|
Poslao: 24 Nov 2007 19:24
|
offline
- Pridružio: 20 Feb 2005
- Poruke: 206
|
@ECHO OFF
cd %systemdrive%\
type %systemdrive%\avenger\*.reg >> %systemdrive%\backup.reg
del /q %systemdrive%\avenger\*.reg
if exist %systemdrive%\avenger\backup*.zip move /y %systemdrive%\avenger\backup*.zip %systemdrive%\
if exist %systemdrive%\backup.zip move /y %systemdrive%\backup.zip "%systemdrive%\backup-%date:/=.%-%time::=.%.zip"
move /y backup.reg %systemdrive%\avenger\
copy /y avenger.txt %systemdrive%\avenger\
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do if exist %%a:\avenger attrib -r -h -s %%a:\avenger\* /S /D & zip -r -u -m "%systemdrive%\backup.zip" %%a:\avenger\* & rmdir /q /s %%a:\avenger
mkdir %systemdrive%\avenger
move /y backup*.zip %systemdrive%\avenger\
del zip.exe
del avexport.bat
del reboot.exe
del reboot.bat
echo REGEDIT4 >> rem.reg
echo. >> rem.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] >> rem.reg
echo "aqgugbmq"=- >> rem.reg
regedit.exe /s rem.reg
del rem.reg
del C:\WINDOWS\System32\drivers\bdlsekxm.sys
start notepad.exe avenger.txt
del "C:\hvycasdp.bat"
Dopuna: 24 Nov 2007 19:24
Evo i gmer log-a
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 24 Nov 2007 19:49
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Idi na Start> Search>For Files or Folders
Tu odaberi All files and folders.
Na sledecem ekranu klikni na More advanced options i uveri se da su ukljucene sledece opcije:
Search system folders
Search hidden files and folders
Search subfolders
Malo vise, u polju Look in: treba da su prikazane oznake svih lokalnih particija.
Sada u skroz gornje polje All or part of the file name unesi sledece:
siahubpu.dat
Klikni na dugme Search
Ukoliko pronađeš file, uploaduj ga na proveru.
-------------------------------------------------------------------------------------
Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.
|
|
|
|
|
|
|
Poslao: 25 Nov 2007 19:40
|
offline
- Pridružio: 20 Feb 2005
- Poruke: 206
|
Onaj fajl sam nasao ali ne moze da ga ni kopira ni uploaduje, isto kao sa certclit.dll.
Sto se tice ovog programa, skinuo sam ga ali ne moze da ga pokrene. Pokazuje mi da u system 32 folderu fali neki cmd.exe fajl
|
|
|
|
|
|
|
Poslao: 25 Nov 2007 20:34
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Treba mi tačna lokacija file-a siahubpu.dat.
|
|
|
|
|
|
|
|
|
Poslao: 25 Nov 2007 21:19
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Opet ćemo koristiti program Avenger.
Na prvom ekranu selektuj Input script manually pa klikni na ikonicu lupe.
U prozoru koji ce se pojavi unesi sledeci tekst:
Files to replace with dummy:
C:\WINDOWS\system32\drivers\siahubpu.dat
c:\windows\system32\certclit.dll
Klikni na dugme Done.
Vratice te na prvi ekran gde je sada potrebno kliknuti na ikonicu semafora.
Ukoliko ti program sam ne zatrazi restart, onda ti sam restartuj racunar.
Nakon što proces bude gotov, postavi avenger-ov log.
|
|
|
|
|
|
|
Poslao: 25 Nov 2007 23:27
|
offline
- Pridružio: 20 Feb 2005
- Poruke: 206
|
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\arblhovq
*******************
Script file located at: \??\C:\Program Files\rpsehmfi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file C:\WINDOWS\system32\drivers\siahubpu.dat for replacement
Replacement with dummy of file C:\WINDOWS\system32\drivers\siahubpu.dat failed!
Could not process line:
C:\WINDOWS\system32\drivers\siahubpu.dat
Status: 0xc0000022
Could not open file c:\windows\system32\certclit.dll for replacement
Replacement with dummy of file c:\windows\system32\certclit.dll failed!
Could not process line:
c:\windows\system32\certclit.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
Dopuna: 25 Nov 2007 23:27
Logfile of HijackThis v1.99.1
Scan saved at 23:24:34, on 25.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Siemens\Adsl\dslstat.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Dusan\mIRC\mirc.exe
D:\Dusan\mIRC\mirc.exe
D:\New Folder\zsr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-com-cg.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {3DDB0EBD-87D0-4D6A-B312-B0B4AAFB99F4} - C:\WINDOWS\System32\dskquotau.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9B2B9705-29B8-4870-B629-ED68ADF8BAB7} - c:\windows\system32\certclit.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Siemens\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [aqgugbmq] C:\hvycasdp.bat
O4 - HKLM\..\Run: [arpqehpv] C:\fiqphbel.bat
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E360A4-2315-11D8-85DE-D40DFD590D2C} (CSPManager Class) - https://secure.emon24.net/NiksickaBanka/Pages/Download/CABS/PexCryptoApi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08A208E4-56D5-40CF-B6F8-A674027D69F3}: NameServer = 192.168.0.1,195.66.160.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C73F3B8C-E26B-47F8-810A-05B00E12709F}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: kzqilghv - certclit.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LXBSCustomerConnect - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBSserv.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
|
|
|
|
|
Poslao: 25 Nov 2007 23:36
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pokreni HT, skeniraj i čekiraj sledeće linije:
O2 - BHO: (no name) - {3DDB0EBD-87D0-4D6A-B312-B0B4AAFB99F4} - C:\WINDOWS\System32\dskquotau.dll (file missing)
O2 - BHO: (no name) - {9B2B9705-29B8-4870-B629-ED68ADF8BAB7} - c:\windows\system32\certclit.dll (file missing)
O4 - HKLM\..\Run: [aqgugbmq] C:\hvycasdp.bat
O4 - HKLM\..\Run: [arpqehpv] C:\fiqphbel.bat
O20 - Winlogon Notify: kzqilghv - certclit.dll (file missing)
Klikni Fix Checked.
-------------------------------------------------------------------------------------
Izgleda da je obrisan/oštećen jedan od sist. file-ova (cmd.exe).
Kopiju file-a možeš skinuti na sledećem linku:
https://www.mycity.rs/must-login.png
Preimenuj ga u cmd.exe i kopiraj u c:\windows\system32\ folder.
Nakon toga probaj ispratiti uputstvo za Flash_Disinfector.
Javi mi da li je problem sa diskovima rešen i nakon restarta PC-a postavi i novi HT log da proverim da li je sve u redu.
|
|
|
|
|
|
|
Poslao: 26 Nov 2007 00:16
|
offline
- Pridružio: 20 Feb 2005
- Poruke: 206
|
Evo loga, a otvaranje hardova sad ide ok. Jel rano da kazem hvala? 
Logfile of HijackThis v1.99.1
Scan saved at 0:12:05, on 26.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBSserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Siemens\Adsl\dslstat.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\New Folder\zsr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-com-cg.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Siemens\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E360A4-2315-11D8-85DE-D40DFD590D2C} (CSPManager Class) - https://secure.emon24.net/NiksickaBanka/Pages/Download/CABS/PexCryptoApi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08A208E4-56D5-40CF-B6F8-A674027D69F3}: NameServer = 192.168.0.1,195.66.160.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LXBSCustomerConnect - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBSserv.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
|
|
|
|
|
Poslao: 26 Nov 2007 07:00
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Log je čist...
Ostaje da počistimo i resetujemo SR.
Obriši:
C:\VundoFix\
C:\Avenger\
i sve programe koje smo koristili.
-------------------------------------------------------------------------------------
Iskljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
Restartuj kompjuter.
Ukljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
|
|
|
|
|
|
