Nepoznat startup item-virus?
Prikazujem rezultate 1 do 16 od 16

Tema: Nepoznat startup item-virus?

  1. #1
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Nepoznat startup item-virus?

    Par puta mi se do sada kao startup item pojavljivalo My App, koju sam primetio i brisao pomocu TuneUp Utilities(this startup entry points to an invalid target and should be removed),ali mi se uvek posle nekoliko dana vracalo. Danas mi se opet pojavilo i skeniranjem ga je detektovao samo Spyware Terminator kao invalid startup item i takodje se moze obrisati, ali kako da ga potpuno uklonim da se vise ne vraca?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:43:10, on 4.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hijack This\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [My App] a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - H:\Diskeeper2007\DkService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: NBService - Nero AG - F:\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 4375 bytes



  2. #2
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Nepoznat startup item-virus?

    Skeniraj opet ali iz normal moda.

  3. #3
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    jel treba da menjam naziv aplikacije?

  4. #4
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Nepoznat startup item-virus?

    Promeni...

    Usput, jel' imaš AV softver?

  5. #5
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:16:12, on 4.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    H:\Diskeeper2007\DkService.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Hijack This\dmdmdmdm.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [My App] a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - H:\Diskeeper2007\DkService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: NBService - Nero AG - F:\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 5251 bytes

  6. #6
    Obećava Iron Chin (avatar)
    Učlanjen
    27.07.2007.
    Poruke
    62
    Reputaciona moć
    38

    Podrazumevano Re: Nepoznat startup item-virus?

    Citat Original postavio dr_Bora
    Promeni...

    Usput, jel' imaš AV softver?
    Mislim da ima Kaspersky.

  7. #7
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    imam KIS6

  8. #8
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Nepoznat startup item-virus?

    Da, da, vidim... Beše to jedno glupo pitanje.

    Ovako... Ovi logovi su čisti i na pc-u verovatno nema malware-a.
    E sad: nešto upisuje onu stavku u registry.

    Idi u My Computer pa na Search i podesi da ti pretražuje sve file-ove i potraži:
    a.*

    Ako ništa ne pronađe, onda...
    Skini Startup Monitor: http://mlin.net/StartupMonitor.shtml .
    Onu MyApp stavku ukloni, pa instaliraj Startup Monitor. Kao što se vidi na stranici, SM će ti prijaviti kad god neki program pokuša da upiše stavku u Run sekciju.
    Znači, prosto čekaj da se idući put dogodi isto i onda će ti SM ''reći'' koji program brljavi.
    Ništa drugo mi ne pada na pamet...

  9. #9
    Obećava Iron Chin (avatar)
    Učlanjen
    27.07.2007.
    Poruke
    62
    Reputaciona moć
    38

    Podrazumevano Re: Nepoznat startup item-virus?

    Citat Original postavio dr_Bora
    Da, da, vidim... Beše to jedno glupo pitanje.
    Svaka cast za salu

  10. #10
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    Nista nije pronadjeno. Skidam Startup monitor.

  11. #11
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Nepoznat startup item-virus?

    @Iron Chin: :wink:

    @ohios: Kad skontaš šta pravi problem, javi... Da znamo...

    poz

  12. #12
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    naravno. hvala.

  13. #13
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Nepoznat startup item-virus?

    Ove stvari ja bi čekirao sa HijackThis-om i kliknuo na "Fix"
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -
    Zadnji bi izbacio iz kompa samo zato što on služi samo za developere i za ulazak i pravljenje naloga od strane microsofta u računaru , ako ga ne ukloniš nemoj se iznenaditi da ti uskoro u safe modu pojavi još jedan nalog pod imenom ASP.NET
    Toliko od mene

  14. #14
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    Upozorio me Startup Monitor "The program My App has registered the executable a to run at system startup" i to kada sam pokrenuo Desktop Clock, i proverio sam jos par puta da bih bio siguran. Uklonio sam ga iz sistema, valjda "a" i "my app" vise nece da se pojavljuju ali cu ostaviti Startup Monitor za svaki slucaj. Hvala svima.

  15. #15
    Obećava Iron Chin (avatar)
    Učlanjen
    27.07.2007.
    Poruke
    62
    Reputaciona moć
    38

    Podrazumevano Re: Nepoznat startup item-virus?

    Za svaki slucaj skeniraj sistem nekim antirootkitom.

  16. #16
    Početnik
    Učlanjen
    04.08.2007.
    Pol
    muški
    Poruke
    8
    Reputaciona moć
    0

    Podrazumevano Re: Nepoznat startup item-virus?

    Imam vec AVG antirootkit i Panda antirootkit ali mi nikad nisu nista nasli.

Slične teme

  1. Startup
    Autor sasa6 u forumu Softver
    Odgovora: 8
    Poslednja poruka: 08.09.2008., 10:01
  2. Regedit u Startup-u
    Autor dragom53 u forumu Softver
    Odgovora: 1
    Poslednja poruka: 12.06.2006., 17:21
  3. StartUp meni---XP
    Autor XPsp6 u forumu Operativni sistemi
    Odgovora: 1
    Poslednja poruka: 30.04.2004., 10:36
  4. Startup
    Autor Freier u forumu Operativni sistemi
    Odgovora: 1
    Poslednja poruka: 17.01.2004., 13:21

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •