manji kapital -

Magazine
Go Back   Computer soka > Computer Software > Virus, Spyware i sigurnost
Reload this Page

Iexplore.exe

Registracija Mapa Spy Member List Donacije Pretraživanje Today's Posts Označi Sve Forume Kao Pročitane Forum Rules

Register


 Default 

Iexplore.exe




Reply
Stranica 1 od 2 1 2
 
Thread Tools
  #1  
Old 15 siječanj 2008, 11:50
Member Group
  
Pročitao sam da je to loše, JA dont 'imati Internet Explorer otvoreni, ali se i dalje prikazuju u mojim zadaća voditelj (ja dont misliti Internet bi trebao biti u glavice), To je usporavanje moj računalo. Je li to virus? spyware etc?

Kako da maknem to?
  #2  
Old 15 siječanj 2008, 11:59
Moderator / ica grupe
  
Omogućava Brza izgled.
Preuzmite i preimenovanje HijackThis (HJT)
  • Dvaput kliknite na HJTInstall.
  • Kliknite na Instalacija gumb.
  • Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Nakon instaliranja, HijackThis trebali otvoriti za vas.
    • Zatvori HijackThis i preimenujte ga.
    • Idi na C: \ Program Files \ Trend Micro \HijackThis.exe
    • Desnom tipkom miša kliknite na HijackThis.exe i odaberite Preimenovanje.
    • Upišite sniper.exe i pritisnite Enter.
    • Desnom tipkom miša kliknite na sniper.exe i odaberite Pošalji na > Desktop (stvoriti prečac)
  • Iz otvorenih HiackThis desktop.
  • Ako koristite sustav Windows Vista, svakako Pokreni kao administrator
  • Kliknite na Da li je sustav skenirati i spremanje log datoteku button
  • HijackThis ce skenirati a zatim i prijava će se otvoriti u Notepad.
  • Kopirajte i zalijepite zatim se prijavite u vaš post.
    • Ne Hijackthis su riješili ništa još. Većina onoga što će se pronađe bezopasni ili čak zahtijeva.
Iako smo na Preimenovali HijackThis snajper, mi ćemo i dalje se odnosi na to kao HijackThis ili HJT.
__________________
  #3  
Old 15 siječanj 2008, 12:08
Member Group
  
Iz nekog razloga ja licemjerje vidjeti IEXPLORE.EXE ovdje, ali je svakako u tm

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 7:02:55 Na 1/15/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ wmplayer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Druga šišmiš kreativni vrh] C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 7104 bytes
  #4  
Old 15 sij 2008, 12:29
Moderator / ica grupe
  
Da li imaju neke loše infekcija.

Korak 1

Molimo download NoLop.exe na radnu površinu:
  • Zatvori imate bilo kakve programe prikazuju jer je potrebno ponovno pokrenuti
  • Dvaput kliknite na NoLop.exe da ga
  • Zatim kliknite na gumb s oznakom: Pretraživanje i uništiti
    <<your računalo sada će biti skenirani za zaražene files>>
  • Kada se skeniranje završi, ako je zaraženo, od vas će se tražiti da ponovno pokrenete
  • Kliknite OK
  • Sada kliknite na: Reboot
  • Poruka trebali popup iz NoLop. Ako ne, Dvoklik program opet i ona će završiti.
  • Post sadržaj C: \ NoLop.log u sljedećem odgovoru.
Napomena: Ako primate pogrešku "mscomctl.ocx ili jedan od njegovih zavisnosti nisu ispravno registrirani, molimo preuzmite mscomctl.ocx na svoj system32 mapu onda ponovi program.

---------------

Korak 2
Preuzimanje SUPERAntispyware Free Edition (SAS)
  • Dvaput pritisnite ikonu na radnoj površini da biste pokrenuli instalacijski program.
  • Upitan da Ažurirati program definicije, kliknite Da
  • Kliknite na Next Preferences gumb.
  • Kliknite Skeniranje Control tab.
  • Pod Scanner Opcije Pobrinite se samo sljedeće se provjeravaju:
    • Zatvori preglednici prije skeniranja
    • Scan for tracking cookies
    • Raskinuti memorije prijetnje prije quarantining
    • Molimo ostavite drugima neprovjeren.
    • Kliknite na Zatvori gumb da napuste centar ekrana.
  • Kliknite Zatvoriti dugme za kontrolu napustiti središte zaslona.
  • Na glavnom ekranu kliknite Skenirajte svoje računalo
  • Na lijevoj check C: \ Fiksni Drive
  • Na pravo odabrati Obavi Cijela Scan
  • Kliknite Dalje da biste započeli pretraživanje. Budite strpljivi dok skenira vaše računalo.
  • Nakon skeniranja je kompletan rezime pojavit će se okvir. Kliknite U redu
  • Provjerite je li sve u bijeloj kutiji ima check pored nje, a zatim kliknite Dalje
  • Ona će se što je pronađena u karantenu, a ako ga pita ako želite ponovno podizanje sustava, kliknite Da
  • Da biste preuzeli uklanjanje informacija molimo učinite slijedeće:
    • Nakon što ponovno podizanje sustava, dvokliknite SUPERAntiSpyware ikone na radnoj površini.
    • Kliknite Preferences. Kliknite Statistika / Evidencije tab.
    • Pod Scanner Evidencije, dvokliknite SUPERAntiSpyware Scan Log.
    • To će otvoriti u zadani uređivač teksta (npr. Notepad / WordPad).
    • Spremite notepad datoteku na radnu površinu tako da kliknete (u Notepad) "Datoteka""Save As"
  • Spremi zapisničku negdje možete lako pronaći. (normalno desktop)
  • Kliknite bliska i opet zatvori za izlaz iz programa.
  • Molimo kopirajte i potom zalijepite prijaviti u vaš post.
----------

Korak 3

Pokreni novu Hijackthis skenirati i poslati log

----------

Next post molimo dodati.
Sadržaj C: \ NoLop.log
SuperAntispyware log
Novi Hijackthis log

On svibanj uzeti više od jedan post kako biste dobili sve u logove posted. To je u redu ako je potrebno.
__________________
  #5  
Old 15 siječanj 2008, 13:41
Member Group
  
Nolop log:

NoLop! Prijavite by Skate_Punk_21

Škripac trčanje from: C: \ Program Files \ Mozilla Firefox
[1/15/2008]
[7:34:10]

--- Infekcija datoteka Found/Removed---
C: \ WINDOWS \ zadaci \ ADB7C425918477B9.job

Počev Uklanjanje ...
Postupak ponovne inicijalizacije operacijskog sust ...
Uklanjanje landarati's Preostala Datoteke / mape ...
Uređivanje registra ...
** Fix Cijela! **

--- Popis AppData sub direktorije ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus! - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Pomoć
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Temp - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Avg7 - PRAZNA Directory
C: \ Documents and Settings \ Localservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Xfire - PRAZNA Directory
C: \ Documents and Settings \ Networkservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Networkservice \ Application Data \ Xfire - PRAZNA Directory
C: \ Documents and Settings \ Richard \ Application Data \ Adobe
C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
C: \ Documents and Settings \ Richard \ Application Data \ Avg7
C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
C: \ Documents and Settings \ Richard \ Application Data \ Divx
C: \ Documents and Settings \ Richard \ Application Data \ dna
C: \ Documents and Settings \ Richard \ Application Data \ Dvdcss
C: \ Documents and Settings \ Richard \ Application Data \ Fotowire
C: \ Documents and Settings \ Richard \ Application Data \ Gtk-2,0
C: \ Documents and Settings \ Richard \ Application Data \ Identities
C: \ Documents and Settings \ Richard \ Application Data \ Installshield
C: \ Documents and Settings \ Richard \ Application Data \ Macromedia
C: \ Documents and Settings \ Richard \ Application Data \ Microsoft
C: \ Documents and Settings \ Richard \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Richard \ Application Data \ Mozilla
C: \ Documents and Settings \ Richard \ Application Data \ Objavi Providers - PRAZNA Directory
C: \ Documents and Settings \ Richard \ Application Data \ Real
C: \ Documents and Settings \ Richard \ Application Data \ Smartftp
C: \ Documents and Settings \ Richard \ Application Data \ Sony
C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
C: \ Documents and Settings \ Richard \ Application Data \ nedjelja
C: \ Documents and Settings \ Richard \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Richard \ Application Data \ VLC
C: \ Documents and Settings \ Richard \ Application Data \ Waybowsreal
C: \ Documents and Settings \ Richard \ Application Data \ Xfire


Super anti spyware log:

SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 01/15/2008 at 08:32

Application Version: 3/9/1008

Core Pravila Database Version: 3380
Trace Pravila Database Version: 1374

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 00:46:41

Memorija predmeta skenirane: 385
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 5574
Matični prijetnje otkrivena: 0
File skenirane podatke: 40825
File prijetnje otkrivena: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ maniok [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ posluživanje-sys [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ carphonewarehouse .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ UK [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ doubleclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ oglašavanja [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca sino [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ Lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ neto-prihod [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl ive [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ mediaplex [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ partypoker [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ zedo [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ tradedoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ a [1]. Txt

Adware.180solutions/ZangoSearch
C: \ SYSTEM Volume INFORMACIJE \ _RESTORE (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Hi jack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 8:38:58 Na 1/15/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Druga šišmiš kreativni vrh] C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 7041 bytes


Nadam se da ovo je dovoljno
  #6  
Old 15 siječanj 2008, 13:57
Moderator / ica grupe
  
Otvori HijackThis i odaberite Da li je sustav skenirati samo zatim staviti kvačica pored:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)


Zatvori sve prozore osim HijackThis i kliknite Fix checked

Izlaz Hijackthis.

----------

Molimo, preuzmite Combofix by sUBs jedan od linkova ispod.
(Isprobajte sve tri ako je potrebno)VAŽNO - Combofix.exe MORA biti spremljen na vaše vaše Desktop.
  • Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc)
  • Zatvori / deaktivirati svi protu-virus i anti štetnih sadržaja programa tako da ne ometaju Combofix. <- VAŽNO
    • Kliknite na ovaj link da biste vidjeli popis programa koji bi trebao biti onemogućen. Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
  • Dvaput kliknite combofix.exe i slijedite upute.
    • Iz tipkovnice odaberite 1 i pritisnite Enter
  • Kada završite, on će proizvesti prijava za vas.
  • Pošta da se prijavite u vaš sljedeći odgovor.
Ne mouseclick combofix's prozor dok je pokrenut.
Skeniranje će privremeno onemogućiti Vaš desktop.
Ako je prekinuo svibanj ostavite računalo smrznuta.
Ako se to dogodi, molimo vas da se ponovo pokrenuti vraćanje desktop.


----------

Sljedeća post
Combofix log
__________________
  #7  
Old 15 siječanj 2008, 14:06
Member Group
  
ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Running from: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
* Created novu točku vraćanja

UPOZORENJE-ovaj stroj nema Recovery Console Installed!
.

((((((((((((((((((((((((( Files Created from 2007/12/15 da 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - a ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - a ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - HS ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Živjeti
2008-01-03 18:00. 2008-01-15 19:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Tehnologija
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client Setup Files 2,5
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Providers Objavi
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - a ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a ------ C: \ Windows \ System32 \ Drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a ------ C: \ Windows \ System32 \ Drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Temp
2007-12-24 17:11. 2007-07-30 19:19 271.224 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - a ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2,0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Thumbnails
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ širit-2,0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Širit 2,4 -
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 20:56 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ smjelost
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - a ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr.-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Pomoć
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ VLC
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ zajedničko križanje
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 AW ---- C: \ Windows \ System32 \ Drivers \ PnkBstrK.sys
2008-01-15 17:46 107.832 AW ---- C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 AW ---- C: \ Program Files \ install.log
2008-01-11 19:06 66.872 AW ---- C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 AW ---- C: \ Windows \ System32 \ Drivers \ secdrv.sys
2007-12-07 18:43 499.712 AW ---- C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-07 18:43 348.160 AW ---- C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007-12-07 17:44 4.716 AW ---- C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 01:33 823.296 AW ---- C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007-12-04 01:33 823.296 AW ---- C: \ WINDOWS \ system32 \ divx_xx07.dll
2007-12-04 01:33 802.816 AW ---- C: \ WINDOWS \ system32 \ divx_xx11.dll
2007-12-04 01:33 682.496 AW ---- C: \ WINDOWS \ system32 \ DivX.dll
2007-11-29 22:30 524.288 AW ---- C: \ WINDOWS \ system32 \ DivXsm.exe
2007-11-29 22:30 3.596.288 AW ---- C: \ WINDOWS \ system32 \ QT-dx331.dll
2007-11-29 22:30 200.704 AW ---- C: \ WINDOWS \ system32 \ ssldivx.dll
2007-11-29 22:30 1.044.480 AW ---- C: \ WINDOWS \ system32 \ libdivx.dll
2007-11-29 22:28 81.920 AW ---- C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-29 22:28 196.608 AW ---- C: \ WINDOWS \ system32 \ dtu100.dll
2007-11-28 21:55 156.992 AW ---- C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007-11-28 21:53 593.920 AW ---- C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007-11-28 21:53 57.344 AW ---- C: \ WINDOWS \ system32 \ dpv11.dll
2007-11-28 21:53 53.248 AW ---- C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007-11-28 21:53 344.064 AW ---- C: \ WINDOWS \ system32 \ dpus11.dll
2007-11-28 21:53 294.912 AW ---- C: \ WINDOWS \ system32 \ dpu11.dll
2007-11-28 21:53 294.912 AW ---- C: \ WINDOWS \ system32 \ dpu10.dll
2007-11-28 21:52 12.288 AW ---- C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007-11-21 18:23 81.920 AW ---- C: \ WINDOWS \ system32 \ frapsvid.dll
2007-10-18 11:31 51.224 AW ---- C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Drugi šišmiš kreativni vrhunac" = "C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ Windows \ System32 \ Drivers \ CamDrL2 1.sys [2004-02-14 04:09]

* Nedavno Created Service * - PROCEXP90
.
Sadržaj je 'Scheduled Tasks' folder
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
Completion time: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---
  #8  
Old 15 siječanj 2008, 14:58
Moderator / ica grupe
  
Izbriši ove datoteke / mape, kako slijedi:

1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad.
To morati biti Notepad, WordPad ne.
  • Kliknite Početak , Zatim Pokrenuti
  • Vrsta notepad.exe u Trčanje kutija.
2. Kopirajte bold u nastavku teksta po označavanje svih tekstualnih i pritiskom na Ctrl + C


File:
C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe
C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe

Registra:
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Drugi šišmiš kreativni vrhunac" =-


3. Idi na Notepad prozor i kliknite na Uredi > Zalijepi
4. Zatim kliknite na Datoteka > Spremiti
5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop
6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo!



ComboFix će se početi izvršavati, samo slijedite upute.
Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas.
Pošta koja log (Combofix.txt) u sljedeći odgovor.

Napomena: Ne mouseclick combofix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje

----------

Pokreni novu Hijackthis skenirati i poslati log.

----------

Sljedeća post
Combofix log
Novi Hijackthis log
__________________
  #9  
Old 15 siječanj 2008, 15:07
Member Group
  
ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Running from: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Richard \ Desktop \ CFScript.txt
* Created novu točku vraćanja

UPOZORENJE-ovaj stroj nema Recovery Console Installed!

SLIKA
C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe

.
((((((((((((((((((((((((( Files Created from 2007/12/15 da 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - a ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - a ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - HS ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Živjeti
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Tehnologija
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client Setup Files 2,5
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Providers Objavi
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - a ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a ------ C: \ Windows \ System32 \ Drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a ------ C: \ Windows \ System32 \ Drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - A - C --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Temp
2007-12-24 17:11. 2007-07-30 19:19 271.224 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - a ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2,0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Thumbnails
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ širit-2,0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Širit 2,4 -
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ smjelost
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - a ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr.-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Pomoć
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ VLC
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ zajedničko križanje
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 AW ---- C: \ Windows \ System32 \ Drivers \ PnkBstrK.sys
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 AW ---- C: \ Program Files \ install.log
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 AW ---- C: \ Windows \ System32 \ Drivers \ secdrv.sys
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007-12-07 17:44 4.716 AW ---- C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-01-15 21:03:50 225.280 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ NTUSER.DAT
+ 2008-01-15 22:03:02 225.280 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ NTUSER.DAT
- 2008-01-15 21:03:50 8.192 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
- 2008-01-15 21:03:50 229.376 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ NTUSER.DAT
+ 2008-01-15 22:03:02 229.376 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ NTUSER.DAT
- 2008-01-15 21:03:50 8.192 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ NTUSER.DAT
+ 2008-01-15 22:03:02 3.670.016 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ NTUSER.DAT
- 2008-01-15 21:03:50 208.896 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
+ 2008-01-15 22:03:02 208.896 AW ---- C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe" []
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Drugi šišmiš kreativni vrhunac" = "C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ Windows \ System32 \ Drivers \ CamDrL2 1.sys [2004-02-14 04:09]

.
Sadržaj je 'Scheduled Tasks' folder
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
Completion time: 2008-01-15 22:06:11 - machine je ponovno podizanje sustava
ComboFix-u karanteni-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 10:07:19, dana 1/15/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Druga šišmiš kreativni vrh] C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 6716 bytes
  #10  
Old 15 siječanj 2008, 15:29
Moderator / ica grupe
  
Idi na My Computer-> Tools-> Folder Options-> View Kartica:
  • Pod Skrivene datoteke i mape zaglavlje:
  • Odaberi Prikaži skrivene datoteke i mape.
  • Isključi Sakrij zaštićen operativni sistem kartoteka (preporučeno) opciju.
  • Također, budite sigurni da nema kvačica pored Sakrij nastavke za poznate vrste datoteka.
  • Kliknite U redu

----------

Pritisnite Ctrl + Alt + izbrisati da prenesu gore Process Monitor. Kliknite karticu Procesi i ubiti procese za

lite.exe <<Ili mrtvi Lite.exe
noun.exe <<Nurb Ili više noun.exe

----------

Otvori HijackThis i odaberite Da li je sustav skenirati samo zatim staviti kvačica pored: (ako se nađe)

O4 - HKLM \ .. \ Run: [Druga šišmiš kreativni vrh] C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \ mrtvih lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb više noun.exe

Zatvori sve prozore osim HijackThis i kliknite Fix checked

Izlaz Hijackthis.

----------

Otvorite My Computer na desktopu i locathe i brisanje tih slika. (ako se nađe)

C: \ Documents and Settings \ All Users \ Application Data \ Axis readme Drugo Bat \mrtva lite.exe

C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \Nurb više noun.exe

----------

Molimo trčanje F-Secure Online Scanner

Napomena: Ovaj Skener radi sa Internet Explorer Samo!
  • Pomaknite se na dno stranice i kliknite na gumb Start scanning. Prozor će pop up.
  • Omogućiti Active X kontrole da se instalira na vaše računalo, a zatim kliknite gumb Prihvati
  • Kliknite Full System Scan i dopustiti komponentama za preuzimanje i scan to kompletan.
  • Ako se utvrdi štetnih sadržaja, provjerite Submit uzoraka za F-Secure a zatim odaberite Automatsko čišćenje
  • Prilikom čišćenja ima finitished, kliknite na Prikaži izvješće (to će otvoriti prozor programa Internet Explorer koja sadrži izvješća)
  • Označite i kopirajte (Ctrl + C) kompletan izvještaj, a Zalijepi (Ctrl + V) u novom odgovorite na ovaj post
    • Ako Automatsko čišćenje s Submit uzoraka smrzne, kliknite Odustani, Zatim Novo pretraživanje
  • Kada je opcija čišćenje predstavljaju, Isključi Submit uzoraka za F-Secure
  • Kliknite Automatsko čišćenje
  • Prilikom čišćenja ima finitished, kliknite Prikaži izvješće (ovaj će se otvoriti prozor programa Internet Explorer koja sadrži izvješća)
  • Označite i kopirajte (Ctrl + C) kompletan izvještaj, a Zalijepi (Ctrl + V) u novom odgovorite na ovaj post
  • Ovaj skeniranja može potrajati poprilično vremena, stoga molimo da budete strpljivi

----------

Next post dodaj
F-Secure log
Novi Hijackthis log
__________________
Reply
Stranica 1 od 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer soka.
Kontakt -- Privatnost -- Sitemap -- Vrh

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc