Problem sa explorer.exe

revenion · 20.01.2009., 16:26

Ovako,vec sam trazio pomoc na jednom forumu i sredio sam pola problema sa EMSI Emergency AntiVirus-om,ali ostao mi je najveci problem...explorer.exe mi se svako malo restarta,iskljci nakon nekoliko sekundi pa opet iskljuci...I tako neprestano,sve dok ga ne pogasim u Procesima...Onda prestane al onda sve moram raditi preko task managera sto nije bas jednostavno...Ostali problemi su mi bili dugo paljenje(sto jos imam al je vjerovatno povezano sa ovim problemom,jer je sad brze od prije),sporo logiranje te gasenje sto je sad sredeno,nisam mogao gledat filmice na youtube,imao sam neki AdBlocking software instaliran itd,uglavnom skoro sve to sam sredio osim ovog explorer.exe-a...Cega se niako nemogu rjesit...Probao sam NOD32,Spybot nemrem pokrenut no koristio sam EMSI-ev program koji je nasao neki Trojan,Vundo!IK kojeg nisam mogao izbrisat jedno 5 puta sam napravio quick scanove pobrisao ga i svaki put se opet napravio,zadnji put sam ga prebacio u karantenu i crashao mi se komp,kad sam opet skenirao nije ga vise bilo...Guglao sam malo o tome al nista puno nisam nasao osim za taj Vundo,no ocito ga vise nema jer sam i sa VundoFix probao pa ga nije nasao...Problem je jos tu...A Anti-Virusi mi nista ne nalaze...Zahvaljujem na svakoj pomoci,i molim sto manje:"Formatiraj si komp,to ti je jedino rjesenje postova."..To znam i sam

al prije toga cu rade pokusat spasit komp...

zmikic · 20.01.2009., 19:05

Posalji hijack info na forum

revenion · 20.01.2009., 20:30

Naveo sam da nemogu koristiti S&D i sl,e za tako mi je i za neke druge fajlove...Kad skinem HJT nemrem ga instalirat...Kad ga aktiviram samo se pocinje procesirat ali se nista ne dogada...Dal postoji nesto drugo il online HJT scan?

zmikic · 20.01.2009., 21:35

To se ne instalirava. Skines ovaj exe http://download.bleepingcomputer.com...HiJackThis.exe i pokrenes ga i to je program za radit, nije to instalacija...

revenion · 21.01.2009., 10:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:59, on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Documents and Settings\vesna\My Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O1 - Hosts: ::1 localhost
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Kxelumezim] rundll32.exe "C:\WINDOWS\Lwozoyizi.dll",e
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vesna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Steam] "C:\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS46\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS47\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS48\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS49\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS50\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS51\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service (autodesk licensing service) - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsmax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Parallels DHCP Service for Virtual NIC (PRLDHCP) - Unknown owner - C:\Program Files\Parallels\Parallels Workstation\PRLDHCP.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10436 bytes

zmikic · 21.01.2009., 12:15

Imas toga puno sto bi ja zbrisao...

Ajd za pocetak najednostavnije pogasi u procesima program Rundll32.exe. Javi da li nakon toga explorer.exe prestao padati.

revenion · 21.01.2009., 14:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:05, on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\vesna\My Documents\HiJackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vesna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Steam] "C:\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS46\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS47\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS48\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS49\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS50\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS51\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service (autodesk licensing service) - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsmax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Parallels DHCP Service for Virtual NIC (PRLDHCP) - Unknown owner - C:\Program Files\Parallels\Parallels Workstation\PRLDHCP.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10376 bytes

revenion · 21.01.2009., 16:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:02, on 21/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\vesna\My Documents\HiJackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vesna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Steam] "C:\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS46\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS47\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS48\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS49\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS50\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O17 - HKLM\System\CS51\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service (autodesk licensing service) - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsmax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Parallels DHCP Service for Virtual NIC (PRLDHCP) - Unknown owner - C:\Program Files\Parallels\Parallels Workstation\PRLDHCP.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10534 bytes

Valg · 21.01.2009., 16:34

Sine moj, tebi pomaže samo format C:
Znam da to ne želiš, al ovo mi uopće ne zgleda dobro...

revenion · 21.01.2009., 16:54

A bi bio dovoljan Quick Format preko My Computera?Il da napravim potpuni...Nemam windows cd...

~Trt~ · 21.01.2009., 16:57

prvo nabavi windblowse pa tek onda radi format ili još bolje nađi nekoga tko zna pa nek ti to sve napravi

Paxton · 21.01.2009., 16:57

Neces moci napravit qucik format particije na kojoj ti je sistem nikakako... A nista ti format ni ne vrijedi bez win cda...

revenion · 21.01.2009., 17:08

>> Hmm Ok,ako iko moze jos pomoc neka proba,zahvaljujem na bilokakvoj pomoc

,ja cu dotad pokusat nabavit novi OS >>

zmikic · 21.01.2009., 19:29

Pokreni start --> run --> eventvwr.msc
Odi u application i probaj naci zapise u vezi explorer.exe ( valda source kolona). Tu bi trebale biti neke informacije. Posalji dva - tri najnovija zapisa na forum.

revenion · 21.01.2009., 20:15

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:33, on 21/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\vesna\My Documents\HiJackThis.exe C:\WINDOWS\explorer.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll O1 - Hosts: ::1 localhost O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing) O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing) O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files\Warcraft III\w3dr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vesna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [Steam] "C:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O17 - HKLM\System\CS46\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O17 - HKLM\System\CS47\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O17 - HKLM\System\CS48\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O17 - HKLM\System\CS49\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O17 - HKLM\System\CS50\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O17 - HKLM\System\CS51\Services\Tcpip\..\{1ADBE0C0-24DB-4137-8FD7-F4C5AB05D527}: NameServer = 213.149.32.23,83.139.64.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service (autodesk licensing service) - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsmax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Parallels DHCP Service for Virtual NIC (PRLDHCP) - Unknown owner - C:\Program Files\Parallels\Parallels Workstation\PRLDHCP.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10680 bytes

zwo · 21.01.2009., 20:35

Upravo isti problem kao i kod mene.
Sinoć su počeli prvi simptomi, jutros odmah reinstall windowsa i mirna bosna.

stuc · 21.01.2009., 20:47

Đizus koja trakavica

@revenion

Jes ugasio system restore i jel moš u SAFE MOD ?
Ako možeš onda od tamo čisti komp, probaj instalirat u safe modu S&D pa proskenirat.
Također probaj instalirat Malwarebytes' Anti-Malware i Simply Super Software - Trojan Remover.

krimos · 21.01.2009., 20:48

Najlakše je nabavit vindoze puknut ih unutra oni će ti sami napravit format

zmikic · 21.01.2009., 23:16

Nista sumljivo za sada na ovim tvojim ispisima...

Vjerovatno nisi do kraja maknuo taj trojan Vundo jer na popisu simptoma navodi se taj simptom resetiranja explorer.exe

Probaj ponovo sve te skenove, neki program ce valda vec nesto naci.

Ako si i dalje neuspjesan u pronalazenju necega pokreni program ListDlls. Evo link http://download.sysinternals.com/Files/ListDlls.zip

Pazi, to ti je command line program, prvo otvoris cmd te odes u direktorij gdje si ga otkompresirao
pa ga pokrenes ovako listdlls >popis.txt . To ce napraviti datoteku popis.txt u istom direktoriju.
Otvoris popis.txt, pronadjes proces explorer.exe i copy+paste njegove podatke , isto tako i za
winlogon.exe. Ta dva popisa posaljes na forum.

Neki od tih datoteka sa popisa koji ces poslati su zasluzni za tvoje probleme.

revenion · 22.01.2009., 10:56

winlogon:

winlogon.exe pid: 1312
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c900000 0xaf000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll
0x776c0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x75940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x75930000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76bf0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76bc0000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x76360000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x66500000 0xa000 5.05.0000.0000 C:\WINDOWS\system32\wbsys.dll
0x77f60000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll
0x007b0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x771b0000 0xaa000 6.00.2900.5694 C:\WINDOWS\system32\WININET.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x75970000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x49000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9c0000 0x817000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll
0x00930000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll
0x776e0000 0x23000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76bb0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c60000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x723d0000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x01550000 0x25000 6.14.0010.4177 C:\WINDOWS\system32\Ati2evxx.dll
0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x47020000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x016d0000 0xd000 0.00.0005.0002 C:\Program Files\Common Files\Stardock\mcpstub.dll
0x75950000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x73000000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\wldap32.dll
0x77c70000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\msv1_0.dll
0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x01980000 0x34000 5.00.0000.0001 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
0x72d20000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x01b30000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x72d10000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL

explorer.exe

explorer.exe pid: 3280
Command line: "C:\WINDOWS\explorer.exe"

Base Size Version Path
0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\explorer.exe
0x7c900000 0xaf000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll
0x75f80000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f60000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e290000 0x171000 6.00.2900.5694 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x771b0000 0xaa000 6.00.2900.5694 C:\WINDOWS\system32\WININET.dll
0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9c0000 0x817000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x66500000 0xa000 5.05.0000.0000 C:\WINDOWS\system32\wbsys.dll
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL
0x00be0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
*** Loaded C:\WINDOWS\system32\ddcbbXpM.dll differs from file image:
*** File timestamp: Mon Nov 17 07:07:23 2008
*** Loaded image timestamp: Tue Nov 18 12:01:43 2008
*** 0x00e40000 0xa2000 4.10.0049.0001 C:\WINDOWS\system32\ddcbbXpM.dll
0x76780000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\SHFOLDER.dll
0x76f20000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x7e1e0000 0xa2000 6.00.2900.5694 C:\WINDOWS\system32\urlmon.dll
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x01330000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x71ad0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll
0x5ba60000 0x71000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76380000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x71d40000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x5fc10000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74720000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76980000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76990000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL
0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\setupapi.dll
0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x75f60000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x75f70000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll

zmikic · 22.01.2009., 13:53

Ove dvije datoteke ces preselit u drugi direktorij.

0x00be0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll
*** Loaded C:\WINDOWS\system32\ddcbbXpM.dll differs from file image:
*** File timestamp: Mon Nov 17 07:07:23 2008
*** Loaded image timestamp: Tue Nov 18 12:01:43 2008
*** 0x00e40000 0xa2000 4.10.0049.0001 C:\WINDOWS\system32\ddcbbXpM.dll

1. Provjeri da li se te dvije datoteke nalaze u c:\windows\system32.

2. Napravi popis datoteka u c:\windows\system32 direktoriju tako da u cmd odes u
taj direktorij i izvrsis dir >popis1.txt jer cemo provjeravati sadrzaj direktorija system32
prije i poslije selidbe tih gore dll-a.

3. Skini ovo http://download.sysinternals.com/Files/PendMoves.zip
(isto command-line program ), otkompresiraj u neki direktorij, odi u taj direktorij,
izvrsi movefile C:\WINDOWS\system32\ddcbbXpM.dll c:\
i movefile C:\WINDOWS\system32\UACflehrtkv.dll c:\

4. Izvrsi pendmoves.exe da se uvjeris da ce biti preseljeni.

5. Resetiras kompic

6. Kad se windowsi podignu, pogledas da li su te dvije datoteke preseljene ( da li se
nalaze u c:\ i da li su izbrisane u c:\windows\system32 )

7. Ponovo napravis dir >popis2.txt u system32 direktoriju i usporedis ta dva popisa.
Trebas dobiti da ti fale samo ta dvije datoteke...

Ajd baci se na posao i javi rezultat.

Pazi, ove dvije datoteke mogu biti hidden pa obrati paznju na to ako ih na prvi pogled
ne mozes naci.

Za usporedivanje popis1.txt popis2.txt imas freeware programa koji ti odmah
pokazu razliku. Npr ExamDiff 1.8, http://www.prestosoft.com/download/ed18_setup.zip

revenion · 22.01.2009., 17:46

Daj mi samo objasni kako se koristi ovaj Move/pend file pogledao sam na sysinterals ali nije objasnjeno bas...Kad aktiviram movefile,prvi put mi se pokaze onaj license agree i decline il kako vec,i na trenutak se pojavi cmd prozorcic i nestane...i tako svaki put...ne kuzim kak?

edit:nvm skuzio sam,vidim da si on aj daj ostani jos kojih 5-10 min ak mozes pa cu stavit rezultate

revenion · 22.01.2009., 18:20

dobio sam pm :P,ok anw:
1.Nema ovog UACflehrta,tj ne vidim ga ni u browseru a ni u popis.txt ga nema,(ovog ddcbb ima,u browseru se ne nalazi ali ga nadem u popis.txt),mozda si na to mislio hidden kak da ga otkrijem onda?
2.obavio sam ovu naredbu za ddcbb al se opet napravi novi,ali kod ovog pendmoves kad ga koristim pise mi No Pending File rename operations registered...I tako uvijek...Neznam sta da radim >> ima nest sta sam pogrjesio?btw kad ubacim naredbu movefile pise mi da ce odradit naredbu na boot-u tj da ju je prihvatio ali u popisu pise da je ddcbb isti onaj od 18/01

zmikic · 23.01.2009., 01:07

Dobro za sada. Micanje ovih dll-ova nije rjesenje...

Da li jos drzis ove windowse?

Da li si pokretao Malwarebytes' Anti-Malware kako ti je stuc rekao? Ako nisi napravi to
Znaci, instaliraj ga, updateaj ga (javit ce ti za update na kraju instalacije programa),
pokreni i izaberi Perform Full Scan pa stisni Scan. Kad zavrsi, stisni Show Results pa
na Remove Selected. Otvorit ce ti se log, njega snimi i budes mi ga poslao na forum.

Nakon toga obavi Hijack scan.
Sa Hijack napravi Do a system scan and save a logfile. Kad zavrsi otvoriti ce ti se zapis koji
snimi u datoteku.

Ove dvije datoteke mozes poslati kao privitak uz post ili ih mozes hostat na recimo rapidshare.com
pa posaljes samo linkove. Stvar je sto ces mi slat jos par tih logova pa da drzimo postove
urednim.

20.01.2009., 16:26	#1
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	Problem sa explorer.exe Ovako,vec sam trazio pomoc na jednom forumu i sredio sam pola problema sa EMSI Emergency AntiVirus-om,ali ostao mi je najveci problem...explorer.exe mi se svako malo restarta,iskljci nakon nekoliko sekundi pa opet iskljuci...I tako neprestano,sve dok ga ne pogasim u Procesima...Onda prestane al onda sve moram raditi preko task managera sto nije bas jednostavno...Ostali problemi su mi bili dugo paljenje(sto jos imam al je vjerovatno povezano sa ovim problemom,jer je sad brze od prije),sporo logiranje te gasenje sto je sad sredeno,nisam mogao gledat filmice na youtube,imao sam neki AdBlocking software instaliran itd,uglavnom skoro sve to sam sredio osim ovog explorer.exe-a...Cega se niako nemogu rjesit...Probao sam NOD32,Spybot nemrem pokrenut no koristio sam EMSI-ev program koji je nasao neki Trojan,Vundo!IK kojeg nisam mogao izbrisat jedno 5 puta sam napravio quick scanove pobrisao ga i svaki put se opet napravio,zadnji put sam ga prebacio u karantenu i crashao mi se komp,kad sam opet skenirao nije ga vise bilo...Guglao sam malo o tome al nista puno nisam nasao osim za taj Vundo,no ocito ga vise nema jer sam i sa VundoFix probao pa ga nije nasao...Problem je jos tu...A Anti-Virusi mi nista ne nalaze...Zahvaljujem na svakoj pomoci,i molim sto manje:"Formatiraj si komp,to ti je jedino rjesenje postova."..To znam i sam al prije toga cu rade pokusat spasit komp...

20.01.2009., 19:05	#2
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	Posalji hijack info na forum __________________ walk the talk

20.01.2009., 21:35	#4
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	To se ne instalirava. Skines ovaj exe http://download.bleepingcomputer.com...HiJackThis.exe i pokrenes ga i to je program za radit, nije to instalacija... __________________ walk the talk

21.01.2009., 10:04	#5
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	--> Evo uspio sam ga pokrenut. edit:btw nesto mi je spominjalo Temporary Folder al nije mi bas zvucalo ko nesto vazno pa sam i dalje napravio scan,gdje da stavim HJT a da nije "temporary folder"?i dal da napravim opet scan onda? Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:24.

21.01.2009., 12:15	#6
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	Imas toga puno sto bi ja zbrisao... Ajd za pocetak najednostavnije pogasi u procesima program Rundll32.exe. Javi da li nakon toga explorer.exe prestao padati. __________________ walk the talk

20.01.2009., 20:30	#3
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	Naveo sam da nemogu koristiti S&D i sl,e za tako mi je i za neke druge fajlove...Kad skinem HJT nemrem ga instalirat...Kad ga aktiviram samo se pocinje procesirat ali se nista ne dogada...Dal postoji nesto drugo il online HJT scan?

21.01.2009., 16:22	#8
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	--> ovako nije rundll32 taj koji mi je radio probleme(ovo sta sam napisao da je bilo prije)neg drwn*.dll tak nest...brijem da je isto 32 al nisam siguran(drwn32.dllili nesto slicon)...Ovako napravio sam update sa SP2 na SP3 jer je mozda bio neki bug,jer sam zguglao slicne probleme koji su se rjesili sa Updejtovima...No nista se nije promjenilo...No nasao sam neke nove procese,evo novi Hijack. Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:22.

21.01.2009., 16:34	#9
Valg Guest Moj komp Datum registracije: Jul 2008 Lokacija: City Postovi: 1,404	Sine moj, tebi pomaže samo format C: Znam da to ne želiš, al ovo mi uopće ne zgleda dobro...

21.01.2009., 16:54	#10
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	A bi bio dovoljan Quick Format preko My Computera?Il da napravim potpuni...Nemam windows cd...

21.01.2009., 16:57	#11
~Trt~ red drum Moj komp Datum registracije: Aug 2008 Lokacija: zagreb Postovi: 144	prvo nabavi windblowse pa tek onda radi format ili još bolje nađi nekoga tko zna pa nek ti to sve napravi __________________

21.01.2009., 16:57	#12
Paxton Expert from the shadow Moj komp Datum registracije: Dec 2006 Lokacija: Sibinj Postovi: 696	Neces moci napravit qucik format particije na kojoj ti je sistem nikakako... A nista ti format ni ne vrijedi bez win cda...

21.01.2009., 17:08	#13
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	>> Hmm Ok,ako iko moze jos pomoc neka proba,zahvaljujem na bilokakvoj pomoc ,ja cu dotad pokusat nabavit novi OS >>

21.01.2009., 19:29	#14
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	Pokreni start --> run --> eventvwr.msc Odi u application i probaj naci zapise u vezi explorer.exe ( valda source kolona). Tu bi trebale biti neke informacije. Posalji dva - tri najnovija zapisa na forum. __________________ walk the talk

21.01.2009., 20:15	#15
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	--> Znam formatirat kroz boot,i formatirao sam komp vise puta...Ne zelim ga formatirat iz 2 razloga,1. imam fajlova koji mi trebaju a nemam przilicu ni dovoljno velik stick(1gb) na koji bi ih stavio a 2. od formatiranja se steti sam disk tako da eto...Uglavnom,zmikic nasao sam samo pod Winlogon(kojih ima tone zbog restartova explorera): The shell stopped unexpectedly and explorer.exe was restarted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. No mislim da ti nece pomoc puno?E da,i kad idem u find i pod source uopce se ne nalazi u listi explorer.exe.i evo jos jedan Hijack scan kaj si pito za njega.(btw skeniram ih dok je explorer ukljucen). Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:21.

21.01.2009., 20:35	#16
zwo Premium Moj komp Datum registracije: Jun 2008 Lokacija: Kastela Postovi: 154	Upravo isti problem kao i kod mene. Sinoć su počeli prvi simptomi, jutros odmah reinstall windowsa i mirna bosna.

Oglasni prostor
PC Ekspert Forum Oglas

21.01.2009., 20:47	#17
stuc Banned Datum registracije: May 2005 Lokacija: Online Postovi: 2,404	Đizus koja trakavica @revenion Jes ugasio system restore i jel moš u SAFE MOD ? Ako možeš onda od tamo čisti komp, probaj instalirat u safe modu S&D pa proskenirat. Također probaj instalirat Malwarebytes' Anti-Malware i Simply Super Software - Trojan Remover.

21.01.2009., 20:48	#18
krimos Premium Moj komp Datum registracije: Dec 2008 Lokacija: Zagreb Postovi: 287	Najlakše je nabavit vindoze puknut ih unutra oni će ti sami napravit format __________________ beauty is only a lightswitch away

21.01.2009., 23:16	#19
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	Nista sumljivo za sada na ovim tvojim ispisima... Vjerovatno nisi do kraja maknuo taj trojan Vundo jer na popisu simptoma navodi se taj simptom resetiranja explorer.exe Probaj ponovo sve te skenove, neki program ce valda vec nesto naci. Ako si i dalje neuspjesan u pronalazenju necega pokreni program ListDlls. Evo link http://download.sysinternals.com/Files/ListDlls.zip Pazi, to ti je command line program, prvo otvoris cmd te odes u direktorij gdje si ga otkompresirao pa ga pokrenes ovako listdlls >popis.txt . To ce napraviti datoteku popis.txt u istom direktoriju. Otvoris popis.txt, pronadjes proces explorer.exe i copy+paste njegove podatke , isto tako i za winlogon.exe. Ta dva popisa posaljes na forum. Neki od tih datoteka sa popisa koji ces poslati su zasluzni za tvoje probleme. __________________ walk the talk

22.01.2009., 10:56	#20
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	winlogon: winlogon.exe pid: 1312 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x7c900000 0xaf000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf6000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll 0x77fe0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll 0x776c0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll 0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll 0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll 0x75940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll 0x75930000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll 0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll 0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll 0x76bf0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL 0x76bc0000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll 0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll 0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll 0x76360000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll 0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll 0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll 0x66500000 0xa000 5.05.0000.0000 C:\WINDOWS\system32\wbsys.dll 0x77f60000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll 0x007b0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll 0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll 0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x771b0000 0xaa000 6.00.2900.5694 C:\WINDOWS\system32\WININET.dll 0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll 0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x75970000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll 0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x763b0000 0x49000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll 0x7c9c0000 0x817000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll 0x00930000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll 0x776e0000 0x23000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll 0x76bb0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll 0x76c60000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll 0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll 0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll 0x723d0000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL 0x76f50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll 0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll 0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL 0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll 0x01550000 0x25000 6.14.0010.4177 C:\WINDOWS\system32\Ati2evxx.dll 0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll 0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll 0x47020000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll 0x016d0000 0xd000 0.00.0005.0002 C:\Program Files\Common Files\Stardock\mcpstub.dll 0x75950000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll 0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll 0x73000000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV 0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll 0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\wldap32.dll 0x77c70000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\msv1_0.dll 0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll 0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll 0x01980000 0x34000 5.00.0000.0001 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 0x72d20000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv 0x01b30000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll 0x72d10000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv 0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll 0x77bd0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll 0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL 0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL explorer.exe explorer.exe pid: 3280 Command line: "C:\WINDOWS\explorer.exe" Base Size Version Path 0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\explorer.exe 0x7c900000 0xaf000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf6000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll 0x77fe0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll 0x75f80000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll 0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll 0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll 0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll 0x77f60000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll 0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll 0x7e290000 0x171000 6.00.2900.5694 C:\WINDOWS\system32\SHDOCVW.dll 0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll 0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll 0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll 0x771b0000 0xaa000 6.00.2900.5694 C:\WINDOWS\system32\WININET.dll 0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll 0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll 0x7c9c0000 0x817000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll 0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll 0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll 0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll 0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll 0x66500000 0xa000 5.05.0000.0000 C:\WINDOWS\system32\wbsys.dll 0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL 0x00be0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll 0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll * Loaded C:\WINDOWS\system32\ddcbbXpM.dll differs from file image: * File timestamp: Mon Nov 17 07:07:23 2008 * Loaded image timestamp: Tue Nov 18 12:01:43 2008 * 0x00e40000 0xa2000 4.10.0049.0001 C:\WINDOWS\system32\ddcbbXpM.dll 0x76780000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\SHFOLDER.dll 0x76f20000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x7e1e0000 0xa2000 6.00.2900.5694 C:\WINDOWS\system32\urlmon.dll 0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll 0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x01330000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll 0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll 0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll 0x71ad0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll 0x5ba60000 0x71000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll 0x76380000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll 0x71d40000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll 0x5fc10000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll 0x74720000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x76980000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll 0x76990000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll 0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL 0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\setupapi.dll 0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll 0x75f60000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll 0x71c10000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll 0x71cd0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll 0x71c90000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll 0x71c80000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll 0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll 0x75f70000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll

22.01.2009., 13:53	#21
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	Ove dvije datoteke ces preselit u drugi direktorij. 0x00be0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll * Loaded C:\WINDOWS\system32\ddcbbXpM.dll differs from file image: * File timestamp: Mon Nov 17 07:07:23 2008 * Loaded image timestamp: Tue Nov 18 12:01:43 2008 * 0x00e40000 0xa2000 4.10.0049.0001 C:\WINDOWS\system32\ddcbbXpM.dll 1. Provjeri da li se te dvije datoteke nalaze u c:\windows\system32. 2. Napravi popis datoteka u c:\windows\system32 direktoriju tako da u cmd odes u taj direktorij i izvrsis dir >popis1.txt jer cemo provjeravati sadrzaj direktorija system32 prije i poslije selidbe tih gore dll-a. 3. Skini ovo http://download.sysinternals.com/Files/PendMoves.zip (isto command-line program ), otkompresiraj u neki direktorij, odi u taj direktorij, izvrsi movefile C:\WINDOWS\system32\ddcbbXpM.dll c:\ i movefile C:\WINDOWS\system32\UACflehrtkv.dll c:\ 4. Izvrsi pendmoves.exe da se uvjeris da ce biti preseljeni. 5. Resetiras kompic 6. Kad se windowsi podignu, pogledas da li su te dvije datoteke preseljene ( da li se nalaze u c:\ i da li su izbrisane u c:\windows\system32 ) 7. Ponovo napravis dir >popis2.txt u system32 direktoriju i usporedis ta dva popisa. Trebas dobiti da ti fale samo ta dvije datoteke... Ajd baci se na posao i javi rezultat. Pazi, ove dvije datoteke mogu biti hidden pa obrati paznju na to ako ih na prvi pogled ne mozes naci. Za usporedivanje popis1.txt popis2.txt imas freeware programa koji ti odmah pokazu razliku. Npr ExamDiff 1.8, http://www.prestosoft.com/download/ed18_setup.zip __________________ walk the talk

22.01.2009., 17:46	#22
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	Daj mi samo objasni kako se koristi ovaj Move/pend file pogledao sam na sysinterals ali nije objasnjeno bas...Kad aktiviram movefile,prvi put mi se pokaze onaj license agree i decline il kako vec,i na trenutak se pojavi cmd prozorcic i nestane...i tako svaki put...ne kuzim kak? edit:nvm skuzio sam,vidim da si on aj daj ostani jos kojih 5-10 min ak mozes pa cu stavit rezultate

22.01.2009., 18:20	#23
revenion Registered User Datum registracije: Oct 2007 Lokacija: Croatia Postovi: 22	dobio sam pm :P,ok anw: 1.Nema ovog UACflehrta,tj ne vidim ga ni u browseru a ni u popis.txt ga nema,(ovog ddcbb ima,u browseru se ne nalazi ali ga nadem u popis.txt),mozda si na to mislio hidden kak da ga otkrijem onda? 2.obavio sam ovu naredbu za ddcbb al se opet napravi novi,ali kod ovog pendmoves kad ga koristim pise mi No Pending File rename operations registered...I tako uvijek...Neznam sta da radim >> ima nest sta sam pogrjesio?btw kad ubacim naredbu movefile pise mi da ce odradit naredbu na boot-u tj da ju je prihvatio ali u popisu pise da je ddcbb isti onaj od 18/01

23.01.2009., 01:07	#24
zmikic Premium Datum registracije: Jan 2008 Lokacija: Zg Postovi: 206	Dobro za sada. Micanje ovih dll-ova nije rjesenje... Da li jos drzis ove windowse? Da li si pokretao Malwarebytes' Anti-Malware kako ti je stuc rekao? Ako nisi napravi to Znaci, instaliraj ga, updateaj ga (javit ce ti za update na kraju instalacije programa), pokreni i izaberi Perform Full Scan pa stisni Scan. Kad zavrsi, stisni Show Results pa na Remove Selected. Otvorit ce ti se log, njega snimi i budes mi ga poslao na forum. Nakon toga obavi Hijack scan. Sa Hijack napravi Do a system scan and save a logfile. Kad zavrsi otvoriti ce ti se zapis koji snimi u datoteku. Ove dvije datoteke mozes poslati kao privitak uz post ili ih mozes hostat na recimo rapidshare.com pa posaljes samo linkove. Stvar je sto ces mi slat jos par tih logova pa da drzimo postove urednim. __________________ walk the talk