Možda tražite i:
PSAUI.dll greška
dw20.exe-dll ???
hal.dll is missing
"d3dx9_41.dll was not found" greska pri startovanj

MyCity » Ambulanta -> Arhiva Ambulante » geebb.dll

geebb.dll

Napisano na dan: 22.12.2007

Strana:
1
2

geebb.dll

Sledeća strana

Pagination

Odgovori

Strana:
1
2

marko25 Poslao: 22 Dec 2007 01:51 Idi na vrh
offline marko25 Novi MyCity građanin Pridružio: 22 Dec 2007 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! imam nod32 i pokaziva mi infected file i taj file je geebb.dll skino sam hijack this i evo vam log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:47:32 PM, on 12/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\winshow.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ViStart\ViStart.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49ED0CC7-2860-4FB3-B226-0672FB7F1C19} - C:\WINDOWS\system32\geebb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {79D871D6-1227-4459-ABCE-982BC5036950} - C:\WINDOWS\system32\ssttq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll (file missing) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ijxsjvrr.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kgmetrjv.dll (file missing) O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\byxywvv.dll O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kgmetrjv.dll (file missing) O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com O4 - HKLM\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe O4 - HKLM\..\Run: [cc79ca10] rundll32.exe "C:\WINDOWS\system32\myriyles.dll",b O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [L07AXLRD_147332046] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: ViOrb.lnk = C:\Documents and Settings\Thomas\Bureau\ViStart Setup\ViOrb\ViOrb.exe O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: byxywvv - C:\WINDOWS\SYSTEM32\byxywvv.dll O20 - Winlogon Notify: kgmetrjv - kgmetrjv.dll (file missing) O20 - Winlogon Notify: ssqrssp - ssqrssp.dll (file missing) O22 - SharedTaskScheduler: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xprbbkgi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 9637 bytes fajl ne mogu izbrisati neznam sto molima vas pomozite mi ovo me vec dugo zeza i usporava mi kompjuret Hvala

Profil

DEMIAN Poslao: 22 Dec 2007 05:11 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @marko25 Imaš par infekcija na sistemu. Za početak detaljno isprati ovo uputstvo ----------------------------------- 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ] 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

marko25 Poslao: 22 Dec 2007 06:52 Idi na vrh
offline marko25 Novi MyCity građanin Pridružio: 22 Dec 2007 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo uradio sam to sve sto si reko i proslo je uspesno fajl je jos tu i infekcija koliko ja vidim evo ti dole logovi koje si trazio pa ti vidi. Hvala SmitFraudFix v2.274 Scan done at 0:29:44.46, Sat 12/22/2007 Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation" [HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32] @="C:\WINDOWS\system32\surzzh.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32] @="C:\WINDOWS\system32\surzzh.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\Tasks\At?.job Deleted C:\WINDOWS\Tasks\At??.job Deleted C:\DOCUME~1\ADMINI~1\FAVORI~1\Online Security Test.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{AB3F50C8-FF1C-4F49-96C9-AD9E78084ED2}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS1\Services\Tcpip\..\{AB3F50C8-FF1C-4F49-96C9-AD9E78084ED2}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS2\Services\Tcpip\..\{AB3F50C8-FF1C-4F49-96C9-AD9E78084ED2}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation" [HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32] @="C:\WINDOWS\system32\surzzh.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32] @="C:\WINDOWS\system32\surzzh.dll" »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:33 AM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\explorer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kgmetrjv.dll (file missing) O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com O4 - HKLM\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe O4 - HKLM\..\Run: [cc79ca10] rundll32.exe "C:\WINDOWS\system32\ejqoryde.dll",b O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [L07AXLRD_147332046] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: ViOrb.lnk = C:\Documents and Settings\Thomas\Bureau\ViStart Setup\ViOrb\ViOrb.exe O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll (file missing) O23 - Service: DomainService - - C:\WINDOWS\system32\xprbbkgi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) --

Profil

DEMIAN Poslao: 22 Dec 2007 08:51 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne brini niko neće da ti propusti bilo koji od malware-a iz logova. Samo malo strpljenja i rešiće se sve. Korak 2: Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

marko25 Poslao: 22 Dec 2007 17:35 Idi na vrh
offline marko25 Novi MyCity građanin Pridružio: 22 Dec 2007 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo uradio sam i to evo ti dole logovi pa ti vidi ja vise nemam pojma. VundoFix V6.7.7 Checking Java version... Scan started at 9:58:15 AM 12/22/2007 Listing files found while scanning.... C:\windows\system32\byxywvv.dll C:\windows\system32\ccqqgwdx.ini C:\windows\system32\fqjcpvzi.dll C:\windows\system32\fqjcpvzi.dllbox C:\windows\system32\gjqywatx.dll C:\windows\system32\gjqywatx.dllbox C:\windows\system32\hnmmmrjq.dll C:\windows\system32\iifccdd.dll C:\WINDOWS\system32\ijxsjvrr.dll C:\WINDOWS\system32\kgmetrjv.dll C:\windows\system32\kgmetrjv.dllbox C:\windows\system32\qjrmmmnh.ini C:\windows\system32\rqrrspp.dll C:\windows\system32\rquhxjdq.dllbox C:\windows\system32\rxekpydg.dll C:\windows\system32\rxekpydg.dllbox C:\windows\system32\ssqrs.dll C:\WINDOWS\system32\ssqrssp.dll C:\windows\system32\xdwgqqcc.dll Beginning removal... Beginning removal... VundoFix V6.7.7 Checking Java version... Scan started at 10:43:45 AM 12/22/2007 Listing files found while scanning.... C:\windows\system32\byxywvv.dll C:\WINDOWS\system32\ijxsjvrr.dll C:\WINDOWS\system32\kgmetrjv.dll C:\windows\system32\rxekpydg.dll C:\windows\system32\rxekpydg.dllbox C:\windows\system32\ssqrs.dll C:\WINDOWS\system32\ssqrssp.dll C:\windows\system32\xdwgqqcc.dll Beginning removal... Attempting to delete C:\windows\system32\byxywvv.dll C:\windows\system32\byxywvv.dll Could not be deleted. Attempting to delete C:\windows\system32\rxekpydg.dll C:\windows\system32\rxekpydg.dll Has been deleted! Attempting to delete C:\windows\system32\rxekpydg.dllbox C:\windows\system32\rxekpydg.dllbox Has been deleted! Attempting to delete C:\windows\system32\ssqrs.dll C:\windows\system32\ssqrs.dll Has been deleted! Attempting to delete C:\windows\system32\xdwgqqcc.dll C:\windows\system32\xdwgqqcc.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\byxywvv.dll C:\windows\system32\byxywvv.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:40 AM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\winshow.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\Program Files\ViStart\ViStart.exe C:\Program Files\ViOrb\ViOrb.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {30338722-B9CF-4E85-BB21-412B68FC54C3} - C:\WINDOWS\system32\geebb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {79D871D6-1227-4459-ABCE-982BC5036950} - C:\WINDOWS\system32\ssttq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com O4 - HKLM\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe O4 - HKLM\..\Run: [cc79ca10] rundll32.exe "C:\WINDOWS\system32\ejqoryde.dll",b O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [L07AXLRD_147332046] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: ViOrb.lnk = C:\Documents and Settings\Thomas\Bureau\ViStart Setup\ViOrb\ViOrb.exe O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: kgmetrjv - kgmetrjv.dll (file missing) O20 - Winlogon Notify: ssqrssp - ssqrssp.dll (file missing) O22 - SharedTaskScheduler: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xprbbkgi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 9311 bytes

Profil

DEMIAN Poslao: 22 Dec 2007 18:32 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! marko25 ::evo uradio sam i to evo ti dole logovi pa ti vidi ja vise nemam pojma. Umeš da čitaš, vidiš da ti je svaki alat obrisao po nešto. Ja šta da ti radim kada imaš više malware-a na sistemu nego windowsovih procesa. ----------------------- Pokreni program HijackThis, izaberi opciju "Do a system scan only", štikliraj ispod navedene linije (u kvadratićima onim pored njih) i stisni "Fix Checked". O2 - BHO: (no name) - {79D871D6-1227-4459-ABCE-982BC5036950} - C:\WINDOWS\system32\ssttq.dll (file missing) O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll (file missing) O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com O4 - HKLM\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe O4 - HKLM\..\Run: [cc79ca10] rundll32.exe "C:\WINDOWS\system32\ejqoryde.dll",b O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O20 - Winlogon Notify: kgmetrjv - kgmetrjv.dll (file missing) O20 - Winlogon Notify: ssqrssp - ssqrssp.dll (file missing) O22 - SharedTaskScheduler: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll (file missing) Zatim restartuj sistem u Safe Mode i briši sledeće foldere: C:\Program Files\BestsellerAntivirus\ C:\Program Files\Video ActiveX Access\ ------------------------------- Podigni sistem u normalan mod. Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati. Ispod njega postavi i svež log programa HijackThis. Ovaj put promeni ime aplikacije (HijackThis.exe) u nešto što ne asocira na nju npr. TR3.exe pa onda skeniraj.

Profil

marko25 Poslao: 22 Dec 2007 20:07 Idi na vrh
offline marko25 Novi MyCity građanin Pridružio: 22 Dec 2007 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok ve zam razumeo osim ovoga Ovaj put promeni ime aplikacije (HijackThis.exe) u nešto što ne asocira na nju npr. TR3.exe pa onda skeniraj. Dopuna: 22 Dec 2007 20:07 eto uradio sam ono sa hijack this i onsa uso u safe mod one folderi nisu tu znaci nista nisam brisao. onda sam restartovao u normalnom modu skino combofix i on je svoje uradio. evo dole logovi ComboFix 07-12-21.4 - Administrator 2007-12-22 13:31:46.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\avtasks.dat C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\Logs\av.log C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\Logs\ga6Support.log C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\Logs\update.log C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Program Files\Microsoft Security Adviser C:\Program Files\Microsoft Security Adviser\msavsc.exe C:\Program Files\Microsoft Security Adviser\msctrl.exe C:\Program Files\Microsoft Security Adviser\msfw.exe C:\Program Files\Microsoft Security Adviser\msiemon.exe C:\Program Files\Microsoft Security Adviser\msscan.exe C:\UGA6P C:\WINDOWS\msavsc.dll C:\WINDOWS\msctrl.dll C:\WINDOWS\msfw.dll C:\WINDOWS\msiemon.dll C:\WINDOWS\msscan.dll C:\WINDOWS\system32\bbeeg.bak1 C:\WINDOWS\system32\bbeeg.bak2 C:\WINDOWS\system32\bbeeg.ini C:\WINDOWS\system32\bbeeg.ini2 C:\WINDOWS\system32\bbeeg.tmp C:\WINDOWS\system32\exmroiqt.ini C:\WINDOWS\system32\modiagax.ini C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\qttss.bak2 C:\WINDOWS\system32\qttss.ini C:\WINDOWS\system32\qttss.ini2 C:\WINDOWS\system32\qttss.tmp C:\WINDOWS\system32\tkcdjocv.ini C:\WINDOWS\system32\tqiormxe.dll C:\WINDOWS\system32\vcojdckt.dll C:\WINDOWS\system32\xagaidom.dll C:\WINDOWS\winshow.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_OHCTUSB -------\DomainService -------\ohctusb ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 13:48 . 2007-12-22 13:53 6,520 --ahs---- C:\WINDOWS\system32\bbeeg.ini 2007-12-22 09:58 . 2007-12-22 11:22 <DIR> d----c--- C:\VundoFix Backups 2007-12-22 00:30 . 2007-12-22 00:30 2,034 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-22 00:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-22 00:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-22 00:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-22 00:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-22 00:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-22 00:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-21 21:35 . 2007-12-22 11:24 991,722 --ahs---- C:\WINDOWS\system32\edyroqje.ini 2007-12-21 21:35 . 2007-12-21 21:35 85,568 --a--c--- C:\WINDOWS\system32\ejqoryde.dll 2007-12-21 21:35 . 2007-12-21 21:35 74,304 --a--c--- C:\WINDOWS\system32\hangcxua.exe 2007-12-21 18:34 . 2007-12-21 18:34 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-21 10:46 . 2007-12-21 10:48 <DIR> d----c--- C:\Documents and Settings\Administrator\bys 2007-12-16 17:23 . 2007-12-16 17:23 <DIR> d----c--- C:\Documents and Settings\Administrator\Parts 2007-12-15 15:11 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3 2007-12-15 14:37 . 2007-12-15 14:37 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-15 14:34 . 2007-12-16 17:24 <DIR> d-------- C:\Program Files\Sidebar 2007-12-15 13:44 . 2007-12-15 13:48 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\ViStart 2007-12-15 10:31 . 2007-12-15 10:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Styler 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\WinFlip 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\VisualTooltip 2007-12-15 10:30 . 2007-12-22 13:51 <DIR> d-------- C:\Program Files\ViStart 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\Vista Sidebar 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\ViOrb 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\TrueTransparency 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\LClock 2007-12-15 10:30 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe 2007-12-15 10:30 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl 2007-12-15 10:30 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp 2007-12-15 10:22 . 2007-12-15 10:22 78,942 --a------ C:\WINDOWS\Icon_2.ico 2007-12-14 19:47 . 2007-12-14 20:12 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-14 19:47 . 2007-12-14 19:47 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Thinstall 2007-12-10 01:00 . 2007-12-16 01:57 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-09 23:12 . 2007-12-09 23:12 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Nero 2007-12-09 22:26 . 2007-12-09 22:26 <DIR> d-------- C:\Program Files\Nero 2007-12-09 22:26 . 2007-12-09 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-11-28 17:35 . 2007-11-28 17:35 32,764 --a------ C:\WINDOWS\17PHolmes77.exe 2007-11-28 17:34 . 2007-11-28 17:34 37,376 --a------ C:\WINDOWS\system32\ssqppnm.dll 2007-11-27 21:02 . 2007-11-27 21:02 63,488 --a------ C:\WINDOWS\system32\MCI32.oca 2007-11-26 21:49 . 2007-11-26 21:49 28 --a------ C:\WINDOWS\system32\srss.dat 2007-11-26 21:48 . 2007-11-26 21:50 <DIR> d-------- C:\Program Files\VoiceMaskPro 2007-11-26 21:47 . 2007-11-26 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-25 22:16 . 2007-12-21 17:26 <DIR> d-------- C:\Program Files\ApexDC++ 2007-11-24 14:28 . 2007-11-24 14:28 <DIR> d-------- C:\Program Files\Microsoft Device Emulator 2007-11-24 14:26 . 2007-11-24 14:26 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2007-11-24 12:09 . 2007-11-24 12:09 <DIR> d-------- C:\WINDOWS\Symbols 2007-11-24 12:09 . 2007-11-24 14:37 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-11-24 12:09 . 2007-11-24 12:41 <DIR> d-------- C:\Program Files\HTML Help Workshop 2007-11-24 12:09 . 2007-11-24 12:39 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2007-11-24 12:09 . 2007-11-24 12:14 <DIR> d-------- C:\Program Files\Common Files\Business Objects 2007-11-24 12:09 . 2007-11-24 12:09 <DIR> d-------- C:\Program Files\CE Remote Tools 2007-11-24 12:09 . 2007-11-24 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions 2007-11-24 11:44 . 2007-11-24 12:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-11-22 12:36 . 2007-11-22 12:39 <DIR> d-------- C:\Program Files\Maxthon2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 18:50 6,520 --sha-w C:\WINDOWS\system32\bbeeg.bak1 2007-12-21 22:38 --------- d-----w C:\Program Files\AskPBar 2007-12-20 00:10 --------- dc----w C:\Documents and Settings\Administrator\Application Data\.gaim 2007-12-19 23:43 --------- d-----w C:\Program Files\Paltalk Messenger 2007-12-15 23:00 --------- d-----w C:\Program Files\MSN Messenger 2007-12-15 15:30 --------- d-----w C:\Program Files\Styler 2007-12-12 17:44 --------- dc----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-12-10 03:32 --------- d-----w C:\Program Files\Common Files\Nero 2007-12-10 02:49 --------- d-----w C:\Program Files\Ahead 2007-11-30 10:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe 2007-11-27 02:42 --------- d-----w C:\Program Files\SplitCam 2007-11-24 19:52 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-24 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-24 17:42 --------- d-----w C:\Program Files\MSBuild 2007-11-17 04:22 --------- d-----w C:\Program Files\Web Publish 2007-11-14 00:03 --------- d-----w C:\Program Files\Microsoft Games 2007-11-11 19:08 --------- d-----w C:\Program Files\Microsoft Small Business 2007-11-11 05:00 --------- dc----w C:\Documents and Settings\Administrator\Application Data\FileMaker 2007-11-10 20:04 --------- d-----w C:\Program Files\Microsoft Student 2007-11-10 19:09 --------- d-----w C:\Program Files\Learning Essentials 2007-11-10 03:47 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Paltalk 2007-11-07 22:30 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys 2007-11-07 03:12 71,232 -c--a-w C:\WINDOWS\system32\pjvyatye.exe 2007-11-07 02:32 87,104 -c--a-w C:\WINDOWS\system32\snfxvbgf.dll 2007-11-07 02:26 71,232 -c--a-w C:\WINDOWS\system32\dwmacvqs.exe 2007-11-07 02:05 87,104 -c--a-w C:\WINDOWS\system32\qduocony.dll 2007-11-07 02:03 71,232 -c--a-w C:\WINDOWS\system32\oodtwcko.exe 2007-11-07 01:31 71,232 -c--a-w C:\WINDOWS\system32\xprbbkgi.exe 2007-11-02 05:46 --------- d-----w C:\Program Files\OneStepSearch 2007-10-29 19:45 --------- d-----w C:\Program Files\ESP Demo 2007-10-29 17:13 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-10-25 20:19 --------- d-----w C:\Program Files\Common Files\Stardock 2007-10-25 20:14 --------- d-----w C:\Program Files\Real 2007-10-25 20:12 --------- d-----w C:\Program Files\Total Video Converter 2007-10-24 21:15 316,000 ----a-w C:\WINDOWS\system32\geebb.dll 2007-10-23 19:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-10-23 00:40 --------- d-----w C:\Program Files\Vista Start Menu 2007-10-22 13:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-10-22 01:08 --------- d-----w C:\Program Files\Stardock 2007-10-22 00:04 --------- d-----w C:\Program Files\TGTSoft 2007-10-18 02:52 389,184 ----a-w C:\WINDOWS\system32\yguwlsoi.exe 2007-10-17 09:44 389,184 ----a-w C:\WINDOWS\system32\onulyslc.exe 2007-10-16 09:43 389,184 ----a-w C:\WINDOWS\system32\aubkcbsd.exe 2007-10-15 09:46 389,184 ----a-w C:\WINDOWS\system32\avdccenf.exe 2007-10-14 16:51 389,184 ----a-w C:\WINDOWS\system32\aimacqxb.exe 2007-09-07 19:49 144,626 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_07_14_43_50_small.dmp.zip 2007-08-19 21:20 134,130 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_19_54_22_small.dmp.zip 2007-08-19 21:20 131,377 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_19_54_17_small.dmp.zip 2007-08-14 13:12 118,844 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_07_23_59_small.dmp.zip 2007-08-14 13:12 116,451 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_07_23_54_small.dmp.zip 2007-08-13 01:22 123,711 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_11_17_28_29_small.dmp.zip 2007-08-13 01:22 122,291 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_11_17_28_25_small.dmp.zip 2007-07-20 23:19 21,682,172 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_19_15_03_00_full.dmp.zip 2007-07-14 20:26 23,862,046 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_13_21_44_56_full.dmp.zip 2007-07-13 22:02 29,707,903 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_13_00_59_50_full.dmp.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5BAA16D-2362-4F5A-8DBF-F2025522ED79}] 2007-10-24 16:15 316000 --a------ C:\WINDOWS\system32\geebb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56] "LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 01:27] "L07AXLRD_147332046"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe" [2006-06-10 04:10] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54] "viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56] "ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27] "ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 17:56 C:\WINDOWS\system32\rundll32.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "nwiz"="nwiz.exe" [2004-02-23 14:43 C:\WINDOWS\system32\nwiz.exe] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 10:11] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 10:11] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-03 17:56 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 15:59] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ ViStart.lnk - C:\Program Files\ViStart\ViStart.exe [2007-12-15 10:30:50] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-11-26 18:24:37] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 21:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geebb.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Microsoft Office Groove.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Office Groove.lnk backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^_.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\_.lnk backup=C:\WINDOWS\pss\_.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MS_update_0704_KB74073.exe] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS_update_0704_KB74073.exe backup=C:\WINDOWS\pss\MS_update_0704_KB74073.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRegScan] C:\Program Files\ESP Demo\ESPDemo [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ Alerter WebClient LmHosts upnphost SSDPSRV [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683e3443-e92a-11da-8207-ab5ab24a20ce}] \Shell\AutoRun\command - L:\LaunchU3.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-12-22 13:52:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\geebb.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2649] -> C:\WINDOWS\system32\geebb.dll . Completion time: 2007-12-22 13:57:07 - machine was rebooted Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:02:53 PM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ViStart\ViStart.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: (no name) - {B5BAA16D-2362-4F5A-8DBF-F2025522ED79} - C:\WINDOWS\system32\geebb.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [L07AXLRD_147332046] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: ViOrb.lnk = C:\Documents and Settings\Thomas\Bureau\ViStart Setup\ViOrb\ViOrb.exe O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 7384 bytes

Profil

DEMIAN Poslao: 22 Dec 2007 23:14 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj u njega ovaj tekst: File:: C:\WINDOWS\system32\yguwlsoi.exe C:\WINDOWS\system32\onulyslc.exe C:\WINDOWS\system32\aubkcbsd.exe C:\WINDOWS\system32\avdccenf.exe C:\WINDOWS\system32\aimacqxb.exe C:\WINDOWS\system32\geebb.dll C:\WINDOWS\system32\pjvyatye.exe C:\WINDOWS\system32\snfxvbgf.dll C:\WINDOWS\system32\dwmacvqs.exe C:\WINDOWS\system32\qduocony.dll C:\WINDOWS\system32\oodtwcko.exe C:\WINDOWS\system32\xprbbkgi.exe C:\WINDOWS\system32\bbeeg.bak1 Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geebb.dll [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5BAA16D-2362-4F5A-8DBF-F2025522ED79}] Snimi na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Dopuna: 22 Dec 2007 23:14 U vezi ovoga: marko25 ::Ovaj put promeni ime aplikacije (HijackThis.exe) u nešto što ne asocira na nju npr. TR3.exe pa onda skeniraj. Desni klik > Rename i umesto HijackThis upišeš bilo šta što ne asocira na to ime (primer iz izdvojene teme na ovom forumu gde je opisano kako se postavljaju HJT logovi je TR3.exe). To sam tražio od tebe zato što pojedine vrste malware-a mogu da detektuju HijackThis i "sakriju se" - ne budu izlistani u logu. Nadam se da je sada jasnije.

Profil

marko25 Poslao: 23 Dec 2007 00:56 Idi na vrh
offline marko25 Novi MyCity građanin Pridružio: 22 Dec 2007 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo logovi ComboFix 07-12-21.4 - Administrator 2007-12-22 13:31:46.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\avtasks.dat C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\Logs\av.log C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\Logs\ga6Support.log C:\Documents and Settings\Administrator\Application Data\BestsellerAntivirus\Logs\update.log C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Program Files\Microsoft Security Adviser C:\Program Files\Microsoft Security Adviser\msavsc.exe C:\Program Files\Microsoft Security Adviser\msctrl.exe C:\Program Files\Microsoft Security Adviser\msfw.exe C:\Program Files\Microsoft Security Adviser\msiemon.exe C:\Program Files\Microsoft Security Adviser\msscan.exe C:\UGA6P C:\WINDOWS\msavsc.dll C:\WINDOWS\msctrl.dll C:\WINDOWS\msfw.dll C:\WINDOWS\msiemon.dll C:\WINDOWS\msscan.dll C:\WINDOWS\system32\bbeeg.bak1 C:\WINDOWS\system32\bbeeg.bak2 C:\WINDOWS\system32\bbeeg.ini C:\WINDOWS\system32\bbeeg.ini2 C:\WINDOWS\system32\bbeeg.tmp C:\WINDOWS\system32\exmroiqt.ini C:\WINDOWS\system32\modiagax.ini C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\qttss.bak2 C:\WINDOWS\system32\qttss.ini C:\WINDOWS\system32\qttss.ini2 C:\WINDOWS\system32\qttss.tmp C:\WINDOWS\system32\tkcdjocv.ini C:\WINDOWS\system32\tqiormxe.dll C:\WINDOWS\system32\vcojdckt.dll C:\WINDOWS\system32\xagaidom.dll C:\WINDOWS\winshow.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_OHCTUSB -------\DomainService -------\ohctusb ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 13:48 . 2007-12-22 13:53 6,520 --ahs---- C:\WINDOWS\system32\bbeeg.ini 2007-12-22 09:58 . 2007-12-22 11:22 <DIR> d----c--- C:\VundoFix Backups 2007-12-22 00:30 . 2007-12-22 00:30 2,034 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-22 00:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-22 00:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-22 00:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-22 00:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-22 00:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-22 00:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-21 21:35 . 2007-12-22 11:24 991,722 --ahs---- C:\WINDOWS\system32\edyroqje.ini 2007-12-21 21:35 . 2007-12-21 21:35 85,568 --a--c--- C:\WINDOWS\system32\ejqoryde.dll 2007-12-21 21:35 . 2007-12-21 21:35 74,304 --a--c--- C:\WINDOWS\system32\hangcxua.exe 2007-12-21 18:34 . 2007-12-21 18:34 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-21 10:46 . 2007-12-21 10:48 <DIR> d----c--- C:\Documents and Settings\Administrator\bys 2007-12-16 17:23 . 2007-12-16 17:23 <DIR> d----c--- C:\Documents and Settings\Administrator\Parts 2007-12-15 15:11 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3 2007-12-15 14:37 . 2007-12-15 14:37 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-15 14:34 . 2007-12-16 17:24 <DIR> d-------- C:\Program Files\Sidebar 2007-12-15 13:44 . 2007-12-15 13:48 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\ViStart 2007-12-15 10:31 . 2007-12-15 10:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Styler 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\WinFlip 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\VisualTooltip 2007-12-15 10:30 . 2007-12-22 13:51 <DIR> d-------- C:\Program Files\ViStart 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\Vista Sidebar 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\ViOrb 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\TrueTransparency 2007-12-15 10:30 . 2007-12-15 10:30 <DIR> d-------- C:\Program Files\LClock 2007-12-15 10:30 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe 2007-12-15 10:30 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl 2007-12-15 10:30 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp 2007-12-15 10:22 . 2007-12-15 10:22 78,942 --a------ C:\WINDOWS\Icon_2.ico 2007-12-14 19:47 . 2007-12-14 20:12 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-14 19:47 . 2007-12-14 19:47 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Thinstall 2007-12-10 01:00 . 2007-12-16 01:57 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-09 23:12 . 2007-12-09 23:12 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Nero 2007-12-09 22:26 . 2007-12-09 22:26 <DIR> d-------- C:\Program Files\Nero 2007-12-09 22:26 . 2007-12-09 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-11-28 17:35 . 2007-11-28 17:35 32,764 --a------ C:\WINDOWS\17PHolmes77.exe 2007-11-28 17:34 . 2007-11-28 17:34 37,376 --a------ C:\WINDOWS\system32\ssqppnm.dll 2007-11-27 21:02 . 2007-11-27 21:02 63,488 --a------ C:\WINDOWS\system32\MCI32.oca 2007-11-26 21:49 . 2007-11-26 21:49 28 --a------ C:\WINDOWS\system32\srss.dat 2007-11-26 21:48 . 2007-11-26 21:50 <DIR> d-------- C:\Program Files\VoiceMaskPro 2007-11-26 21:47 . 2007-11-26 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-25 22:16 . 2007-12-21 17:26 <DIR> d-------- C:\Program Files\ApexDC++ 2007-11-24 14:28 . 2007-11-24 14:28 <DIR> d-------- C:\Program Files\Microsoft Device Emulator 2007-11-24 14:26 . 2007-11-24 14:26 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2007-11-24 12:09 . 2007-11-24 12:09 <DIR> d-------- C:\WINDOWS\Symbols 2007-11-24 12:09 . 2007-11-24 14:37 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-11-24 12:09 . 2007-11-24 12:41 <DIR> d-------- C:\Program Files\HTML Help Workshop 2007-11-24 12:09 . 2007-11-24 12:39 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2007-11-24 12:09 . 2007-11-24 12:14 <DIR> d-------- C:\Program Files\Common Files\Business Objects 2007-11-24 12:09 . 2007-11-24 12:09 <DIR> d-------- C:\Program Files\CE Remote Tools 2007-11-24 12:09 . 2007-11-24 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions 2007-11-24 11:44 . 2007-11-24 12:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-11-22 12:36 . 2007-11-22 12:39 <DIR> d-------- C:\Program Files\Maxthon2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 18:50 6,520 --sha-w C:\WINDOWS\system32\bbeeg.bak1 2007-12-21 22:38 --------- d-----w C:\Program Files\AskPBar 2007-12-20 00:10 --------- dc----w C:\Documents and Settings\Administrator\Application Data\.gaim 2007-12-19 23:43 --------- d-----w C:\Program Files\Paltalk Messenger 2007-12-15 23:00 --------- d-----w C:\Program Files\MSN Messenger 2007-12-15 15:30 --------- d-----w C:\Program Files\Styler 2007-12-12 17:44 --------- dc----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-12-10 03:32 --------- d-----w C:\Program Files\Common Files\Nero 2007-12-10 02:49 --------- d-----w C:\Program Files\Ahead 2007-11-30 10:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe 2007-11-27 02:42 --------- d-----w C:\Program Files\SplitCam 2007-11-24 19:52 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-24 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-24 17:42 --------- d-----w C:\Program Files\MSBuild 2007-11-17 04:22 --------- d-----w C:\Program Files\Web Publish 2007-11-14 00:03 --------- d-----w C:\Program Files\Microsoft Games 2007-11-11 19:08 --------- d-----w C:\Program Files\Microsoft Small Business 2007-11-11 05:00 --------- dc----w C:\Documents and Settings\Administrator\Application Data\FileMaker 2007-11-10 20:04 --------- d-----w C:\Program Files\Microsoft Student 2007-11-10 19:09 --------- d-----w C:\Program Files\Learning Essentials 2007-11-10 03:47 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Paltalk 2007-11-07 22:30 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys 2007-11-07 03:12 71,232 -c--a-w C:\WINDOWS\system32\pjvyatye.exe 2007-11-07 02:32 87,104 -c--a-w C:\WINDOWS\system32\snfxvbgf.dll 2007-11-07 02:26 71,232 -c--a-w C:\WINDOWS\system32\dwmacvqs.exe 2007-11-07 02:05 87,104 -c--a-w C:\WINDOWS\system32\qduocony.dll 2007-11-07 02:03 71,232 -c--a-w C:\WINDOWS\system32\oodtwcko.exe 2007-11-07 01:31 71,232 -c--a-w C:\WINDOWS\system32\xprbbkgi.exe 2007-11-02 05:46 --------- d-----w C:\Program Files\OneStepSearch 2007-10-29 19:45 --------- d-----w C:\Program Files\ESP Demo 2007-10-29 17:13 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-10-25 20:19 --------- d-----w C:\Program Files\Common Files\Stardock 2007-10-25 20:14 --------- d-----w C:\Program Files\Real 2007-10-25 20:12 --------- d-----w C:\Program Files\Total Video Converter 2007-10-24 21:15 316,000 ----a-w C:\WINDOWS\system32\geebb.dll 2007-10-23 19:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-10-23 00:40 --------- d-----w C:\Program Files\Vista Start Menu 2007-10-22 13:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-10-22 01:08 --------- d-----w C:\Program Files\Stardock 2007-10-22 00:04 --------- d-----w C:\Program Files\TGTSoft 2007-10-18 02:52 389,184 ----a-w C:\WINDOWS\system32\yguwlsoi.exe 2007-10-17 09:44 389,184 ----a-w C:\WINDOWS\system32\onulyslc.exe 2007-10-16 09:43 389,184 ----a-w C:\WINDOWS\system32\aubkcbsd.exe 2007-10-15 09:46 389,184 ----a-w C:\WINDOWS\system32\avdccenf.exe 2007-10-14 16:51 389,184 ----a-w C:\WINDOWS\system32\aimacqxb.exe 2007-09-07 19:49 144,626 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_07_14_43_50_small.dmp.zip 2007-08-19 21:20 134,130 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_19_54_22_small.dmp.zip 2007-08-19 21:20 131,377 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_19_54_17_small.dmp.zip 2007-08-14 13:12 118,844 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_07_23_59_small.dmp.zip 2007-08-14 13:12 116,451 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_14_07_23_54_small.dmp.zip 2007-08-13 01:22 123,711 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_11_17_28_29_small.dmp.zip 2007-08-13 01:22 122,291 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_11_17_28_25_small.dmp.zip 2007-07-20 23:19 21,682,172 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_19_15_03_00_full.dmp.zip 2007-07-14 20:26 23,862,046 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_13_21_44_56_full.dmp.zip 2007-07-13 22:02 29,707,903 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_13_00_59_50_full.dmp.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5BAA16D-2362-4F5A-8DBF-F2025522ED79}] 2007-10-24 16:15 316000 --a------ C:\WINDOWS\system32\geebb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56] "LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 01:27] "L07AXLRD_147332046"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe" [2006-06-10 04:10] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54] "viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56] "ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27] "ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 17:56 C:\WINDOWS\system32\rundll32.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "nwiz"="nwiz.exe" [2004-02-23 14:43 C:\WINDOWS\system32\nwiz.exe] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 10:11] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 10:11] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-03 17:56 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 15:59] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ ViStart.lnk - C:\Program Files\ViStart\ViStart.exe [2007-12-15 10:30:50] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-11-26 18:24:37] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 21:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geebb.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Microsoft Office Groove.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Microsoft Office Groove.lnk backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^_.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\_.lnk backup=C:\WINDOWS\pss\_.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MS_update_0704_KB74073.exe] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS_update_0704_KB74073.exe backup=C:\WINDOWS\pss\MS_update_0704_KB74073.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRegScan] C:\Program Files\ESP Demo\ESPDemo [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ Alerter WebClient LmHosts upnphost SSDPSRV [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683e3443-e92a-11da-8207-ab5ab24a20ce}] \Shell\AutoRun\command - L:\LaunchU3.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-12-22 13:52:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\geebb.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2649] -> C:\WINDOWS\system32\geebb.dll . Completion time: 2007-12-22 13:57:07 - machine was rebooted Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:52, on 2007-12-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\Program Files\ViStart\ViStart.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [L07AXLRD_147332046] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: ViStart.lnk = C:\Program Files\ViStart\ViStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: ViOrb.lnk = C:\Documents and Settings\Thomas\Bureau\ViStart Setup\ViOrb\ViOrb.exe O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 7407 bytes

Profil

DEMIAN Poslao: 23 Dec 2007 01:14 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koliko ja vidim prema ovom zadnjem HJT logu nema više ničeg malicioznog za uklanjanje. Kakvo je stanje na računaru ? Javlja li se problem na koji si se prvobitno žalio ?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » geebb.dll

Ko je trenutno na forumu

Ukupno su 912 korisnika na forumu :: 32 registrovanih, 2 sakrivenih i 878 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: acatomic, anta, Apok, ArchaBasha, Arsenije, babaroga, banebeograd, bigfoot, bojan_t, brundo65, DejanCG, doktor1964, doloress, Georgius, havoc995, kybonacci, Lieutenant, m0nstrum_, mercedesamg, moldway, mustangkg, nemkea71, ostoja, Prometeus, sabros, sap, savaskytec, shone34, Snorks, Stoilkovic, vathra, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by