virusi :(
Hej…prosim za nasvet laiku:
glede na pocasno delovanje rac. (win xp home, explorer), sem nasla program, Spyware doctor. No, ta je potem pokazal razne groznje, ki pa jih lahko pozdravi le, ce ga kupim…
No, sicer nisem gorenjka ampak vseen ne bi to tko, se posebej, ker upam, da se da na kak drugacen nacin. Norton (ki sem ga ze kupla :), nic ne najde. Nic ne najde niti ad-aware, niti Spybot. Niti antivir.
Jah, ne vem, mogoce kak nasvet, kako ustimat?
No, da povem, kaj je najdu:
e-Universe/IncrediFind
Kazaa Promotional Items
Slim FTP
Tracking Cookies
Lycos Side Search
Na lokacijah: miltiple, HKCU/Software Kazaa…itd itd.
No, ne vem niti, ce je to res kako povezano s pocasnostjo pc-ja, ampak vseeno… kak nasvet?
Hvala.
Ljubi hmmm, ne vem ce sm prov naredila (s temle hijackom, mislim), ker je nasel ogromno reci. Ok, pripopala bom semle, sam je res veliko… tko, da se ne jezit 
LP
Logfile of HijackThis v1.99.1
Scan saved at 16:21:30, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_TDMEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D-6927-48C8-A975-17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 – BHO: NAV Helper – {BDF3E430-B101-42AD-A544-FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 – HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 – HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\RunOnce: [SpybotSnD] “C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe” /autocheck
O4 – HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 – HKCU\..\Run: [Spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q
O4 – Global Startup: Image Transfer.lnk = ?
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 – Extra button: Spyware Doctor – {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) – https://edavki.durs.si/OpenPortal/Gui/Applets/hslDigSigX.cab
O16 – DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) – http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: PPPoE Service (PPPoEService) – Unknown owner – C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Forum je zaprt za komentiranje.