, debeli, djboj, DonRumataEstorski, Duh sa sekirom, flash12, GenZee, Georgius, goxin, hyla, Istman, Ivica1102, JimmyNapoli, JOntra, Karla, Koridor, Krvava Devetka, laki_bb, Lubica, mile23, milenko crazy north, nuke92, Oscar2, Petarvu, procesor, rajkoplje, randja26, RJ, rovac, sasa76, sasakrajina, slonic_tonic, Srle993, Steeeefan, suton, Tas011, Tvrtko I, vathra, vukdra, W123, wizzardone, wolf431, yrraf, Zimbabwe, zzapNDjuric99, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by