[sungod000]

Hi there,
Primijetio sam ja imao problema kad sam čuo tajanstveno glazba svira. JA ček i vidjeh gomila IEXPLORE.EXE procesi prikazuju.

I ran NAV, Ad-Aware, Branitelj, a zatim slijede upute koje ste pružili. Hvala unaprijed za pomoć. Evo logs:



SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 01/19/2008 at 08:53

Application Version: 3/9/1008

Core Pravila Database Version: 3384
Trace Pravila Database Version: 1378

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 01:01:52

Memorija predmeta skenirane: 576
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 7837
Matični prijetnje otkrivena: 0
File skenirane podatke: 66011
File prijetnje otkrivena: 60

Adware.Tracking Cookie
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ advertpro [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ revsci [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ cgi-bin [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ eyewonder [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ HC [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@sales.liveperson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ html [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.burstnet [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.crackpassword [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@umkxup22.unitedme DIA [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@click.mgg01 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adcentriconline [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ad1.soundpedia [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adbrite [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ indiads [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@microsoftwga.112. 2o7 [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.cnn [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.monster [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.iad.livepe rson [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads3.blastro [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@mailtrack.rnm [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@track.bestbuy [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ atwola [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ 85084061 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ partypoker [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.as4x.tmcs [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ xiti [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ tribalfusion [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman ager [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman ager [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ adbrite [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ adecn [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ads.128b [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@adserver.ea syad [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ apmebf [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ atdmt [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ banner [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ clicksor [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ doubleclick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ povećati [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ euros4click [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ fastclick [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ findwhat [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ partypoker [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ pro-market [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ statcounter [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@stats.adbri te [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ toseeka [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@tracker.aff istats [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.findit-quick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goodcli ckz [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.kikclic k [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ zedo [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ zedo [3]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ burstnet [2]. Txt







# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2806 (20080118)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 5ac60436be4e8c4d8b34206de1ddeb01
# End = završio
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-19 03:34:06
# Local_time = 2008-01-19 10:34:06 (-0500, Eastern Standard Time)
# Zemlje = "United States"
# Osver = 5/1/2600 NT Service Pack 2
Skenirane = # 394948
# Pronašao = 14
# Scan_time = 2493
C: \ MSInfnd.exe vjerojatno varijanta Win32/Hupigon trojanskih (nesposoban to čist - izbrisan) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc više infiltrations (obrisano) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» BlackBox.class jedna varijanta Java / ClassLoader trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objekta - pogreška tijekom brisanjem - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» VerifierBug.class JS / IEStart.G trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objektno - pogrešku pri brisanju - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» Dummy.class Java / NoCheat.B trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objektno - pogrešku pri brisanju - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-3f7c5e12 jedna varijanta Java / ClassLoader trojanskih (obrisano) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-3f7c5e12 »ZIP» BlackBox.class jedna varijanta Java / ClassLoader trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objekta - pogreška tijekom brisanjem - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d više infiltrations (obrisano) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» BlackBox.class jedna varijanta Java / ClassLoader trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objekta - pogreška tijekom brisanjem - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» VerifierBug.class JS / IEStart.G trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objektno - pogrešku pri brisanju - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ nedjelja \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» Dummy.class Java / NoCheat.B trojanskih (pogreška tijekom čišćenje - operacija nije dostupan za ovu vrstu objektno - pogrešku pri brisanju - operacija nije dostupan za ovu vrstu objekata - bila dio je izbrisan objekt) 00000000000000000000000000000000
C: \ Program Files \ Common Files \ Microsoft Shared \ MSInfo \ MSInfnd.exe vjerojatno varijanta Win32/Hupigon trojanskih (nesposoban to čist - izbrisan) 00000000000000000000000000000000
C: \ WINDOWS \ system32 \ _MSInfnd.exe vjerojatno varijanta Win32/Hupigon trojanskih (nesposoban to čist - izbrisan) 00000000000000000000000000000000
D: \ MSInfnd.exe vjerojatno varijanta Win32/Hupigon trojanskih (nesposoban to čist - izbrisan) 00000000000000000000000000000000








Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 10:55:08, dana 01/19/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Program Files \ Dell \ živa \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround mikser \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ DOCUME ~ 1 \ sundeep \ Mještani ~ 1 \ Temp \ clclean.0001
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security konzole \ NSCSRVCE.EXE
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ System32 \ Msiexec.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / TF Intel PROSet / Bežični
O4 - HKLM \ .. \ Run: [Dell živa] C: \ Program Files \ Dell \ živa \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / pokretanja
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround mikser \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [upornost] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel i sloj apstrakcije hardvera] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
O9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O10 - Broken Internet pristup zbog LSP provider 'c: \ program files \ bonjour \ mdnsnsp.dll' nestalo
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ programa ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Planer - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec licenciranje Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown vlasnika - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security konzole \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown vlasnika - C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / wirelessom (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11743 bytes

[evilfantasy]

Dobrodošli na TCF.


Otvori HJT i odaberite Da li je sustav skenirati samo zatim staviti kvačica pored:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)

Zatvori sve prozore osim HJT i kliknite Fix checked.

----------

• Dvaput kliknite na preuzetu datoteku da biste pokrenuli instalaciju.

Tijekom instalacije:

• Ostavite sve postavke na default, osim TeaTimer (pazite da isključite opciju prilikom instalacije)
• Teatimer može biti izvor krmak i blok za uklanjanje zlonamjernih programa nekih problema.
  • Ako već imate omogućen TeaTimer, vidi dno ovaj post o tome kako ga isključiti.
• Da li je preporučila registry backup.
• Tijekom instaliranja suglasni da Search for updates sada instalirati sve nadopune.
• Slažem se Cijepiti sustav.
• Provjerite da li napustiti SDhelper (IE loąih download bloker) ček za instalaciju.

Nakon instalacije:

• Uvijek provjerite ažurirane prije pokretanja skeniranja.
• Ako ste dobili loš provjerava greška našto težak to ažurirati, samo odabrati neku drugu lokaciju poslužitelja.
• Također potražite na Cijepiti značajka u Spybot i koristiti ga.
  • Prvo, u lijevom stupcu kliknite na ikonu cijepiti i to će provjeriti da vidi što se treba cijepiti.
  • Nakon što to završi, ostavite zadane postavke i kliknite na zelen plus znak na vrhu koji kaže Cijepiti.
• Zatvoriti ALLprozore preglednika.
• Sada kliknite na Search & Destroy ikonu. (gore lijevo)
  
• Zatim na gornjem izborniku kliknite na Provjerite postoje li problemi gumb za pokretanje scan.
  
  • Budite strpljivi, ovo može potrajati izvoditi.
    
  • Napredak će se prikazati na traci stanja na dnu prozora.
    
  • Ne pokrenuti bilo koji drugi dok skenira Spybot radi.
• Kada se završi skeniranje, pazite da odaberete sve i zatim pritisnite Popravi odabrane probleme na gornjoj traci izbornika.

NAPOMENA: Anytime instalacije ažuriranja za Spybot, provjerite za nove vakcine slijedeći gore navedene korake.

----------

Pokreni novu skenirati s HJT i post zapisnik nakon Spybot je završen.

[sungod000]

Ok, ovdje je nova prijava:

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 5:09:34, na 01/19/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Program Files \ Dell \ živa \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround mikser \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ DOCUME ~ 1 \ sundeep \ Mještani ~ 1 \ Temp \ clclean.0001
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security konzole \ NSCSRVCE.EXE
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / TF Intel PROSet / Bežični
O4 - HKLM \ .. \ Run: [Dell živa] C: \ Program Files \ Dell \ živa \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / pokretanja
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround mikser \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [upornost] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel i sloj apstrakcije hardvera] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O10 - Broken Internet pristup zbog LSP provider 'c: \ program files \ bonjour \ mdnsnsp.dll' nestalo
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ programa ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Planer - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec licenciranje Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown vlasnika - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security konzole \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown vlasnika - C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / wirelessom (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11469 bytes

[evilfantasy]

I messed up dio upute iz ranije.

Zapisnička fino izgleda ipak, kako je PC sada?

[sungod000]

Njegova otišao! Hvala puno na pomoći!

[evilfantasy]

Zvuči dobro. Ja izostavljena download link od post # 2 za Spybot. Htjela predlažemo da instalirate i pokrenete skeniranje s njom. Preuzimanje Spybot-S & D Koristite upute od post # 2 u stavi ga ispravno.


Ovo je dobar put očistiti zaražene točke vraćanja sustava i uspostaviti novu točku vraćanja čiste:

• Idi na Početak > Svi programi > Pribor > System Tools > System Restore
• Odaberi Napravite točku vraćanja, A zatim kliknite Dalje.
• Zatim idite u Početak > Pokrenuti te vrste u cleanmgr
• Odaberite Više opcija tab
• Uz kliknite System Restore Clean up ...

Ovo će ukloniti sve točke vraćanja osim novo koju ste upravo kreirali.


Check out ovaj post besplatno alate i savjete kako se PC i sami sigurno u budućnosti.

Ovaj post je besplatan alat i savjete kako se glatka PC prikazivati u budućnosti.

[Localhost]

Te je okužen mimo RAT (Remote Administration Tool). Želim napraviti search za klog .* datoteku i izbrisati ga, bi trebale biti u bilo system32 ili prozora mape.

RAT su stvarno popularne sa skriptom kiddies i korištenje AV cryptors za sprečavanje otkrivanja i veziva pa mogu svezati na trojanskih do Apps.

Kada sam doznao sam dobio sjeckan mimo RAT, preuzimanjem warez, imao sam pogled na program sebe i imala je sranje hrpe značajke keylog, webcam viewer, lozinkom cache. Tako su šanse kada su čuli glazba svira, bio je netko ručno kroz vaše datoteke i otvaranju.

Ako ste došli preko iste aktivnosti kao što su glazba svira, lozinka je promijenjena, pa čak i vaš webcam uključen onda umjesto da instalirate gomila beskorisnih AV programa i zaštita od zlonamjernih programa uklanjanjem sranje. Provjerite svoje Installed Components u registar.

HKEY_LOCAL_MACHINE> Software> Microsoft> Active Setup> Instalirani Komponente i samo kliknite na svakom od foldera i tražiti unos koji samo ima STUBPATH upozoravaju na. exe u system32 ili vaš Windows savijač.

Da li je to to. Exe u aktivnom pokretanju, dođite do nje i pokrenite ga. Ako on kaže da se koristi neki drugi program i naziv datoteke. Exe nije prikazano u svoj proces lista onda se ubrizgava u drugi proces, kao što je vaša defualt broswer (IE). Tada možete koristiti HJT izbrisati tu datoteku na restart i očito izbrisati Registry ulaz.

RAT-a su isti kao IRCBOT ali samo RAT ima GUI, JA će preporučiti Firewall, dakle ako je program želi nasumično spajanje na internet, možete ga niječu i dalje koristiti taj program. Budući da je trojanski binded za instalaciju datoteku, trojanskih ekstrakti i izvršava kada idete da instalira i da će pokušati izvršiti exteernal vezu i ako blok onda imate trojanskih ali arnt zaražene jer će samo sjediti u katalog radiš ništa.

Žao nam je da se na brbljanje, nade ovo vam je dao širi horizont na potencijalne opasnosti te na Rats IRCbots.

Brad

[sungod000]

Brad Hej, hvala za info.
Ja sam ono što si rekao i sve je. Exe referenced po stubpaths da sam kliknuo su dvokrevetne ne koristi neki drugi program. Dakle ... to znači ja sam u redu?

Thanks for your help.

[evilfantasy]

Localhost biste vidu davanja mi neke reference, kao na svoj uklanjanje zlonamjernih programa u pozadini? Na forumu učiniti ono što vam inače pomažu u uklanjanju štetnih sadržaja.

[Localhost]

Quote:

Originally Posted by sungod000

Brad Hej, hvala za info.
Ja sam ono što si rekao i sve je. Exe referenced po stubpaths da sam kliknuo su dvokrevetne ne koristi neki drugi program. Dakle ... to znači ja sam u redu?

Thanks for your help.

Je li to samo pokazuje stubpath i ništa drugo? Moglo bi se gleda na krivu tipku. To samo govori stubpath a zatim prilično jednostavno lokaciji.