Drugi iexplore>. <

smislu · #1 17 siječanj 2008, 07:35

hej im da imaju problema sa virusom explire bila njegova stvar događa kao i za tjedan dana .. i nađe mi par dif fer vodiče o tome kako to popraviti, ali većinu vremena ona će mi reći za brisanje datoteka i nije dobro kad su ... JA probati kraju procesa na njih 2 nove procese pojaviti za nekoliko sekundi prije iexplore se vratiti ... nešto poput mp3sect i 3 ~ THIRDM ne siguran ako taj relevantni ipak ...

Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Alcohol Soft \ Alcohol 52 \ StarWind \ StarWindServiceAE.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ Program Files \ WinFast \ WFTVFM \ WFWIZ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe
C: \ Program Files \ Winamp \ winampa.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe
C: \ Program Files \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe
C: \ Program Files \ Ani \ ANIWZCS2 Service \ WZCSLDR2.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ FRAPS \ FRAPS.EXE
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
C: \ Program Files \ VIA \ RAID \ raid_tool.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download i Record Plugin za Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll (file missing)
O2 - BHO: MSNToolBandBHO - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Apps \ MSN Toolbar \ 01.02.3000.1001 \ en-us \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll (file missing)
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [WinFast Schedule] C: \ Program Files \ WinFast \ WFTVFM \ WFWIZ.exe
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [ISUSPM Startup] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ isuspm.exe"-početni
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" start
O4 - HKLM \ .. \ Run: [WinampAgent] C: \ Program Files \ Winamp \ winampa.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [D-Link AirPlus XtremeG] C: \ Program Files \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe
O4 - HKLM \ .. \ Run: [ANIWZCS2Service] C: \ Program Files \ Ani \ ANIWZCS2 Service \ WZCSLDR2.exe
O4 - HKLM \ .. \ Run: [Love zadani globalni nered] C: \ Documents and Settings \ All Users \ Application Data \ ugalj velike ljubavi default \ Treće mp3.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [creativemore] C: \ DOCUME ~ 1 \ Andrew \ APPLIC ~ 1 \ ERRORM ~ 1 \ Mp3Sect.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" ponovno podizanje sustava AcRdB7_0_8-1
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Program Files \ Alcohol Soft \ Alcohol 52 \ axcmd.exe" / automount
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Fraps] C: \ FRAPS \ FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C: \ Program Files \ VIA \ RAID \ raid_tool.exe
O8 - Extra kontekst meni stavka: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra kontekst meni stavka: & Translate Engleski Word - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra kontekst meni stavka: Povratni Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra kontekst meni stavka: Predmemorirano snimka Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Similar Pages - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra kontekst meni stavka: Prevedi na engleski Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Run IMVU - (d9288080-1baa-4bc4-9cf8-a92d743db949) - C: \ Documents and Settings \ Andrew \ Start Menu \ Programs \ IMVU \ Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O14 - IERESET.INF: START_PAGE_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (27527D31-447B-11D5-A46E-0001023B4289) (CoGSManager Class) -- http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: (2917297F-F02B-4B9D-81DF-494B6333150B) (minolovac Zastave klase) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (2BC66F54-93A8-11D3-BEB6-00105AA9B6AE) (Symantec AntiVirus skener) -- http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O17 - HKLM \ System \ CS1 \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM \ System \ CS3 \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ programa ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ programa ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Obavijesti: WBSrv - C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ wbsrv.dll
O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc - C: \ Program Files \ Ani \ ANIWZCS2 Service \ ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown vlasnika - C: \ Program Files \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ Win32 \ RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown vlasnika - C: \ Program Files \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ RpcSandraSrv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Program Files \ Alcohol Soft \ Alcohol 52 \ StarWind \ StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown vlasnika - C: \ Program Files \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown vlasnika - C: \ WINDOWS \ system32 \ UAService7.exe

**evilfantasy** · #2 17 siječanj 2008, 09:34

Dobrodošli na TCF.

Dozvoljava vidjeti ako mi može čisto ovaj gore.

---------------

Zašto je nema antivirusni na računalu?

Korak A je za ljude koji govore da na bilo koji od sljedećih:
- Vi nemate antivirusni instaliran.
- Imate protuvirusni program koji je istekao.

Ako je odgovor na bilo koji od gore navedenih je da.
- Slijediti ovaj link i instalirajte jedan od antivirusnog programa na popisu.

---------------

Onemogući Spybot-a TeaTimer

Dok TeaTimer je odličan alat za sprečavanje spywarea, to ponekad može spriječi naše alate iz pričvršćivanje određene stvari.
Molimo vas onemogućiti TeaTimer za sada dok ne budete čisti. TeaTimer mogu biti ponovno aktiviran nakon vaše logove su čista.

Prvo:

Desnom tipkom miša kliknite Spybot u programskoj traci (izgleda kao s kalendarom katanac symbol)
Izabrati Zatvorite Spybot S & D Resident

Drugo:

Otvori Spybot S & D
Kliknite ModaProvjeriti Advanced Mode
Idi na lijevo Panel, kliknite Alati, A zatim i na lijevoj strani panela, kliknite Resident
Ako vaš vatrozid postavlja pitanje, reci U redu
Isključite potvrdni okvir pod nazivom Resident Tea-Timer i bilo koji potiču redu.
Koristiti Datoteka, Izlaz raskida Spybot
Reboot vaš stroj za promjene stupiti na snagu.

Treći:

S obje Tea timer i download Spybot zatvoreno ResetTeaTimer.zip

Otvoriti rajsfešlus datoteku.
Dvaput kliknite na ResetTeaTimer.bat Da biste uklonili sve stavke koje postavlja Spybot's TeaTimer.
Nakon što ga je vodio, možete izbrisati ga. To neće biti potrebno ponovno.

Napomena: Ako TeaTimer vam daje upozorenje nakon što su neke promjene, omogućuju blokiranje ovog umjesto njega.

--------------

Download NoLop na Vašu radnu površinu s jednog od linkova ispod ...

Link 1
Link 2 [/ b]

Zatvori imate bilo kakve programe prikazuju jer je potrebno ponovno pokrenuti
Dvaput kliknite na NoLop.exe da ga
Zatim kliknite na gumb s oznakom: Pretraživanje i uništiti
<<your računalo sada će biti skenirani za zaražene files>>
Kada se skeniranje završi, ako je zaraženo, od vas će se tražiti da ponovno pokrenete
Kliknite OK
Sada kliknite na: Reboot
Poruka trebali popup iz NoLop. Ako ne, Dvoklik program opet i ona će završiti.
Post sadržaj C: \ NoLop.log u sljedećem odgovoru.

Napomena: Ako primate pogrešku "mscomctl.ocx ili jedan od njegovih zavisnosti nisu ispravno registrirani, molimo preuzmite mscomctl.ocx na svoj system32 mapu onda ponovi program.

---------------

Otvori HijackThis i odaberite Da li je sustav skenirati samo zatim staviti kvačica pored: (ako postoji)

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll (file missing)
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll (file missing)
O9 - Extra button: Run IMVU - (d9288080-1baa-4bc4-9cf8-a92d743db949) - C: \ Documents and Settings \ Andrew \ Start Menu \ Programs \ IMVU \ Run IMVU.lnk (file missing)

Zatvori sve prozore osim HijackThis i kliknite Fix checked

Izlaz Hijackthis.

---------------

Molimo, preuzmite Combofix by sUBs jedan od linkova ispod.
(Isprobajte sve tri ako je potrebno)

VAŽNO - Combofix.exe MORA biti spremljen na vaše vaše Desktop.

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc)
Zatvori / deaktivirati svi protu-virus i anti štetnih sadržaja programa tako da ne ometaju Combofix. <- VAŽNO
- Kliknite na ovaj link da biste vidjeli popis programa koji bi trebao biti onemogućen. Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
Dvaput kliknite combofix.exe i slijedite upute.
- Iz tipkovnice odaberite 1 i pritisnite Enter
Kada završite, on će proizvesti prijava za vas.
Pošta da se prijavite u vaš sljedeći odgovor.

Ne mouseclick combofix's prozor dok je pokrenut.
Skeniranje će privremeno onemogućiti Vaš desktop.
Ako je prekinuo svibanj ostavite računalo smrznuta.
Ako se to dogodi, molimo vas da se ponovo pokrenuti vraćanje desktop.

---------------

Next post molimo dodaj
Combofix log

smislu · #3 17 siječanj 2008, 18:03

NoLop! Prijavite by Skate_Punk_21

Škripac trčanje from: C: \ Documents and Settings \ Andrew \ Desktop
[1/18/2008]
[11:38:54]

--- Infekcija datoteka Found/Removed---
C: \ WINDOWS \ zadaci \ AFBBB49A918C2D86.job

Počev Uklanjanje ...
Postupak ponovne inicijalizacije operacijskog sust ...
Uklanjanje landarati's Preostala Datoteke / mape ...
Uređivanje registra ...
** Fix Cijela! **

--- Popis AppData sub direktorije ---

C: \ Documents and Settings \ Administrator \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ dob carstva 3
C: \ Documents and Settings \ All Users \ Application Data \ ispred
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7 - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Google
C: \ Documents and Settings \ All Users \ Application Data \ Great Ugljen Ljubav Default
C: \ Documents and Settings \ All Users \ Application Data \ Installshield
C: \ Documents and Settings \ All Users \ Application Data \ Debug Internet Mess Great - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
C: \ Documents and Settings \ All Users \ Application Data \ Locktime
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Corporation - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia
C: \ Documents and Settings \ All Users \ Application Data \ Nview_profiles - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Popwwprofiles
C: \ Documents and Settings \ All Users \ Application Data \ Quicktime
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
C: \ Documents and Settings \ All Users \ Application Data \ Symantec
C: \ Documents and Settings \ All Users \ Application Data \ Temp - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Ulead Systems
C: \ Documents and Settings \ All Users \ Application Data \ Prikaži Bash Zaključavanje Rdr - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ glediąta
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ WinZip - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Yahoo - PRAZNA Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Adobe
C: \ Documents and Settings \ Andrew \ Application Data \ Adobeaum
C: \ Documents and Settings \ Andrew \ Application Data \ Adobeum
C: \ Documents and Settings \ Andrew \ Application Data \ ispred
C: \ Documents and Settings \ Andrew \ Application Data \ Apple Computer
C: \ Documents and Settings \ Andrew \ Application Data \ Aston - PRAZNA Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Corel
C: \ Documents and Settings \ Andrew \ Application Data \ Cyberlink
C: \ Documents and Settings \ Andrew \ Application Data \ Dvdcss
C: \ Documents and Settings \ Andrew \ Application Data \ Errormags
C: \ Documents and Settings \ Andrew \ Application Data \ Freecap
C: \ Documents and Settings \ Andrew \ Application Data \ Google
C: \ Documents and Settings \ Andrew \ Application Data \ Gtopala
C: \ Documents and Settings \ Andrew \ Application Data \ Hamachi
C: \ Documents and Settings \ Andrew \ Application Data \ Pomoć - PRAZNA Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Identities
C: \ Documents and Settings \ Andrew \ Application Data \ Imvu
C: \ Documents and Settings \ Andrew \ Application Data \ Kazaa Lite
C: \ Documents and Settings \ Andrew \ Application Data \ Lavasoft - PRAZNA Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Leadertech
C: \ Documents and Settings \ Andrew \ Application Data \ Locktime
C: \ Documents and Settings \ Andrew \ Application Data \ Macromedia
C: \ Documents and Settings \ Andrew \ Application Data \ Microsoft
C: \ Documents and Settings \ Andrew \ Application Data \ Mozilla
C: \ Documents and Settings \ Andrew \ Application Data \ Objavi Providers - PRAZNA Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Real
C: \ Documents and Settings \ Andrew \ Application Data \ Sony
C: \ Documents and Settings \ Andrew \ Application Data \ Sony Setup
C: \ Documents and Settings \ Andrew \ Application Data \ nedjelja
C: \ Documents and Settings \ Andrew \ Application Data \ Symantec
C: \ Documents and Settings \ Andrew \ Application Data \ Teamspeak2
C: \ Documents and Settings \ Andrew \ Application Data \ Ubi.com
C: \ Documents and Settings \ Andrew \ Application Data \ Ventrilo
C: \ Documents and Settings \ Andrew \ Application Data \ VLC
C: \ Documents and Settings \ Andrew \ Application Data \ Wholesecurity
C: \ Documents and Settings \ Andrew \ Application Data \ Winrar - PRAZNA Directory
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Networkservice \ Application Data \ Microsoft

ComboFix 08-01-18.3 - Andrew 2008-01-18 11:48:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.620 [11:00 GMT]
Running from: C: \ Documents and Settings \ Andrew \ Desktop \ ComboFix.exe
* Created novu točku vraćanja

UPOZORENJE-ovaj stroj nema Recovery Console Installed!
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ Andrew \ Application Data \ Macromedia \ Flash Player \ # SharedObjects \ QUJR2VX6 \www.broadcaster.com
C: \ Documents and Settings \ Andrew \ Application Data \ Macromedia \ Flash Player \ macromedia.com \ SUPPORT \ flashplayer \ sys \ #www.broadcaster.com
C: \ Documents and Settings \ Andrew \ Application Data \ Macromedia \ Flash Player \ macromedia.com \ SUPPORT \ flashplayer \ sys \ #www.broadcaster.com \ settings.sol
C: \ Program Files \ winupdates
C: \ WINDOWS \ b.exe
C: \ Windows \ System32 \ Drivers \ sfsync02.sys
C: \ WINDOWS \ system32 \ mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((( Driveri / Usluge )))))))) )))))))))))))))))))))))))))))))))))))))))

.
------- \ LEGACY_SFSYNC02
------- \ sfsync02

((((((((((((((((((((((((( Files Created from 2007/12/18 da 2008/01/18 ))))))))))) ))))))))))))))))))))
.

2008-01-18 11:47. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-18 11:39. 2008-01-18 11:42 <DIR> d -------- C: \ NoLopBackups
2008-01-16 23:41. 2008-01-16 23:42 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-15 10:53. 2008-01-15 10:53 <DIR> d -------- C: \ Program Files \ errormags
2008-01-14 23:52. 2008-01-14 23:52 81.920 - a ------ C: \ WINDOWS \ system32 \ frapsvid.dll
2008-01-09 22:56. 2008-01-09 22:56 <DIR> d -------- C: \ WINDOWS \ RegistryCleaner
2008-01-09 22:38. 2008-01-09 22:38 <DIR> d -------- C: \ Program Files \ Real
2008-01-09 22:38. 2008-01-09 22:38 <DIR> d -------- C: \ Program Files \ Common Files \ zajedničko križanje
2008-01-09 22:38. 2008-01-09 22:38 <DIR> d -------- C: \ Program Files \ Common Files \ Real
2008-01-04 11:03. 2008-01-16 11:45 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008-01-04 11:03. 2008-01-04 11:03 1.409 - a ------ C: \ WINDOWS \ QTFont.for
2008-01-03 18:15. 2008-01-09 23:38 <DIR> d -------- C: \ Program Files \ Spyware Terminator
2008-01-02 16:16. 2008-01-02 16:17 <DIR> d -------- C: \ Documents and Settings \ Andrew \ Application Data \ FreeCap
2007-12-31 15:02. 2007-12-31 15:02 <DIR> d -------- C: \ Program Files \ Google
2007-12-28 10:38. 2007-12-28 10:38 552 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2007-12-26 17:37. 2006-09-21 17:35 347.648-RA ------ C: \ Windows \ System32 \ Drivers \ A5AGU.sys
2007-12-26 17:37. 2006-09-21 17:35 149.544-RA ------ C: \ Windows \ System32 \ Drivers \ ar5523.bin
2007-12-26 17:37. 2006-09-21 17:35 24.576-RA ------ C: \ WINDOWS \ system32 \ DWLInst.dll
2007-12-26 17:37. 2007-12-26 17:37 7 - a ------ C: \ WINDOWS \ system32 \ ANIWZCSUSERNAME (1A9887E3-7A5B-4503-9F27-F2AC052C6352)
2007-12-26 17:12. 2007-12-26 17:12 <DIR> d -------- C: \ Program Files \ D-Link
2007-12-26 17:12. 2007-12-26 17:12 <DIR> d -------- C: \ Program Files \ Ani
2007-12-23 10:00. 2007-12-23 10:00 248 - a ------ C: \ WINDOWS \ RomeTW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 00:55 --------- d --- AW C: \ Documents and Settings \ All Users \ Application Data \ Temp
2008-01-17 13:54 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ Lavasoft
2008-01-17 13:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-01-17 03:59 --------- d ----- w C: \ Program Files \ World of Warcraft
2008-01-16 12:42 --------- d ----- w C: \ Program Files \ Lavasoft
2008-01-16 12:41 --------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 12:56 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008-01-15 12:53 --------- d ----- w C: \ Program Files \ Total War
2008-01-15 12:50 --------- d ----- w C: \ Program Files \ Sierra
2008-01-15 10:11 --------- d ----- w C: \ Program Files \ Windows Live Safety Center
2008-01-14 23:54 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ errormags
2008-01-14 23:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ ugalj velike ljubavi default
2008-01-02 05:52 --------- d ----- w C: \ Program Files \ Yahoo!
2008-01-02 05:51 --------- d ----- w C: \ Program Files \ Sony
2007-12-31 02:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ POGLED BASH brave RDR
2007-12-26 12:07 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ dvdcss
2007-12-21 23:32 --------- d ----- w C: \ Program Files \ Alcohol Soft
2007-12-21 06:59 22.328 AW ---- C: \ Windows \ System32 \ Drivers \ PnkBstrK.sys
2007-12-20 21:32 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ Hamachi
2007-12-01 05:58 25.280 AW ---- C: \ Windows \ System32 \ Drivers \ hamachi.sys
2007-11-22 02:37 --------- d ----- w C: \ Program Files \ GALA-NET
2007-08-22 03:16 952 - SHA-w C: \ WINDOWS \ system32 \ KGyGaAvL.sys
2007-05-20 08:59 730.843-csha-w C: \ WINDOWS \ system32 \ sstwa.bak1
2007-06-02 06:11 770.006-csh - w C: \ WINDOWS \ system32 \ sstwa.bak2
2007-06-02 06:13 768.855-csh - w C: \ WINDOWS \ system32 \ sstwa.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"creativemore" = "C: \ DOCUME ~ 1 \ Andrew \ APPLIC ~ 1 \ ERRORM ~ 1 \ Mp3Sect.exe" [2008-01-15 10:53 457216]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" [2006-03-31 08:45 313472]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 00:56 15360]
"AlcoholAutomount" = "C: \ Program Files \ Alcohol Soft \ Alcohol 52 \ axcmd.exe" [2007-07-02 21:22 219008]
"Fraps" = "C: \ FRAPS \ FRAPS.EXE" [2008-01-14 23:53 913064]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e Xe" [2001-07-09 11:50 155648]
"NeroCheck" = "C: \ WINDOWS \ system32 \ \ NeroCheck.ex e" [2001-07-09 11:50 155648]
"nwiz" = "nwiz.exe" [2006-10-22 13:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"WinFast Schedule" = "C: \ Program Files \ WinFast \ WFTVFM \ WFWIZ.exe" [2006-03-21 06:53 327680]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 13:22 7700480]
"SpyHunter" = "" []
"ISUSPM Startup" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2005-08-11 16:30 81920]
"WinampAgent" = "C: \ Program Files \ Winamp \ winampa.exe" [2007-05-15 09:22 35328]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-04-27 10:41 282624]
"Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe" [2005-06-07 00:46 57344]
"D-Link AirPlus XtremeG" = "C: \ Program Files \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe" [2006-07-07 11:56 1323008]
"ANIWZCS2Service" = "C: \ Program Files \ Ani \ ANIWZCS2 Service \ WZCSLDR2.exe" [2006-06-01 16:59 49152]
"Ljubite zadani globalni nered" = "C: \ Documents and Settings \ All Users \ Application Data \ ugalj velike ljubavi default \ Treće mp3.exe" [2008-01-18 11:56 1972224]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-01-09 22:38 185896]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"RunNarrator" = "Narrator.exe" [2004-08-04 00:56 53760 C: \ WINDOWS \ system32 \ narrator.exe]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe [2005-09-23 23:05:26]
VIA RAID TOOL.lnk - C: \ Program Files \ VIA \ RAID \ raid_tool.exe [2004-11-12 17:31:02]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \ WBSrv]
C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ wbsrv.dll 2007-11-02 11:47 120056 C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA]
Notification Packages REG_MULTI_SZ: \ WINDOWS \ syste

R0 viamraid; viamraid; C: \ Windows \ System32 \ Drivers \ viam raid.sys [2004-05-18 19:55]
R3 WFIOCTL; WFIOCTL; C: \ Program Files \ WinFast \ WFTVFM \ WFIOCTL.SYS [2005-01-07 08:55]
S3 A5AGU; D-Link USB adapter Wireless Network Service; C: \ Windows \ System32 \ Drivers \ A5AGU.sys [2006-09-21 17:35]
S3 alcan5ln; SpeedTouch (tm) USB ADSL RFC1483 Networking Driver (NDIS) C: \ Windows \ System32 \ Drivers \ alcan5ln.sys [2003-12-08 12:53]
S3 cel90xbe; cel90xbe; C: \ DOCUME ~ 1 \ Andrew \ Mještani ~ 1 \ Temp \ cel90xbe.sys []

.
Sadržaj je 'Scheduled Tasks' folder
"2007-07-02 21:07:00 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
"2008-01-17 09:29:40 C: \ WINDOWS \ Tasks \ Symantec NetDetect.job"
- C: \ Program Files \ Symantec \ LiveUpdate \ NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-01-18 11:56:12
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
--------------------- Loaded DLL datoteke koje Under Running Processes ---------------------

PROCES: C: \ WINDOWS \ explorer.exe [6.00.2900.3156]
-> C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ tray.dll
.
Completion time: 2008-01-18 11:59:05 - machine je ponovno podizanje sustava
ComboFix-u karanteni-files.txt 2008-01-18 00:59:02
.
2008-01-16 12:15:55 --- EOF ---

**evilfantasy** · #4 17 siječanj 2008, 18:27

Tražite dobru tako daleko.

Molimo download DrWeb CureIt & Spremili na radnu površinu.

Skeniraj sa DrWeb-CureIt kako slijedi:

Dvaput kliknite na drweb-cureit.exe a zatim Početak.
An Express skeniranja računala obavijesti će se pojaviti.
Pod Pokrenite Express Scan Now Kliknite U redu za početak.
- Ovo je kratka skeniranja koji će skenirati datoteke trenutno izvodi u memoriji.
- Ako ili kada nešto nije pronađena, kliknite na Da gumb kad ga pita želite li izliječiti ga.
Nakon što je kratko scan završite, kliknite Opcije> Promijeni postavke
Izaberite Scan karticu i Isključi Heurističan analiza i kliknite U redu
Natrag na glavnom prozoru, odaberite Cijela scan gumb.
Zatim kliknite na Green Arrow Start Scanning gumb na desnoj strani, a počet će skenirati.
- Kliknite Da za sve ako se pita ako želite liječiti / pomaknuti bilo koju datoteku (e).
Kada se vrši skeniranje.
U Dr.Web CureIt lijevom izborniku na vrhu, kliknite na Datoteka te odabrati Spremi izvješće lista.
Spremite DrWeb.csv Izvještaj na svoj Desktop.
Izlaz Dr.Web Cureit.

Važno! Ponovno pokrenuti računalo, jer bi to moglo biti moguće da se datoteka u upotrebi će biti premještena / obrisane tijekom rada računala.

Nakon što ponovno podizanje sustava, Desnom tipkom miša kliknite Dr.Web se prijavite na radnu površinu i izabrati Otvori S> Notepad
Kopirajte i zalijepite da se prijavite u sljedećem odgovoru

----------

Pokreni novu Hijackthis skenirati i poslati log.

----------

Next post molimo dodaj
Dr. Web log
Novi Hijackthis log

smislu · #5 17 siječanj 2008, 19:08

Internet navika pustiti mene zapravo preuzeti drweb curit reći mene stranici ne može biti prikazana kada sam pokušati preuzeti klikom

**evilfantasy** · #6 17 siječanj 2008, 19:13

Probaj ovaj link.

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

smislu · #7 17 siječanj 2008, 19:15

kaže istu stvar>. <

**evilfantasy** · #8 17 siječanj 2008, 19:20

Čudno, pokušat ćemo drugi put onda.

Preuzmite ATF čistiju by Atribune. ATF Cleaner.exe

Uvjerite se da sve su zatvorene prozore preglednika.

Dvokliknite ATF-Cleaner.exe za pokretanje programa.
Pod Glavna odaberite: Odaberi Sve i Isključi Cookies.
Kliknite Prazan Izdvojeno gumb.

Ako koristite Firefox preglednik

Kliknite Firefox na vrhu i odaberite: Odaberi Sve i Isključi Cookies.
Kliknite Prazno Odabrana gumb.
NAPOMENA: Ako želite zadržati svoje spremljene lozinke, molimo Vas kliknite Ne na redak.

Ako koristite Opera preglednik

Kliknite Opera na vrhu i odaberite: Odaberi Sve i Isključi Cookies.
Kliknite Prazan Izdvojeno gumb.
NAPOMENA: Ako želite zadržati svoje spremljene lozinke, molimo Vas kliknite Ne na redak.

Kliknite Izlaz na glavnom izborniku ATF čistiju zatvoriti program.

---------------

Idi na Ovaj post i dobiti protušpijunski AVG. Slijedite upute kako konfigurirati ga, očistite i spremite je prijava za sljedeći post.

Next post molimo dodaj
AVG log
Novi Hijackthis log

smislu · #9 17 siječanj 2008, 20:27

couldnt pronašli su avg je napravio log file ... pa ja pravedan je uzeo screenshot onoga što je pronađeno ... nadu u još uvijek možete dobiti dodatne informacije u potrebi iz tog

http://img253.imageshack.us/my.php?image=avgak0.png

O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" start
O4 - HKLM \ .. \ Run: [WinampAgent] C: \ Program Files \ Winamp \ winampa.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [D-Link AirPlus XtremeG] C: \ Program Files \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe
O4 - HKLM \ .. \ Run: [ANIWZCS2Service] C: \ Program Files \ Ani \ ANIWZCS2 Service \ WZCSLDR2.exe
O4 - HKLM \ .. \ Run: [Love zadani globalni nered] C: \ Documents and Settings \ All Users \ Application Data \ ugalj velike ljubavi default \ Treće mp3.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizirane
O4 - HKCU \ .. \ Run: [creativemore] C: \ DOCUME ~ 1 \ Andrew \ APPLIC ~ 1 \ ERRORM ~ 1 \ Mp3Sect.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" ponovno podizanje sustava AcRdB7_0_8-1
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Program Files \ Alcohol Soft \ Alcohol 52 \ axcmd.exe" / automount
O4 - HKCU \ .. \ Run: [Fraps] C: \ FRAPS \ FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C: \ Program Files \ VIA \ RAID \ raid_tool.exe
O8 - Extra kontekst meni stavka: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra kontekst meni stavka: & Translate Engleski Word - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra kontekst meni stavka: Povratni Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra kontekst meni stavka: Predmemorirano snimka Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Similar Pages - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra kontekst meni stavka: Prevedi na engleski Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O14 - IERESET.INF: START_PAGE_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (27527D31-447B-11D5-A46E-0001023B4289) (CoGSManager Class) -- http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: (2917297F-F02B-4B9D-81DF-494B6333150B) (minolovac Zastave klase) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (2BC66F54-93A8-11D3-BEB6-00105AA9B6AE) (Symantec AntiVirus skener) -- http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O17 - HKLM \ System \ CS1 \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ programa ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ programa ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Obavijesti: WBSrv - C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ wbsrv.dll
O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc - C: \ Program Files \ Ani \ ANIWZCS2 Service \ ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown vlasnika - C: \ Program Files \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ Win32 \ RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown vlasnika - C: \ Program Files \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ RpcSandraSrv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Program Files \ Alcohol Soft \ Alcohol 52 \ StarWind \ StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown vlasnika - C: \ Program Files \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown vlasnika - C: \ WINDOWS \ system32 \ UAService7.exe

**evilfantasy** · #10 17 siječanj 2008, 20:39

Taj fine, I uglavnom žele da vide da ste izbrisali / karanteni što je pronađen. Mnogi ljudi se sat pokretanje skeniranja i koristiti Nema radnje opciju. Profućkan vremena .............

Ti odstrani gornji dio HJT log. Trebate cijelu stvar posted.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Iexplore.exe	electra369	Virus, Spyware i sigurnost	1	12 siječanj 2009 00:16
Iexplore virus i još neki?	rreiss	Virus, Spyware i sigurnost	1	19. listopad 2008 18:46
Iexplore.exe # 3	jman8700	Virus, Spyware i sigurnost	8	29. svibanj 2008 10:39
Iexplore.exe # 2	opetke	Virus, Spyware i sigurnost	3	3. veljača 2008 16:18
Iexplore.exe	rsteenoven	Virus, Spyware i sigurnost	19	16 siječanj 2008 14:02