explorer.exe se restartuje ili nestaje

[ deki77 @ 06.07.2008. 16:48 ] @

Znači imam problem sa ovom zezancijom..
Prosto nema pravila...nestane mi explorer pa moram ručno da ga podignem u tasku newtask>explorer.exe
Nema pravila u restartu, jer se restartuje sam od sebe ili ako kliknem npr control panel ili neki folder na desk topu
Sumljam da mi je ovo uradio virus jer mi je AV(nod32) našao 2 komada "NewHeur_PE" virus..
Koji su uklonjeni..
Takođe sam pratio i servise i skenirao sa HJD..
Odradio sam i system restore i ponovo isto..

Ako vam nešto znači

Code:
Description:The shell stopped unexpectedly and explorer.exe was restarted.
Event ID: 1002
Source: Winlogon
"EVENT_SHELL_RESTARTED"

Dali je imao neko sličnih problema i kako je rešio ovo ???
hvala

[ deki77 @ 06.07.2008. 18:51 ] @

evo i rezultata skeniranja

Code:
Inficirane fascikle: 2
Inficirane datoteke: 19

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
C:WINDOWSsystem32opnlKeeD.dll (Trojan.Vundo) -> No action taken.
C:WINDOWSsystem32qoMgfCVl.dll (Trojan.Vundo) -> No action taken.

Inficirani kljuèevi u registru:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4376e596-04f6-4dfe-b433-0e3f2b73419f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOTCLSID{4376e596-04f6-4dfe-b433-0e3f2b73419f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOTCLSID{911551e5-4b0f-4021-bd18-a24f9e558a94} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{911551e5-4b0f-4021-bd18-a24f9e558a94} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyqomgfcvl (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOTCLSID{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOTTypeLib{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOTInterface{9ebb289a-2d7b-465b-825f-1530b813e95a} (Adware.DosPopToolbar) -> No action taken.
HKEY_CLASSES_ROOTInterface{cd5c92ae-97b0-4bc3-ba65-ba0308d543bf} (Adware.DosPopToolbar) -> No action taken.
HKEY_CLASSES_ROOTTypelib{77aa25e8-6083-4949-a831-9cb11861dc10} (Adware.DosPopToolbar) -> No action taken.
HKEY_CLASSES_ROOTInterface{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOTURLSearchHook.ToolbarURLSearchHook (Adware.DosPopToolbar) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> No action taken.

Inficirane vrednosti u registru:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{911551e5-4b0f-4021-bd18-a24f9e558a94} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesMicrosoft Windows Sound (Backdoor.Bot) -> No action taken.

Inficirani podaci u registru:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo) -> Data: c:windowssystem32opnlkeed -> No action taken.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo) -> Data: c:windowssystem32opnlkeed -> No action taken.

Inficirane fascikle:
C:Program FilesIEToolbar (Adware.DosPopToolbar) -> No action taken.

Inficirane datoteke:
C:WINDOWSsystem32opnlKeeD.dll (Trojan.Vundo) -> No action taken.
C:WINDOWSsystem32DeeKlnpo.ini (Trojan.Vundo) -> No action taken.
C:WINDOWSsystem32DeeKlnpo.ini2 (Trojan.Vundo) -> No action taken.
C:WINDOWSsystem32qoMgfCVl.dll (Trojan.Vundo) -> No action taken.
C:WINDOWSsystem32svshost.exe (Trojan.Agent) -> No action taken.
C:WINDOWSsystem32urqppOef.dll (Trojan.Vundo) -> No action taken.
C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5S74L6VWPCAS2CBN5 (Troj
C:WINDOWSsystem32msupdte.exe (Backdoor.Bot) -> No action taken.