MyCity » Ambulanta -> Arhiva Ambulante » Adware?

Adware?

Napisano na dan: 26.3.2008

Strana:
1
2

Adware?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

knkswviz Poslao: 26 Mar 2008 12:54 Idi na vrh
offline knkswviz Građanin Pridružio: 17 Sep 2007 Poruke: 292	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 12:52:35, on 26.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Bodzi\Desktop\New Folder\TR3.exe..exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing) O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: apdqnxp - {C04ACFF5-D838-4090-B00C-038BC9BB14BC} - (no file) O21 - SSODL: btrklfr - {993C860E-1791-4950-A15E-CB0D2F1C5857} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

helen1 Poslao: 26 Mar 2008 13:53 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, moze li neko objasnjenje problema,ako ga ima?Ko javlja Adware?

Profil

knkswviz Poslao: 26 Mar 2008 15:00 Idi na vrh
offline knkswviz Građanin Pridružio: 17 Sep 2007 Poruke: 292	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pa avast je nasao nesto u pisalo gde je smesten sad ne mogu da se setim gde

Profil

helen1 Poslao: 26 Mar 2008 15:15 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo po starom: Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

knkswviz Poslao: 26 Mar 2008 21:28 Idi na vrh
offline knkswviz Građanin Pridružio: 17 Sep 2007 Poruke: 292	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-25.4 - Bodzi 2008-03-26 21:14:24.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.38 [GMT 1:00] Running from: C:\Documents and Settings\Bodzi\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\kmd.exe C:\WINDOWS\rs.txt . ((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))) . 2008-03-26 20:36 . 2008-03-26 20:36 <DIR> d-------- C:\Documents and Settings\Bodzi\dwhelper 2008-03-26 15:00 . 2008-03-26 20:37 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-03-26 15:00 . 2008-03-26 15:00 <DIR> d-------- C:\Documents and Settings\Bodzi\Application Data\PC Tools 2008-03-26 15:00 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-26 15:00 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-26 15:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-26 15:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-26 14:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-03-26 13:36 . 2008-03-26 21:15 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4 2008-03-20 12:54 . 2008-03-20 12:54 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter 2008-03-16 20:29 . 2008-03-16 20:29 <DIR> d-------- C:\Program Files\Disc2Phone 2008-03-16 20:19 . 2008-03-16 20:19 0 --a------ C:\WINDOWS\mngui.INI 2008-03-16 20:10 . 2008-03-16 20:10 <DIR> d-------- C:\Documents and Settings\Bodzi\Application Data\Sony Ericsson 2008-03-08 20:24 . 2008-03-08 20:24 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-08 20:23 . 2008-03-08 20:23 <DIR> d-------- C:\Program Files\Illustrate 2008-03-04 22:32 . 2008-03-04 22:32 <DIR> d-------- C:\VundoFix Backups 2008-03-04 22:25 . 2008-03-03 20:10 81,920 --a------ C:\WINDOWS\fqspogw.exe 2008-03-03 16:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-03 16:21 . 2008-03-03 16:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-03 15:12 . 2008-03-03 15:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 15:11 . 2008-03-03 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-28 20:36 . 2004-08-04 08:56 158,208 --a------ C:\msconfig.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 20:13 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Skype 2008-03-26 20:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-26 12:20 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Lavasoft 2008-03-17 11:29 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-11 20:56 --------- d-----w C:\Program Files\Star Defender 4 2008-03-08 20:09 --------- d-----w C:\Program Files\mIRC 2008-03-03 15:22 --------- d-----w C:\Program Files\Windows Live 2008-03-03 14:43 --------- d-----w C:\Program Files\MSN Messenger 2008-02-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-21 15:35 --------- d-----w C:\Program Files\Skype 2008-02-18 16:59 --------- d-----w C:\Program Files\Red Eye Remover 2008-02-16 18:48 --------- d-----w C:\Program Files\GameTop.com 2008-02-16 11:13 --------- d-----w C:\Program Files\Google 2008-02-16 10:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-14 15:32 --------- d-----w C:\Program Files\Infogrames 2008-02-14 13:20 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-13 12:33 71,782 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-13 12:33 5,417 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-12 17:25 --------- d-----w C:\Program Files\Carnivores 2 2008-02-09 18:30 --------- d-----w C:\Program Files\Yahoo! 2008-02-09 18:26 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-02-09 16:43 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Leadertech 2008-02-09 16:23 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\AdobeAUM 2008-02-09 16:20 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Teleca 2008-02-09 12:52 --------- d-----w C:\Program Files\Easy Duplicate Finder 2008-02-09 12:16 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Orbit . ------- Sigcheck ------- 2005-01-27 18:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll 2005-07-03 03:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$NtUninstallKB928090$\wininet.dll 2007-01-04 15:05 698880 045b3d4e1d8a64788131ac9565568e2b C:\WINDOWS\$NtUninstallKB942615$\wininet.dll 2007-10-11 06:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-02-20 10:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll 2007-02-20 10:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll 2007-12-07 01:44 699904 7d46ce6fcd7ba4d6498dc3b3c99115d2 C:\WINDOWS\system32\wininet.dll 2007-12-07 01:44 699904 7d46ce6fcd7ba4d6498dc3b3c99115d2 C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-13 11:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 08:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 11:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-10-18 18:47 21147944] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2004-09-02 06:47 49152 C:\WINDOWS\system32\SiSPower.dll] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-04 20:22 180269] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-04 08:56 99840] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:59 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^RocketDock.lnk] backup=C:\WINDOWS\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^TransBar.lnk] backup=C:\WINDOWS\pss\TransBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^UberIcon.lnk] backup=C:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^Y'z Shadow.lnk] backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk] backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 08:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MorEmoticons] --a------ 2007-11-12 03:35 64000 C:\Program Files\Skype\MorEmoticons\MorEmoticons.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2004-09-22 17:46 192512 C:\WINDOWS\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:35 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] --a------ 2007-05-21 05:04 393728 C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-07-12 11:15 106496 C:\WINDOWS\SiSUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] --a------ 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2006-12-27 15:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-05-04 20:22 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe8677e0-f2b5-11dc-8373-0011e622deb0}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe . Contents of the 'Scheduled Tasks' folder "2008-03-05 21:56:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-26 21:18:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-03-26 21:20:49 ComboFix-quarantined-files.txt 2008-03-26 20:19:51 . 2008-02-13 12:12:33 --- E O F ---

Profil

helen1 Poslao: 28 Mar 2008 18:27 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\fqspogw.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe8677e0-f2b5-11dc-8373-0011e622deb0}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

knkswviz Poslao: 28 Mar 2008 20:57 Idi na vrh
offline knkswviz Građanin Pridružio: 17 Sep 2007 Poruke: 292	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-27.1 - Bodzi 2008-03-28 20:40:46.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT 1:00] Running from: C:\Documents and Settings\Bodzi\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Bodzi\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\fqspogw.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\fqspogw.exe . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))) . 2008-03-26 20:36 . 2008-03-26 20:36 <DIR> d-------- C:\Documents and Settings\Bodzi\dwhelper 2008-03-26 15:00 . 2008-03-26 20:37 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-03-26 15:00 . 2008-03-26 15:00 <DIR> d-------- C:\Documents and Settings\Bodzi\Application Data\PC Tools 2008-03-26 15:00 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-26 15:00 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-26 15:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-26 15:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-26 14:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-03-26 13:36 . 2008-03-28 20:27 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4 2008-03-20 12:54 . 2008-03-20 12:54 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter 2008-03-16 20:29 . 2008-03-16 20:29 <DIR> d-------- C:\Program Files\Disc2Phone 2008-03-16 20:19 . 2008-03-16 20:19 0 --a------ C:\WINDOWS\mngui.INI 2008-03-16 20:10 . 2008-03-16 20:10 <DIR> d-------- C:\Documents and Settings\Bodzi\Application Data\Sony Ericsson 2008-03-08 20:24 . 2008-03-08 20:24 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-08 20:23 . 2008-03-08 20:23 <DIR> d-------- C:\Program Files\Illustrate 2008-03-04 22:32 . 2008-03-04 22:32 <DIR> d-------- C:\VundoFix Backups 2008-03-03 16:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-03 16:21 . 2008-03-03 16:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-03 15:12 . 2008-03-03 15:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 15:11 . 2008-03-03 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-28 20:36 . 2004-08-04 08:56 158,208 --a------ C:\msconfig.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 19:28 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Skype 2008-03-26 20:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-26 12:20 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Lavasoft 2008-03-17 11:29 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-11 20:56 --------- d-----w C:\Program Files\Star Defender 4 2008-03-08 20:09 --------- d-----w C:\Program Files\mIRC 2008-03-03 15:22 --------- d-----w C:\Program Files\Windows Live 2008-03-03 14:43 --------- d-----w C:\Program Files\MSN Messenger 2008-02-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-21 15:35 --------- d-----w C:\Program Files\Skype 2008-02-18 16:59 --------- d-----w C:\Program Files\Red Eye Remover 2008-02-16 18:48 --------- d-----w C:\Program Files\GameTop.com 2008-02-16 11:13 --------- d-----w C:\Program Files\Google 2008-02-16 10:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-14 15:32 --------- d-----w C:\Program Files\Infogrames 2008-02-14 13:20 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-13 12:33 71,782 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-13 12:33 5,417 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-12 17:25 --------- d-----w C:\Program Files\Carnivores 2 2008-02-09 18:30 --------- d-----w C:\Program Files\Yahoo! 2008-02-09 18:26 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-02-09 16:43 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Leadertech 2008-02-09 16:23 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\AdobeAUM 2008-02-09 16:20 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Teleca 2008-02-09 12:52 --------- d-----w C:\Program Files\Easy Duplicate Finder 2008-02-09 12:16 --------- d-----w C:\Documents and Settings\Bodzi\Application Data\Orbit . ------- Sigcheck ------- 2005-01-27 18:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll 2005-07-03 03:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$NtUninstallKB928090$\wininet.dll 2007-01-04 15:05 698880 045b3d4e1d8a64788131ac9565568e2b C:\WINDOWS\$NtUninstallKB942615$\wininet.dll 2007-10-11 06:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-02-20 10:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll 2007-02-20 10:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll 2007-12-07 01:44 699904 7d46ce6fcd7ba4d6498dc3b3c99115d2 C:\WINDOWS\system32\wininet.dll 2007-12-07 01:44 699904 7d46ce6fcd7ba4d6498dc3b3c99115d2 C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-13 11:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 08:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 11:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],34 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-27 19:13:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-10-18 18:47 21147944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2004-09-02 06:47 49152 C:\WINDOWS\system32\SiSPower.dll] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-04 20:22 180269] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 08:56 158208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-04 08:56 99840] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:59 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^RocketDock.lnk] backup=C:\WINDOWS\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^TransBar.lnk] backup=C:\WINDOWS\pss\TransBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^UberIcon.lnk] backup=C:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^Y'z Shadow.lnk] backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bodzi^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk] backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 08:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MorEmoticons] --a------ 2007-11-12 03:35 64000 C:\Program Files\Skype\MorEmoticons\MorEmoticons.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2004-09-22 17:46 192512 C:\WINDOWS\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:35 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] --a------ 2007-05-21 05:04 393728 C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-07-12 11:15 106496 C:\WINDOWS\SiSUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] --a------ 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2006-12-27 15:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-05-04 20:22 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] . Contents of the 'Scheduled Tasks' folder "2008-03-26 21:56:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-28 20:46:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-28 20:48:24 ComboFix-quarantined-files.txt 2008-03-28 19:48:08 Pre-Run: 8,700,735,488 bytes free Post-Run: 8,687,202,304 bytes free . 2008-02-13 12:12:33 --- E O F ---

Profil

helen1 Poslao: 31 Mar 2008 21:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo,izvini sto si cekao,malo se zakomplikovalo. Potrebno je da nam ponovo postavis HiJack This log.

Profil

knkswviz Poslao: 31 Mar 2008 22:06 Idi na vrh
offline knkswviz Građanin Pridružio: 17 Sep 2007 Poruke: 292	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 22:03:36, on 31.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Bodzi\Desktop\New Folder\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing) O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: apdqnxp - {C04ACFF5-D838-4090-B00C-038BC9BB14BC} - (no file) O21 - SSODL: btrklfr - {993C860E-1791-4950-A15E-CB0D2F1C5857} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

helen1 Poslao: 31 Mar 2008 22:24 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, pokreni ponovo HJT i pokreni skeniranje,kad zavrsi cekiraj kucice ispred sledecih linija: O21 - SSODL: apdqnxp - {C04ACFF5-D838-4090-B00C-038BC9BB14BC} - (no file) O21 - SSODL: btrklfr - {993C860E-1791-4950-A15E-CB0D2F1C5857} - (no file) i klikni FIX CHECKED. Potom restartuj racunar, i postavi novi HJT log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Adware?

Ko je trenutno na forumu

Ukupno su 2229 korisnika na forumu :: 80 registrovanih, 7 sakrivenih i 2142 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5623 - dana 13 Dec 2025 19:56

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, 357magnum, amonsrb, antonije64, Apok, awathorn, black venom, bojan1234, bojan_t, Boris BM, boromir, C-Gun, crazydkure, darionis, DavidA, DejanSt, Dekanovic, Deki Duga Devetka, Despot1, dijica, djboj, doktor097, Dovla 1980, draganca, dukajov, Dusko Nikolin, EVIDENTICAR, GeoM, Gitzherai, jarovitt, Kajzer Soze, KizJ, Kobrim, kolle.the.kid, kori, Koser, kutija11, ladro, laurusri, lcc, lord sir giga, Lošmi, luka35, M74AB3, Marko1238, medaTT, mercedesamg, mikidragi, Milos ZA, milos97, minmatar34957, nesa1962, neutrino, Nikola Galovic, Orijen, Paki, Paklenica, Panter, PITT, sluga, sspp, stegonosa, stokssone, tesa, Tribal, Troja, tuf, ujke, vathra, vensla, vjetar, Vlada78, Vladimir90, Voice1, Volkhov-M, vukajlo71, yufighter, zmajbre, Zorge, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by