MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Pomoc

Napisano na dan: 27.2.2008

Strana:
1
2

Pomoc

Sledeća strana

Pagination

Odgovori

Strana:
1
2

branko123 Poslao: 27 Feb 2008 19:50 Idi na vrh
offline branko123 Novi MyCity građanin Pridružio: 21 Feb 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Masina usporena i puna necega Logfile of HijackThis v1.99.1 Scan saved at 7:46:39 PM, on 2/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\NewDotNet\nnrun.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\wbcsvc.exe C:\WINDOWS\mrofinu2000201.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\NoDNS\NoDNS.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MapEDC\MapEDC.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\PowerMenu\PowerMenu.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NewDotNet\nnrun.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\totalcmd\TOTALCMD.EXE c:\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Messenger Panel] wbcsvc.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000201.exe 61A847B5BBF72810329B385472F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com ad=http://bestsellerantivirus.com sd=http://ykeeper.bestsellerantivirus.com O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\AntiSpywareSuite\bm.exe" dm=http://antispywaresuite.com ad=http://antispywaresuite.com sd=http://ykeeper.antispywaresuite.com O4 - HKLM\..\Run: [98c3e88f] rundll32.exe "C:\WINDOWS\system32\xrenbspi.dll",b O4 - HKLM\..\Run: [BM9bf0db13] Rundll32.exe "C:\WINDOWS\system32\wvdkljwu.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe" O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe" "C:\Program Files\NewDotNet\nncore.dll" ServiceStart (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe sa vundom odradjeno VundoFix V6.7.8 Checking Java version... Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 4:03:31 PM 2/27/2008 Listing files found while scanning.... C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe C:\WINDOWS\system32\asrdmnql.dll C:\WINDOWS\system32\awtqnli.dll C:\WINDOWS\system32\awtuvst.dll C:\WINDOWS\system32\bwyanhsg.dll C:\WINDOWS\system32\byxwxww.dll C:\WINDOWS\system32\byxxutu.dll C:\WINDOWS\system32\ddcabby.dll C:\WINDOWS\system32\ddcyvtu.dll C:\WINDOWS\system32\efccbcb.dll C:\WINDOWS\system32\efcdbcc.dll C:\WINDOWS\system32\ewgcocmb.dll C:\WINDOWS\system32\fccdccc.dll C:\WINDOWS\system32\fccyyyy.dll C:\WINDOWS\system32\iywpmchv.dll C:\WINDOWS\system32\jdkgtfdh.dll C:\WINDOWS\system32\jjkmp.ini C:\WINDOWS\system32\jjkmp.ini2 C:\WINDOWS\system32\mcrjfpha.dll C:\WINDOWS\system32\mljhhih.dll C:\WINDOWS\system32\mljiige.dll C:\WINDOWS\system32\nnnljkh.dll C:\WINDOWS\system32\nnnnmnn.dll C:\WINDOWS\system32\nnnoopq.dll C:\WINDOWS\system32\opnnnki.dll C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\rfcsuxpv.dll C:\WINDOWS\system32\ssqrspn.dll C:\WINDOWS\system32\tuvtttq.dll C:\WINDOWS\system32\tuvwvss.dll C:\WINDOWS\system32\vtuvtss.dll C:\WINDOWS\system32\vtuvvvt.dll C:\WINDOWS\system32\wvutqpp.dll C:\WINDOWS\system32\wvuutts.dll C:\WINDOWS\system32\wvuvsqq.dll C:\WINDOWS\system32\yswfaykn.dll Beginning removal... Attempting to delete C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\asrdmnql.dll C:\WINDOWS\system32\asrdmnql.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\awtqnli.dll C:\WINDOWS\system32\awtqnli.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\awtuvst.dll C:\WINDOWS\system32\awtuvst.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bwyanhsg.dll C:\WINDOWS\system32\bwyanhsg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\byxwxww.dll C:\WINDOWS\system32\byxwxww.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\byxxutu.dll C:\WINDOWS\system32\byxxutu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcabby.dll C:\WINDOWS\system32\ddcabby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyvtu.dll C:\WINDOWS\system32\ddcyvtu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\efccbcb.dll C:\WINDOWS\system32\efccbcb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\efcdbcc.dll C:\WINDOWS\system32\efcdbcc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ewgcocmb.dll C:\WINDOWS\system32\ewgcocmb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccdccc.dll C:\WINDOWS\system32\fccdccc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccyyyy.dll C:\WINDOWS\system32\fccyyyy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iywpmchv.dll C:\WINDOWS\system32\iywpmchv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jdkgtfdh.dll C:\WINDOWS\system32\jdkgtfdh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jjkmp.ini C:\WINDOWS\system32\jjkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jjkmp.ini2 C:\WINDOWS\system32\jjkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\mcrjfpha.dll C:\WINDOWS\system32\mcrjfpha.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljhhih.dll C:\WINDOWS\system32\mljhhih.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljiige.dll C:\WINDOWS\system32\mljiige.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nnnljkh.dll C:\WINDOWS\system32\nnnljkh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nnnnmnn.dll C:\WINDOWS\system32\nnnnmnn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nnnoopq.dll C:\WINDOWS\system32\nnnoopq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\opnnnki.dll C:\WINDOWS\system32\opnnnki.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\pmkjj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rfcsuxpv.dll C:\WINDOWS\system32\rfcsuxpv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqrspn.dll C:\WINDOWS\system32\ssqrspn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tuvtttq.dll C:\WINDOWS\system32\tuvtttq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tuvwvss.dll C:\WINDOWS\system32\tuvwvss.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtuvtss.dll C:\WINDOWS\system32\vtuvtss.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtuvvvt.dll C:\WINDOWS\system32\vtuvvvt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wvutqpp.dll C:\WINDOWS\system32\wvutqpp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wvuutts.dll C:\WINDOWS\system32\wvuutts.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wvuvsqq.dll C:\WINDOWS\system32\wvuvsqq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yswfaykn.dll C:\WINDOWS\system32\yswfaykn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\wvuvsqq.dll C:\WINDOWS\system32\wvuvsqq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yswfaykn.dll C:\WINDOWS\system32\yswfaykn.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal...

Profil

bobby Poslao: 27 Feb 2008 20:02 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A sto si pustio VundoFix na svoju ruku, a posle trazis pomoc od nas? Dopuna: 27 Feb 2008 20:02 Daj novi HijackThis log, i uradi i sledece: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

branko123 Poslao: 28 Feb 2008 20:15 Idi na vrh
offline branko123 Novi MyCity građanin Pridružio: 21 Feb 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 8:13:58 PM, on 2/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\MMTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\NoDNS\NoDNS.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MapEDC\MapEDC.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\PowerMenu\PowerMenu.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\123.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6A11553E-7737-4DA8-8FFD-B6842B415702} - C:\WINDOWS\system32\yayvtro.dll O2 - BHO: (no name) - {75822786-0ED6-4B40-AA9B-8D9CA36FBCF1} - C:\WINDOWS\system32\awtst.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {d017ef38-25c8-d009-7514-206c92600cde} - {edc00629-c602-4157-900d-8c5283fe710d} - C:\WINDOWS\system32\glrkjvew.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com ad=http://bestsellerantivirus.com sd=http://ykeeper.bestsellerantivirus.com O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\AntiSpywareSuite\bm.exe" dm=http://antispywaresuite.com ad=http://antispywaresuite.com sd=http://ykeeper.antispywaresuite.com O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [BM9bf0db13] Rundll32.exe "C:\WINDOWS\system32\tvhpbxbi.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe" O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: yayvtro - C:\WINDOWS\SYSTEM32\yayvtro.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Dopuna: 27 Feb 2008 21:20 evo ga i combox izvinjavam se zbog samoinicijativnog ciscenja ComboFix 08-02-25.3 - Sasa 2008-02-27 20:21:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.100 [GMT 1:00] Running from: c:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 68 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\123.EXE C:\Documents and Settings\Sasa\Application Data\BestsellerAntivirus C:\Documents and Settings\Sasa\Application Data\BestsellerAntivirus\Logs\threats.log C:\Documents and Settings\Sasa\Application Data\BestsellerAntivirus\Logs\update.log C:\Documents and Settings\Sasa\ResErrors.log C:\Program Files\newdotnet C:\Program Files\newdotnet\nncore.dll.vir C:\Program Files\newdotnet\nnrun.exe.vir C:\Program Files\Temporary C:\Program Files\Temporary\InsiDERIns.exe C:\WINDOWS\b151.exe C:\WINDOWS\b152.exe C:\WINDOWS\b153.exe C:\WINDOWS\b154.exe C:\WINDOWS\cookies.ini C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\system32\awtst.dll C:\WINDOWS\system32\bfmsreug.ini C:\WINDOWS\system32\emtwjxlw.ini C:\WINDOWS\system32\eqmyawse.dll C:\WINDOWS\system32\eswaymqe.ini C:\WINDOWS\system32\etuwrfux.ini C:\WINDOWS\system32\glrkjvew.dll C:\WINDOWS\system32\mjcswaje.ini C:\WINDOWS\system32\nkyafwsy.ini C:\WINDOWS\system32\qqtwa.ini C:\WINDOWS\system32\qqtwa.ini2 C:\WINDOWS\system32\rofumwgj.dll C:\WINDOWS\system32\sbhckldm.ini C:\WINDOWS\system32\tstwa.ini C:\WINDOWS\system32\tstwa.ini2 C:\WINDOWS\system32\tvhpbxbi.dll C:\WINDOWS\system32\yayvtro.dll C:\WINDOWS\system32\yymchvye.ini C:\windows\xpupdate.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NNSERV -------\NNServ ((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))) . 2008-02-27 20:11 . 2008-02-27 20:16 1,573,742 --a------ C:\ComboFix.exe 2008-02-27 20:00 . 2008-02-27 20:00 289,280 --a------ C:\WINDOWS\system32\awtqq.dll.vir 2008-02-27 19:57 . 2008-02-27 20:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-27 19:53 . 2008-02-27 19:58 <DIR> d-------- C:\Program Files\Trojan Remover 2008-02-27 19:53 . 2008-02-27 19:53 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Simply Super Software 2008-02-27 19:53 . 2008-02-27 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-02-27 19:53 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-02-27 19:53 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-02-27 19:53 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-02-27 19:53 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-02-27 19:40 . 2008-02-27 19:40 36,004 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-02-27 18:16 . 2008-02-27 18:16 85,056 --a------ C:\WINDOWS\system32\xrenbspi.dll.vir 2008-02-27 18:15 . 2008-02-27 20:15 99,102 --a------ C:\WINDOWS\BM9bf0db13.xml 2008-02-27 18:15 . 2008-02-27 20:21 21 --a------ C:\WINDOWS\pskt.ini 2008-02-27 18:14 . 2008-02-27 18:14 91,712 --a------ C:\WINDOWS\system32\wvdkljwu.dll.vir 2008-02-27 17:57 . 2008-02-27 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-27 16:57 . 2008-02-27 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-27 16:57 . 2008-02-27 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-27 16:53 . 2008-02-27 16:53 <DIR> d-------- C:\Program Files\CCleaner 2008-02-27 16:53 . 2007-09-29 08:38 2,628,288 --a------ C:\ccsetup201.exe 2008-02-27 16:48 . 2008-02-27 16:48 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-27 16:03 . 2008-02-27 16:47 <DIR> d-------- C:\VundoFix Backups 2008-02-27 16:03 . 2008-02-21 10:14 166,064 --a------ C:\fixvundo.exe 2008-02-27 16:03 . 2008-02-22 10:35 132,608 --a------ C:\VundoFix.exe 2008-02-26 19:48 . 2008-02-26 19:48 <DIR> d-------- C:\Program Files\MapEDC 2008-02-26 13:45 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-26 13:45 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-26 13:45 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-26 13:45 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-26 13:45 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-26 13:45 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-26 13:45 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-26 13:45 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-26 13:45 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-25 20:57 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-02-25 13:56 . 2008-02-25 22:02 <DIR> d-------- C:\Program Files\MalwareAlarm 2008-02-24 21:48 . 2008-02-24 21:48 37,888 --a------ C:\WINDOWS\system32\wvuvsqq.dll.vir 2008-02-24 19:27 . 2008-02-24 19:27 <DIR> d-------- C:\Program Files\NoDNS 2008-02-24 03:55 . 2008-02-24 03:55 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-02-24 03:10 . 2008-02-24 03:22 <DIR> d-------- C:\Program Files\AdvancedCleaner Free 2008-02-24 03:07 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-02-24 02:23 . 2008-02-24 03:31 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\AntiSpywareSuite 2008-02-23 23:14 . 2007-02-28 10:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-02-23 23:14 . 2007-02-28 10:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-02-23 23:14 . 2007-02-28 10:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-02-23 20:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-23 20:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-23 20:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-02-23 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-02-23 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-02-23 20:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-02-22 16:28 . 2008-02-22 16:29 1,255,317 --ahs---- C:\WINDOWS\system32\sbhckldm.tmp 2008-02-20 22:11 . 2008-02-20 22:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-02-20 21:38 . 2008-02-20 21:38 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-02-20 21:37 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-20 21:27 . 2008-02-24 02:51 192,544 --a------ C:\Documents and Settings\Sasa\Application Data\antivirusinstallfreenm_en[1].exe 2008-02-20 19:16 . 2008-02-20 19:16 <DIR> d-------- C:\Program Files\JavaCore 2008-02-19 12:31 . 2008-02-27 19:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-19 12:31 . 2008-02-19 12:31 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-18 18:52 . 2008-02-18 18:52 268 --ah----- C:\sqmdata06.sqm 2008-02-18 18:52 . 2008-02-18 18:52 244 --ah----- C:\sqmnoopt06.sqm 2008-02-18 18:44 . 2008-02-22 21:41 36,864 --a------ C:\WINDOWS\mrofinu2000201.exe.vir 2008-02-18 18:44 . 2008-02-22 16:34 36,864 --a------ C:\WINDOWS\mrofinu2000201.exe.tmp 2008-02-18 18:44 . 2008-02-18 18:44 244 --ah----- C:\sqmnoopt05.sqm 2008-02-18 18:44 . 2008-02-18 18:44 232 --ah----- C:\sqmdata05.sqm 2008-02-16 23:07 . 2008-02-16 23:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-02-16 22:52 . 2008-02-16 21:50 83,968 --a------ C:\WINDOWS\system32\wbcsvc.exe.vir 2008-02-09 17:37 . 2008-02-09 17:37 632 --a------ C:\WINDOWS\CoD.INI 2008-02-09 16:16 . 2008-02-09 16:16 618 --a------ C:\WINDOWS\EReg515.dat 2008-02-09 15:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-02-09 15:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-02-09 15:37 . 2008-02-09 15:37 217,088 --a------ C:\WINDOWS\system32\srkey.exe 2008-02-09 15:26 . 2008-02-09 15:26 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys 2008-02-09 15:26 . 2008-02-09 15:26 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys 2008-02-03 21:56 . 2008-02-03 21:56 244 --ah----- C:\sqmnoopt04.sqm 2008-02-03 21:56 . 2008-02-03 21:56 232 --ah----- C:\sqmdata04.sqm 2008-02-03 21:18 . 2008-02-25 22:00 <DIR> d-------- C:\Online 2008-02-03 13:40 . 2008-02-03 14:07 <DIR> d-------- C:\Program Files\Achilles-Script 3.7 2008-02-03 12:22 . 2008-02-03 12:22 33 --a------ C:\WINDOWS\Multimedia manager.INI 2008-02-02 16:06 . 2008-02-02 16:06 <DIR> d-------- C:\WINDOWS\Cache 2008-01-27 00:22 . 2008-01-27 00:22 <DIR> d-------- C:\Program Files\XviD 2008-01-27 00:20 . 2008-01-27 00:20 <DIR> d-------- C:\Program Files\DivXCodec 2008-01-27 00:17 . 2008-01-27 00:17 <DIR> d-------- C:\Program Files\AC3Filter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 19:08 --------- d-----w C:\Documents and Settings\Sasa\Application Data\AVG7 2008-02-27 18:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype 2008-02-27 16:49 --------- d--h--r C:\Documents and Settings\Sasa\Application Data\yahoo! 2008-02-27 16:28 --------- d-----w C:\Program Files\Google 2008-02-27 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-27 15:57 --------- d-----w C:\Program Files\Lavasoft 2008-02-24 19:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-02-23 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 20:22 --------- d-----w C:\Documents and Settings\Sasa\Application Data\BearShare 2008-02-06 20:32 --------- d-----w C:\Documents and Settings\Sasa\Application Data\TransRender 2008-02-03 13:15 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC 2008-02-03 12:05 --------- d-----w C:\Program Files\Alien Stars 2008-01-26 20:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-17 15:30 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Temporary 2008-01-04 01:27 --------- d-----w C:\Documents and Settings\Sasa\Application Data\ConvertTemp 2007-09-19 17:27 579 ----a-w C:\Documents and Settings\Sasa\Application Data\dcpini.dat 2007-09-06 11:59 56 --sh--r C:\WINDOWS\system32\2A85166AD3.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2006-07-19 21:17 1694208] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 13:17 4621816] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 13:57 25367592] "WhenUSave"="C:\PROGRA~1\Save\Save.exe" [ ] "xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [ ] "JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 19:16 144896] "NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [2008-02-24 19:27 102400] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [2008-02-26 19:48 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe] "EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54 200704] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560] "nwiz"="nwiz.exe" [2006-06-01 16:22 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 16:22 86016] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-04-19 14:48 319488] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03 49263] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-01-14 18:19 347695] "MMTray"="MMTray.exe" [2001-11-09 02:19 53248 C:\WINDOWS\system32\mmtray.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [ ] "ptask"="C:\Program Files\AntiSpywareSuite\ptask.exe" [ ] "bm(1)"="C:\Program Files\Common Files\AntiSpywareSuite\bm.exe" [ ] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-27 19:54 863824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-01-14 18:19 77870] C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-02-09 15:37:18 225280] PowerReg Scheduler.exe [2006-10-21 20:52:53 256000] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-11-16 16:29:56 1183744] PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2006-10-16 17:46:02 57344] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2006-10-16 16:53] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-06-16 16:11] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-06-16 16:11] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-06-16 16:11] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-06-16 16:11] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-06-16 16:11] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-27 20:30:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\NoDNS\NoDNS.exe . ************************************************************************ . Completion time: 2008-02-27 20:35:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-27 19:34:24 . 2008-02-26 13:29:36 --- E O F --- Dopuna: 28 Feb 2008 19:58 Evo posle ciscenja sa ccleanerom,ad-awareom,spaybotom,trojan removerom instaliranim novim avaastom i skeniran sistem sa njim,sa vundofix(na samom pocetku) i combofix sistem mnogo bolje radi.Svaki od ovih programa je pronasao gomilu fajlova za brisanje.Sada sve radi skoro normalno (brzina je ok internet ok mada mi se cini kao da jos nesto nije ocisceno pa saljem najnoviji log hijack ako moze da se pregleda)Inace trenutno radi na racunaru avast i spaybot tea timer sistem resetovan i skeniran evo ga log Dopuna: 28 Feb 2008 20:04 Logfile of HijackThis v1.99.1 Scan saved at 8:02:32 PM, on 2/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\NoDNS\NoDNS.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MapEDC\MapEDC.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\PowerMenu\PowerMenu.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Sasa\Desktop\cccc\123.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {bc7cf507-642a-eb5a-2b74-b9004d7ecab2} - {2bace7d4-009b-47b2-a5be-a246705fc7cb} - C:\WINDOWS\system32\rpmyppbp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {84B2B934-90DB-4395-B4FC-6F1098D08BDE} - C:\WINDOWS\system32\vtsqr.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Dopuna: 28 Feb 2008 20:15 Ponekad dok je na netu iskoci prozor koji e bele boje pa mi je to sumnjivo ranije je iskakalo i otvaralo neki sajt sada samo ovo

Profil

bobby Poslao: 28 Feb 2008 20:50 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Spakuj u ZIP i posalji mi na proveru sledece fajlove: C:\Program Files\xInsIDE\xInsIDE.exe C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\\NoDNS\\NoDNS.exe Poslaces mi ih preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

branko123 Poslao: 28 Feb 2008 21:35 Idi na vrh
offline branko123 Novi MyCity građanin Pridružio: 21 Feb 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovaj fajl nemogu da pronadjem nema ga C:\Program Files\xInsIDE\xInsIDE.exe ova druga dva postavljena

Profil

bobby Poslao: 28 Feb 2008 22:49 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skeniraj ponovo HijackThisom i stikliraj polja ispred sledecih linija: O2 - BHO: {bc7cf507-642a-eb5a-2b74-b9004d7ecab2} - {2bace7d4-009b-47b2-a5be-a246705fc7cb} - C:\WINDOWS\system32\rpmyppbp.dll (file missing) O2 - BHO: (no name) - {84B2B934-90DB-4395-B4FC-6F1098D08BDE} - C:\WINDOWS\system32\vtsqr.dll (file missing) O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe Klikni FixChecked Restartuj racunar. Nakon restarta obrisi sledece foldere: C:\Program Files\xInsIDE\ C:\Program Files\JavaCore\ C:\Program Files\NoDNS\ Restartuj ponovo komp i napravi nov HijackThis log koji ces nam ovde postaviti.

Profil

branko123 Poslao: 28 Feb 2008 23:35 Idi na vrh
offline branko123 Novi MyCity građanin Pridružio: 21 Feb 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sve sam uradio jedino sto ovo nisam nasao C:\Program Files\xInsIDE\ ova druga dva sam obrisao Logfile of HijackThis v1.99.1 Scan saved at 11:28:51 PM, on 2/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MapEDC\MapEDC.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\PowerMenu\PowerMenu.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Sasa\Desktop\cccc\123.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Dopuna: 28 Feb 2008 23:35 Evo opet mi se otvorila stranica prazna samo sto sam okacio log i avg koji je ranije bio nemogu da unistaliram prijavljuje neku gresku(ako je ovo od neke pomoci)

Profil

bobby Poslao: 29 Feb 2008 06:18 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj sledece: - udji u Safe Mode prema sledecem uputstvu http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html - promeni ime folderu C:\Program Files\MapEDC\ u recimo C:\Program Files\MapEDC123\ - restartuj kompjuter u normalan mod rada Vidi da li ce ovo resiti one pop-upove. Za AVG cemo kasnije, kada ovo resimo.

Profil

branko123 Poslao: 29 Feb 2008 16:23 Idi na vrh
offline branko123 Novi MyCity građanin Pridružio: 21 Feb 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam kako si rekao i sada ne iskace nista (bar za sada) cekam dalje instrukcije

Profil

bobby Poslao: 29 Feb 2008 17:29 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mozes li mi uploadovati i sadrzaj tog foldera? Mislim da je to sa onim fajlovima koje smo obrisali pre par postova, ista infekcija, a ne prepoznaje je ni jedan antivirus. Puno bi pomoglo ukoliko bi imao komplet podatke o toj infekciji, pa da to dokumentujemo.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Ko je trenutno na forumu

Ukupno su 839 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 836 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ALBION101, Boris90, mrav pesadinac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by