HELP zakacio sam nesto!!!

1

HELP zakacio sam nesto!!!

offline
  • Mixy 
  • Novi MyCity građanin
  • Pridružio: 18 Jul 2007
  • Poruke: 9

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Imas par infekcija na racunaru tako da ce otklanjanje ici u par koraka. Poskidaj prvo potreban software iz ovog mog posta a uputstvo za otklanjanje (verujem da ce ti biti zgodnije) iskopiraj u neki dokument i odradi postupak offline.


Pokreni HijackThis i idi na opciju “Do a system scan only. Pronađi ove linije koje sam ti naveo ispod, štikliraj ih i klikni na “Fix Checked.

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} – h*tp://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
---------------

* Skinuces zatim [url=https://www.mycity.rs/must-login.png fajl[/url]
* Desni klik na fajl i odabrati Extract All, raspakovati fajlove na C:\
* Ući u folder C:\bfu_navipromo i startovati BFU.exe
* Po startovanju programa kliknuti na ikonicu foldera i odabrati fajl EGDACCESS.bfu
* Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
* Kliknuti ponovo na ikonicu foldera i odabrati fajl aftermath.bfu
* Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
-----------

Iskoristićeš ujedno i program catchme (koji si vec skinuo), pokreni ga i idi na na tab Script. Kopiraj ovo iz code taga i stisni Run.
 files to kill:
C:\WINDOWS\ Regscan.exe

Kada završiš sve ovo obavezno restartuj računar.

-----------------
Kada podignes Windows, preskeniraces racunar Deckard's System Scanner-om (zatvori sve pokrenute programe dok skeniras). Postuj mi u sledeci post sadržaj loga koji on bude napravio.

offline
  • Mixy 
  • Novi MyCity građanin
  • Pridružio: 18 Jul 2007
  • Poruke: 9

Uradio sam sve kao sto si mi rekao ali kad sam pokrenuo catchme i uradio ono sto si napisao pisalo je ovo: Script complited with errors. Takodje mi se na desktopu pojavio folder u kome je Notepad catchme.log i kad ga otvorim pise ovo: source file error: C:\WINDOWS\ Regscan.exe. Deckard's System Scanner je napravio dva loga main.txt i extra.txt pa evo njihovog sadrzaja:


main.txt:

Deckard's System Scanner v20070711.54
Run by WinXP on 2007-07-18 at 17:24:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
82: 2007-07-18 15:24:15 UTC - RP227 - Deckard's System Scanner Restore Point
81: 2007-07-17 18:26:24 UTC - RP226 - System Checkpoint
80: 2007-07-16 16:58:27 UTC - RP225 - System Checkpoint
79: 2007-07-15 12:44:36 UTC - RP224 - Software Distribution Service 3.0
78: 2007-07-13 21:02:35 UTC - RP223 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-04-19 13:24:53 UTC - RP146 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as WinXP.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:26:07, on 18.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WinXP\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\WinXP.exe

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070718-170950-360 O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
backup-20070718-170950-518 O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
backup-20070718-170950-600 R3 - URLSearchHook: (no name) - - (no file)
backup-20070718-170950-755 O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 hwpsgt - c:\windows\system32\drivers\hwpsgt.sys
R2 lemsgt - c:\windows\system32\drivers\lemsgt.sys
R3 Intels51 (Intel(R) 536EP Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>

S3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>


-- Scheduled Tasks -------------------------------------------------------------

2007-02-07 23:53:09 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162677188.job


-- Files created between 2007-06-18 and 2007-07-18 -----------------------------

2007-07-18 17:14:47 0 d-------- C:\bfu navipromo
2007-07-18 16:06:10 0 d-------- C:\Program Files\Dealio
2007-07-18 15:57:36 0 d-------- C:\Program Files\DiskSweeper20
2007-07-18 13:28:15 0 d-------- C:\WINDOWS\system32\bfubackups
2007-07-08 23:24:36 0 d-------- C:\Program Files\HackCleaner
2007-07-04 17:41:57 0 d-------- C:\Program Files\Recnik20
2007-06-30 16:54:25 0 d-------- C:\Documents and Settings\WinXP\Contacts
2007-06-30 15:38:42 0 d-------- C:\Documents and Settings\WinXP\Application Data\MSNInstaller
2007-06-30 13:01:30 0 d-------- C:\sql2ksp3
2007-06-29 13:55:16 0 d-------- C:\Program Files\SourceForge
2007-06-26 16:47:53 0 d-------- C:\Program Files\CalCal
2007-06-25 15:51:03 0 d-------- C:\Program Files\3GP Player
2007-06-20 14:41:03 0 d-------- C:\Program Files\MP3 Player Utilities 4.03
2007-06-20 14:24:40 0 d-------- C:\Program Files\USB Disk Win98 Driver
2007-06-20 14:04:53 0 d-------- C:\Program Files\Mobtel Decoder 1.0
2007-06-19 16:05:23 0 d-------- C:\Documents and Settings\IVICA PICKICA\My Documents


-- Find3M Report ---------------------------------------------------------------

2007-07-18 17:22:50 0 d-------- C:\Program Files\Symantec AntiVirus
2007-07-12 12:29:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-09 12:43:58 0 d-------- C:\Program Files\Google
2007-06-30 16:53:13 0 d-------- C:\Program Files\MSN Messenger
2007-06-19 16:03:20 0 d-------- C:\Program Files\Activision
2007-06-12 15:49:40 0 d-------- C:\Program Files\arush
2007-06-12 15:47:40 0 d-------- C:\Program Files\Common Files\NetActive
2007-06-12 10:46:42 0 d-------- C:\Program Files\LEGO Media
2007-06-10 21:25:08 0 d-------- C:\Program Files\D-Tools
2007-06-10 15:40:31 0 d-------- C:\Program Files\West Point Bridge Designer 2007
2007-06-10 15:40:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-06-10 15:25:38 0 d-------- C:\Program Files\SoundRecorder
2007-06-10 15:17:04 0 d-------- C:\Program Files\Karaoke
2007-06-10 14:25:13 0 d-------- C:\Program Files\Bridge Builder
2007-06-10 12:46:28 0 d-------- C:\Program Files\Latinski recnik
2007-06-10 12:00:44 0 d-------- C:\Program Files\filesubmit
2007-06-10 11:58:17 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-06-07 19:13:11 0 d-------- C:\Program Files\Primal Prey
2007-06-06 15:25:23 0 d-------- C:\Program Files\Logitech
2007-06-06 15:24:53 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-04 15:15:04 29 --a------ C:\WINDOWS\Snap Component
2007-06-01 08:52:18 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-05-31 22:59:38 0 d-------- C:\Program Files\Fox
2007-05-31 18:10:45 0 d-------- C:\Program Files\Disney Interactive
2007-05-29 15:48:56 1398 --a------ C:\WINDOWS\eReg.dat
2007-05-29 15:48:56 0 d-------- C:\Program Files\EA SPORTS
2007-05-27 15:53:38 0 d-------- C:\Program Files\GameSpy Arcade
2007-04-24 16:01:38 29268 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{6A87B991-A31F-4130-AE72-6D0C294BF082} C:\Program Files\Dealio\kb106\Dealio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"hbzliy"="c:\\windows\\system32\\hbzliy.exe hbzliy"
"au"="C:\\Program Files\\Dealio\\DealioAU.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.ezgeta.com/Jama.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.rsgioh.rs/wallpapers/wallpaper8.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://www.ezgeta.com/crvenocrno.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.bigbrother.de/BB7_start/bgr.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source REG_SZ http://www.nyserbs.org/Boze_pravde.mp3

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRVI1


-- End of Deckard's System Scanner: finished at 2007-07-18 at 17:26:30 ---------

extra.txt:

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.17 MiB / 587.72 MiB
Pagefile Memory (total/avail): 2461.52 MiB / 2102.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 107.12 GiB total, 67.43 GiB free.
D: is Fixed (NTFS) - 125.77 GiB total, 125.65 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Disabled:Hamachi Client"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Documents and Settings\\WinXP\\My Documents\\My Games\\Igrice\\Joey\\YUGIOHPC\\joey_pc.exe"="C:\\Documents and Settings\\WinXP\\My Documents\\My Games\\Igrice\\Joey\\YUGIOHPC\\joey_pc.exe:*:Enabled:joey_pc"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Achilles-Script 3.7\\Mirc.exe"="C:\\Program Files\\Achilles-Script 3.7\\Mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"="C:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe:*:Enabled:removeit"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Disabled:CoD2MP_s"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\WinXP\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINDOWS-9577102
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\WinXP
LOGONSERVER=\\WINDOWS-9577102
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WinXP\LOCALS~1\Temp
TMP=C:\DOCUME~1\WinXP\LOCALS~1\Temp
USERDOMAIN=WINDOWS-9577102
USERNAME=WinXP
USERPROFILE=C:\Documents and Settings\WinXP
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

WinXP (admin)
IVICA PICKICA (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Player 2007 --> "C:\Program Files\3GP Player\unins000.exe"
Abexo Free Registry Cleaner --> C:\Program Files\Abexo\afrc\uninst.exe
Achilles-Script 3.7 --> C:\Program Files\Achilles-Script 3.7\Uninstal.exe
Active Environment --> c:\program files\common files\NetActive\Active Environment\NAUninstall.exe -prodid=Lithium
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AngelPotion Video Codec V1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AngelPotion Video Codec V1\Uninst.isu"
Asterix & Obelix XXL --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D562E689-0ECD-4239-B1A0-323252893405} /l1033
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{F003CD43-85AF-4643-BC8D-3C170830827D}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Billy Blade and the Temple of Time --> C:\WINDOWS\unvise32.exe C:\Program Files\Billy Blade and the Temple of Time\uninstal.log
Bricktopia --> "C:\Program Files\Bricktopia\ReflexiveArcade\unins000.exe"
Bridge Builder --> C:\Program Files\Bridge Builder\uninstall.exe
CalCal 1.2 --> C:\Program Files\CalCal\uninst.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Cosmopolitan Virtual Makeover 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED0B70E3-8980-4977-9545-E490655E111D}\setup.exe"
Crazy Taxi 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{831ADB7A-8882-41B1-82F7-2746FEC3FA91}\setup.exe"
Croc 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fox\Croc 2\Uninst.isu"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dealio Toolbar --> MsiExec.exe /X{A1ECCE64-98DB-4F40-95BB-1BD8F1C939B2}
Deck Studio --> MsiExec.exe /I{A90C3C34-213F-4FF7-BBF6-D3AE45293100}
DiskSweeper FREE 2.0 --> "C:\Program Files\DiskSweeper20\unins000.exe"
Easy Karaoke Player version 3.0 --> "C:\Program Files\Karaoke\unins000.exe"
Easy MP3 Sound Recorder version 3.1 --> "C:\Program Files\SoundRecorder\unins000.exe"
F1 Challenge 99-02 --> C:\Program Files\EA SPORTS\F1 Challenge 99-02\EAUninstall.exe
Finger Tips Screen Saver --> C:\WINDOWS\NCUNINST.EXe RMSCR Finger Tips
Free Morphing 2.1 --> "C:\Program Files\Free Morphing\unins000.exe"
Frogger2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Frogger2\Uninst.isu"
Game Maker 6.1 --> C:\Program Files\Game_Maker6\Uninstal.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HackCleaner 2.0 --> "C:\Program Files\HackCleaner\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB900399) --> "C:\WINDOWS\$NtUninstallKB900399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998-) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB912454) --> "C:\WINDOWS\$NtUninstallKB912454$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB917821) --> "C:\WINDOWS\$NtUninstallKB917821$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB922042) --> "C:\WINDOWS\$NtUninstallKB922042$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB922814) --> "C:\WINDOWS\$NtUninstallKB922814$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK 9.5 (KB905592) --> "C:\WINDOWS\$NtUninstallKB905592$\spuninst\spuninst.exe"
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Hunting Unlimited 3 --> C:\Program Files\Hunting Unlimited 3\uninst.exe
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
LEGO Creator Harry Potter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FB70A9B-6591-42EB-BD84-6F9C55368E06}\setup.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Madagascar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access 2003 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIRC --> "C:\Program Files\Achilles-Script 3.7\Mirc.exe" -uninstall
Mobtel Decoder 1.0 --> C:\Program Files\Mobtel Decoder 1.0\uninstal.exe
Monkey Brains --> c:\program files\common files\NetActive\Active Environment\NAUninstall.exe -prodid=ARUSHMKB
Movica --> MsiExec.exe /I{36CADE93-F012-4FBA-A21A-186D50BFB932}
MP3 Player Utilities 4.03 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Neighbours From Hell --> MsiExec.exe /X{09920072-6923-4E37-A150-5C6A3092DB7E}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PhoenXsoftware --> C:\Program Files\PhoenXsoftware\Uninstal.exe
Photo Crop Editor 1.09 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53D11164-C10F-4B66-9FB1-260C141C5F25}\Setup.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Primal Prey --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Primal Prey\Uninst.isu"
RadLight 3.03 [ Release 5.2 ] --> "C:\Program Files\RadLight\RadLight3\unins000.exe"
rain12.zip --> C:\PROGRA~1\FILESU~1\rain12.zip\UNWISE.EXE C:\PROGRA~1\FILESU~1\rain12.zip\INSTALL.LOG
RC DareDevil --> c:\program files\common files\NetActive\Active Environment\NAUninstall.exe -prodid=ARUSHRCD
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Recnik V2.0 --> "C:\Program Files\Recnik20\unins000.exe"
Remove DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
RemoveIT Pro v4 - SE --> C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458-) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sierra 3D Deck --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\3DDeck\Uninst.isu
Sierra Electrical Wiring --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Wiring\Uninst.isu
Sierra Garden Encyclopedia --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Garden\Uninst.isu
Sierra Home Architect --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\SHA\Uninst.isu
Sierra Home Improvement Encyclopedia --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HIE\Uninst.isu
Sierra Photo Garden Designer --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PhotoGD\Uninst.isu
Sierra Photo Home Interiors --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PhotoHI\Uninst.isu
SkyMaze version 2.10 --> "C:\Program Files\SkyMaze\unins000.exe"
SpongeBob SquarePants - Lights, Camera, Pants! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02034A48-25C6-4BB4-8186-54917E5D49DA}\setup.exe" -l0x9 -uninst
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
The Sims --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
West Point Bridge Designer 2007 --> C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2007\irunin.ini"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{C13A4354-1DB6-4965-A250-20781E1FA9B2}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format SDK Hotfix - KB896097 --> "C:\WINDOWS\$NtUninstallKB896097$\spuninst\spuninst.exe"
Windows Media Hotfix - KB895181 --> "C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xpand Rally --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{252436F1-9583-4AD7-AA11-619AFFB96543} /Z"UNINSTALL"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE --> MsiExec.exe /I{485C9280-B899-4D46-86F3-B3E459636EE5}
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver --> C:\WINDOWS\Yu_Gi_Oh!_Time_to_Duel_1.scr /u
Yugioh Virtual Desktop --> C:\WINDOWS\unvise32.exe C:\Program Files\YVD\uninstal.log


-- End of Deckard's System Scanner: finished at 2007-07-18 at 17:26:30 ---------

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Mixy, izvini na cekanju, ali DeM14n je malopre javio da ima problema sa netom, pa je zamolio da ti neko drugi od nas pomogne.

Da krenemo redom:
- Imas instaliran softver pod imenom Dealio, jeli to svesno instalirano ili je to neki program sam ubacio?
- Imas instaliran screensaver PartyBabes koji dolazi sa adwareom

Nadji sledece fajlove:
c:\windows\system32\drivers\hwpsgt.sys
c:\windows\system32\drivers\lemsgt.sys
C:\WINDOWS\Regscan.exe
C:\WINDOWS\system32\sporder.dll

i uploaduj ih preko http://www.mycity.rs/ambulanta-upload.php

Pogledaj i kazi nam sta imas u folderu C:\Program Files\filesubmit
Moze i screenshot, ne moras da pises.

Na kraju napravi novi log uz pomoc programa Catchme, kao i novi log programa HijackThis i postavi ih u sledecoj poruci.

offline
  • Mixy 
  • Novi MyCity građanin
  • Pridružio: 18 Jul 2007
  • Poruke: 9

Uploadovao sam sve osim C:\WINDOWS\Regscan.exe jer ga uopste nemam u kompu proverio sam nekoliko puta. U folderu C:\Program Files\filesubmit imam: rain12.zip, DealioKit1-stub-0.exe i NNWDAC638.EXE. Taj DEALIO se sam skinuo sa interneta i to mogu da stavim kao toolbar ispod onoga gde kucam web adresu. Sad mi se pojavio neki Auto-Protect i pise: Risk detected. You must take action to remove a risk from your computer.

Risk _ Action _ Count _ Filename
Adware.NDotnet _ Terminate Process Required _ 39 _ NNWDAC638.EXE
Adware.savenow _ Quarantined _ 3 _ VVSNInst.exe


Logfile of HijackThis v1.99.1
Scan saved at 22:20:54, on 19.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\linkprd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe








catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-07-19 22:21:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Prefetch\GTYZEI.EXE-05B37272.pf
C:\WINDOWS\system32\gtyzei.dat
C:\WINDOWS\system32\gtyzei.exe
C:\WINDOWS\system32\gtyzei_nav.dat
C:\WINDOWS\system32\gtyzei_navps.dat

scan completed successfully
hidden processes: 0
hidden files: 5

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Za pocetak ces deinstalirati taj Dealio toolbar (bar dok traje ovaj postupak čišćenja ovde) jer ne mogu da ti garantujem da je to legitiman program i da ne sadrži/dolazi uz njega ili pak download-uje malware sa neta. (po sadržaju foldera submiter - vec postoje indicije da je to tako). Po deinstalaciji Dealio-a ces obrisati folder sa putanje i njegov kompletan sadrzaj. "C:\Program Files\filesubmit".

Sad opet krecemo iz pocetka:

Pokreni HijackThis i idi na opciju “Do a system scan only. Pronađi ove linije koje sam ti naveo ispod, štikliraj ih i klikni na “Fix Checked".

O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} – h*tp://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab

Zatvori HijackThis program.
---------------

* Skinuces zatim [url=https://www.mycity.rs/must-login.png fajl[/url] (nije isti kao onaj iz prvog mog posta).
* Desni klik na fajl i odabrati Extract All, raspakovati fajlove na C:\
* Ući u folder C:\bfu_navipromo i startovati BFU.exe
* Po startovanju programa kliknuti na ikonicu foldera i odabrati fajl EGDACCESS.bfu
* Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
* Kliknuti ponovo na ikonicu foldera i odabrati fajl aftermath.bfu
* Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
* Restartovati računar.
-----------

Podigni sistem i preskeniraj racunar NewDotNet Removal Tool-om:
Još jedan restart je obavezan kada završiš sa skeniranjem i brisanjem onoga što ovaj alat bude našao.

-----------------
Kada podignes Windows, preskeniraces racunar Deckard's System Scanner-om (zatvori sve pokrenute programe dok skeniras). Postuj mi u sledeci post sadržaj loga koji on bude napravio.
----------------------------------


btw. Par sugestija za tebe:

1.) Obavezno zameni IE 6 browser nekim drugim > npr. Firefox ili Opera.
2.) Proveri da li su ti definicije AV uredno dopunjene na zadnje. (onaj regscan pripada trojancu koji je pisan 2003 godine - nije mi jasno kako je mogao da ga u start up-u "propusti" tvoj AV !?!).
3.) Pre postovanja rezultata scan-a Deckard's System Scanner-om ako si u mogućnosti (vidim da si na dial up-u) preporucio bih ti da ipak odradiš jedan AV online scan.
npr.> http://www.bitdefender.com/scan8/ie.html

To ćeš uraditi preko Internet Explorer-a sa uključenim ActiveX kontrolama. Izvestaj koji dobiješ na kraju skeniranja možeš da prikačiš uz tvoj sledeći post.

offline
  • Mixy 
  • Novi MyCity građanin
  • Pridružio: 18 Jul 2007
  • Poruke: 9

Da li Firefox ili Operu mogu da skinem sa neta ili ako ne gde mogu da nabavim neki od ta 2 browsera i kako da ih zamenim umesto Internet Explorera?

Symantec Adware.NDotNet Removal Tool 1.0.3

Adware.NDotNet has not been found on your computer.

Deckard's System Scanner v20070711.54
Run by WinXP on 2007-07-20 at 22:19:51
Computer is in Normal Mode.






-- HijackThis (run as WinXP.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:19:55, on 20.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\WinXP\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\WinXP.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gtyzei] c:\windows\system32\gtyzei.exe gtyzei
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- Files created between 2007-06-20 and 2007-07-20 -----------------------------

2007-07-19 22:39:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-07-18 18:24:59 0 d-------- C:\Program Files\ClocX
2007-07-18 17:14:47 0 d-------- C:\bfu navipromo
2007-07-18 15:57:36 0 d-------- C:\Program Files\DiskSweeper20
2007-07-18 13:28:15 0 d-------- C:\WINDOWS\system32\bfubackups
2007-07-08 23:24:36 0 d-------- C:\Program Files\HackCleaner
2007-07-04 17:41:57 0 d-------- C:\Program Files\Recnik20
2007-06-30 16:54:25 0 d-------- C:\Documents and Settings\WinXP\Contacts
2007-06-30 15:38:42 0 d-------- C:\Documents and Settings\WinXP\Application Data\MSNInstaller
2007-06-30 13:01:30 0 d-------- C:\sql2ksp3
2007-06-29 13:55:16 0 d-------- C:\Program Files\SourceForge
2007-06-26 16:47:53 0 d-------- C:\Program Files\CalCal
2007-06-25 15:51:03 0 d-------- C:\Program Files\3GP Player
2007-06-20 14:41:03 0 d-------- C:\Program Files\MP3 Player Utilities 4.03
2007-06-20 14:24:40 0 d-------- C:\Program Files\USB Disk Win98 Driver
2007-06-20 14:04:53 0 d-------- C:\Program Files\Mobtel Decoder 1.0


-- Find3M Report ---------------------------------------------------------------

2007-07-20 22:07:25 0 d-------- C:\Program Files\Symantec AntiVirus
2007-07-12 12:29:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-09 12:43:58 0 d-------- C:\Program Files\Google
2007-06-30 16:53:13 0 d-------- C:\Program Files\MSN Messenger
2007-06-19 16:03:20 0 d-------- C:\Program Files\Activision
2007-06-12 15:49:40 0 d-------- C:\Program Files\arush
2007-06-12 15:47:40 0 d-------- C:\Program Files\Common Files\NetActive
2007-06-12 10:46:42 0 d-------- C:\Program Files\LEGO Media
2007-06-10 21:25:08 0 d-------- C:\Program Files\D-Tools
2007-06-10 15:40:31 0 d-------- C:\Program Files\West Point Bridge Designer 2007
2007-06-10 15:40:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-06-10 15:25:38 0 d-------- C:\Program Files\SoundRecorder
2007-06-10 15:17:04 0 d-------- C:\Program Files\Karaoke
2007-06-10 14:25:13 0 d-------- C:\Program Files\Bridge Builder
2007-06-10 12:46:28 0 d-------- C:\Program Files\Latinski recnik
2007-06-10 11:58:17 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-06-07 19:13:11 0 d-------- C:\Program Files\Primal Prey
2007-06-06 15:25:23 0 d-------- C:\Program Files\Logitech
2007-06-06 15:24:53 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-04 15:15:04 29 --a------ C:\WINDOWS\Snap Component
2007-06-01 08:52:18 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-05-31 22:59:38 0 d-------- C:\Program Files\Fox
2007-05-31 18:10:45 0 d-------- C:\Program Files\Disney Interactive
2007-05-29 15:48:56 1398 --a------ C:\WINDOWS\eReg.dat
2007-05-29 15:48:56 0 d-------- C:\Program Files\EA SPORTS
2007-05-27 15:53:38 0 d-------- C:\Program Files\GameSpy Arcade
2007-04-24 16:01:38 29268 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"gtyzei"="c:\\windows\\system32\\gtyzei.exe gtyzei"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"ClocX"="C:\\Program Files\\ClocX\\ClocX.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.ezgeta.com/Jama.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.rsgioh.rs/wallpapers/wallpaper8.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://www.ezgeta.com/crvenocrno.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.bigbrother.de/BB7_start/bgr.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source REG_SZ http://www.nyserbs.org/Boze_pravde.mp3

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRVI1


-- End of Deckard's System Scanner: finished at 2007-07-20 at 22:20:09 ---------

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Citat:Da li Firefox ili Operu mogu da skinem sa neta ili ako ne gde mogu da nabavim neki od ta 2 browsera i kako da ih zamenim umesto Internet Explorera?
99% programa se moze skinuti sa interneta i jednostavno naci preko bilo kog pretrazivaca. Ako je skidanje toliki problem trazi ih na DVD/CD-ima koji dolaze uz racunarske casopise ili od druga, komsije.. Pod zamenom sam mislio na njihovu instalaciju i koriscenje umesto IE-a.
Ostale informacije koje te zanimaju u vezi sa ovim trazi u Web browseri delu foruma.
--------------------

Uploaduj mi fajl sa putanje:
c:\windows\system32\gtyzei.exe

Za slucaj da se fajl ne vidi iz explorer-a ukljuci opciju za prikaz skrivenih fajlova.

Reci mi marku tvoje graficke kartice. Vidim da imas instalirano na racunaru i ATI Control Center i NVIDIA Display Driver Service. Zasto oba ? Ti si to instalirao ili.. ?

offline
  • Mixy 
  • Novi MyCity građanin
  • Pridružio: 18 Jul 2007
  • Poruke: 9

Uploadovao sam ga. Graficka je ASUS. Imao sam oba od kada sam kupio komp, nista ja tu nisam dodavao.

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ok. Proizvođač kartice je Asus smešak

Klikni na Start > Run > tipkaj devmgmt.msc
Kada se otvori Device Manager, otvori (na +) Display Adapters i prepisi ime proizvođača grafickog procesora. Bitno mi je samo da li se radi o ATI ili NVIDIA GPU-u.
----------

Idemo dalje..

Instaliraj na racunar program Navilog1. Pri instalaciji ces izabrati engleski jezik i po završetku iste pokrenuti program.

Kada ti se pojavi crni konzolni prozor tipkaj E za izbor jezika i stisni Enter.
Nastavi kretanje kroz opcije programa pritiskom na bilo koju tipku sa tastature (izaći će 3 obaveštenja) dok ti se ne pojavi ovakav prozor kao na slici ispod.


Ukucaj 1 na promptu za izbor opcije, lupi Enter i sačekaj da se završi provera tvog računara.

Slika ispod pokazuje da je skeniranje završeno.


Pritisni bilo koju tipku na tastaturi i pojaviće se log koji pravi Naviprom1.

Kopiraj kompletan njegov sadržaj u sledeći post.

Ko je trenutno na forumu
 

Ukupno su 1076 korisnika na forumu :: 40 registrovanih, 7 sakrivenih i 1029 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., Apok, bladesu, bufanje, DonRumataEstorski, draganl, Duh sa sekirom, Fabius, FileFinder, Frunze, goxin, GveX, Istman, kinez88, Kubovac, kybonacci, mackenzie, mean_machine, menges, milos.cbr, mkukoleca, Papadubi, Parker, pavlo, raptorsi, ruma, sevenino, Sirius, slonic_tonic, sombrero, Srle993, stankolich, Steeeefan, styg, uruk, vlada035, YU-UKI, zdrebac, zillbg