problem sa trojancem!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

imao sam NOD,Ad-Aware i Comodo firewall ali pored svega toga sam pokupio dva trojanca!!!Koristim Mozilla Firefox ali mi se stalno pali i IE i izbacuje neke reklame i gluposti a samim tim mi je i komp.sve sporiji!!!
skinuo sam NOD-a i instalirao KAV 7 koji ga detektuje ali mi ne nudi opciju da ga obrise vec ga samo neutralise!Probao sam skenirati u safe modu ali ne pomaze!probao sam i sa drugim anti malware programima tipa-a-squared,spybot i opet nista!Strasno me nervira to sto ga ne mogu ukloniti pa molio za savet ili detaljno uputstvo!Unapred hvala!

Trojan.Win32.Obfuscated.en File: C:\docume~1\mane&m~1\applic~1\waitli~1\Media great title.exe

Trojan.Win32.Obfuscated.en File: c:\documents and settings\mane&mika\application data\wait live joy\grimopen.exe

P.S.:nisam neki strucnjak sto se vidi iz prilozenog pa bi mi svaki savet ili pomoc dobro dosla!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isprati uputstva iz ove teme (postavi HijackThis log) pa da vidimo šta može da se uradi..
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 15:01:29, on 18-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Toshiba\Toshiba Applet\thotkey.exe
C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
C:\Programas\TOSHIBA\PadTouch\PadExe.exe
C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Programas\Comodo\Firewall\CPF.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programas\a-squared Anti-Malware\a2service.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programas\Comodo\Firewall\cmdagent.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
C:\Programas\WLAN\GConfig\GConfig.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Mane&Mika\Ambiente de trabalho\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Programas\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programas\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Programas\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust\Axis 2.exe
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programas\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Beep stupid] C:\DOCUME~1\MANE&M~1\APPLIC~1\WAITLI~1\GRIMOPEN.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GConfig.lnk = C:\Programas\WLAN\GConfig\GConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programas\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programas\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E ovako.. Prvo ćeš da isključiš TeaTimer po ovom uputstvu dole.

-------------------
Spybot S&D's Teatimer

- Pokrenite Spybot S&D
- Kliknite Mode stavku u meniju
- Odaberite Advance Mode
- Na traci levo kliknite na Tools
- Destiklirajte Resident Tea-Timer
- Zatvorite Spybot S&D
- Restartujte kompjuter.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.
-------------------------

Kada podignes sistem, pokreni HijackThis i izaberi opciju "Do a System scan only", zatim pronađi i štikliraj polja pored ovih linija:
O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust\Axis 2.exe
O4 - HKCU\..\Run: [Beep stupid] C:\DOCUME~1\MANE&M~1\APPLIC~1\WAITLI~1\GRIMOPEN.exe

Po završteku klikni na "Fix Checked".

--------------------------------
Preuzmi program No Lop.

http://www.spywareedge.net/nolop/NoLop.exe

1.) Ugasi sve ostale programe koji su pokrenuti u "pozadini"
2.) Dupli klik na NoLop.exe
3.) Klikni na Search and Destroy
4.) Kada je skeniranje završeno, u slučaju da si zaražen, tražiće da restartuješ računar
4.) Klikni na REBOOT
Trebalo bi da se pojavi NoLop pop-up poruka, ako ne-ponovo dupli klik na NoLop.exe da bi čišćenje bilo završeno

Nakon toga, postuj nam sadržaj C:\NoLop.log i svež HijackThis log.

Napomena: Ako se pojavi greška, da mscomctl.ocx ili neki od fajlova nisu tačno registrovani, downloaduj ovaj fajl u svoj system32 folder i onda pokreni program:
http://www.boletrice.com/downloads/mscomctl.ocx

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zahvaljujem DeM14n!
Javim ti sta sam uradio!
Pozdrav!

Dopuna: 19 Sep 2007 0:32

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Mane&Mika\Ambiente de trabalho
[19-09-2007]
[0:19:32]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A22E6C1090CE1D7C.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Boc425
C:\Documents and Settings\All Users\Application Data\Comodo
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Toshiba
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Mane&mika\Application Data\Adobe
C:\Documents and Settings\Mane&mika\Application Data\Adobeum
C:\Documents and Settings\Mane&mika\Application Data\Ahead
C:\Documents and Settings\Mane&mika\Application Data\Comodo
C:\Documents and Settings\Mane&mika\Application Data\Google
C:\Documents and Settings\Mane&mika\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Mane&mika\Application Data\Identities
C:\Documents and Settings\Mane&mika\Application Data\Lavasoft
C:\Documents and Settings\Mane&mika\Application Data\Limewire
C:\Documents and Settings\Mane&mika\Application Data\Macromedia
C:\Documents and Settings\Mane&mika\Application Data\Media Player Classic
C:\Documents and Settings\Mane&mika\Application Data\Microsoft
C:\Documents and Settings\Mane&mika\Application Data\Mozilla
C:\Documents and Settings\Mane&mika\Application Data\Real
C:\Documents and Settings\Mane&mika\Application Data\Skype
C:\Documents and Settings\Mane&mika\Application Data\Sports Interactive
C:\Documents and Settings\Mane&mika\Application Data\Sun
C:\Documents and Settings\Mane&mika\Application Data\Toshiba
C:\Documents and Settings\Mane&mika\Application Data\Wait Live Joy
C:\Documents and Settings\Networkservice\Application Data\Microsoft

Dopuna: 19 Sep 2007 0:33

Logfile of HijackThis v1.99.1
Scan saved at 0:34:44, on 19-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\a-squared Anti-Malware\a2service.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programas\Comodo\Firewall\cmdagent.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Toshiba\Toshiba Applet\thotkey.exe
C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
C:\Programas\TOSHIBA\PadTouch\PadExe.exe
C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Programas\Comodo\Firewall\CPF.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe
C:\Programas\WLAN\GConfig\GConfig.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Mane&Mika\Ambiente de trabalho\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Programas\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programas\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Programas\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programas\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GConfig.lnk = C:\Programas\WLAN\GConfig\GConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programas\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programas\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

Dopuna: 19 Sep 2007 0:37

Evo logova,nadam se da sam ocistio sve?Please proveri!
jos jednom hvala!
P.S.tvoj predlog-koju zastitu ubuduce da koristim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

M78 ::Evo logova,nadam se da sam ocistio sve?
Iz Safe Mode-a briši kompletno sledeće foldere i njihov sadržaj:

C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust
C:\Documents and Settings\Mane&mika\Application Data\Wait Live Joy
---------------------------

Uključi Spybot Teatimer zaštitu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obrisano!
Jos jednom hvala puno!