MyCity » Ambulanta -> Arhiva Ambulante » [bobby] upomoc virtumonde u operativnoj memoriji

[bobby] upomoc virtumonde u operativnoj memoriji

Napisano na dan: 29.5.2008

Strana:
1
2

[bobby] upomoc virtumonde u operativnoj memoriji

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bbee Poslao: 29 Maj 2008 16:08 Idi na vrh
offline bbee Novi MyCity građanin Pridružio: 27 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao! Imam problem sa cuvenim virtumonde!! NOD prijavljuje application Win32/Adware.Virtumonde found in operating memory.System memory infection originated from file C:\WINDOWS\system32\urqRHwUM.dll naravno NOD kaze i da ga je obrisao ali se on ponovo javlja i tako milion puta Logfile of HijackThis v1.99.1 Scan saved at 21:33, on 2008-05-27 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Eset\nod32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\b&d\Desktop\New Folder\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [BM83aa7812] Rundll32.exe "C:\WINDOWS\System32\yewugoim.dll",s O4 - HKLM\..\Run: [80994b8e] rundll32.exe "C:\WINDOWS\System32\wsgemqkw.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Unapred zahvalna bbee

Profil

bobby Poslao: 29 Maj 2008 16:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Promeni ime programa HijackThis.exe u nesto tipa FR2.exe Ovo je jako bitno. Nakon toga napravi nov log koji ces nam ovde postaviti. ========================= Nakon toga uradi sledece: Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Fix Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

bbee Poslao: 29 Maj 2008 17:29 Idi na vrh
offline bbee Novi MyCity građanin Pridružio: 27 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! VundoFix V7.0.5 Scan started at 17:05:04 2008-05-29 Listing files found while scanning.... C:\windows\system32\GgMponpo.ini C:\windows\system32\GgMponpo.ini2 C:\windows\system32\opnopMgG.dll Beginning removal... Attempting to delete C:\windows\system32\GgMponpo.ini C:\windows\system32\GgMponpo.ini Has been deleted! Attempting to delete C:\windows\system32\GgMponpo.ini2 C:\windows\system32\GgMponpo.ini2 Has been deleted! Attempting to delete C:\windows\system32\opnopMgG.dll C:\windows\system32\opnopMgG.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 17:03, on 2008-05-29 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\b&d\Desktop\New Folder\FR2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C218BC1-B339-40DF-8346-792D2DBAFFB5} - C:\WINDOWS\system32\urqRHwUM.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {454A62D0-0200-463B-90E0-9ED09A139D81} - C:\WINDOWS\System32\opnopMgG.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [80994b8e] rundll32.exe "C:\WINDOWS\System32\fijdttvn.dll",b O4 - HKLM\..\Run: [BM83aa7812] Rundll32.exe "C:\WINDOWS\System32\uywtlqnc.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: urqRHwUM - C:\WINDOWS\SYSTEM32\urqRHwUM.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Dopuna: 29 Maj 2008 17:29 VundoFix V7.0.5 Scan started at 17:05:04 2008-05-29 Listing files found while scanning.... C:\windows\system32\GgMponpo.ini C:\windows\system32\GgMponpo.ini2 C:\windows\system32\opnopMgG.dll Beginning removal... Attempting to delete C:\windows\system32\GgMponpo.ini C:\windows\system32\GgMponpo.ini Has been deleted! Attempting to delete C:\windows\system32\GgMponpo.ini2 C:\windows\system32\GgMponpo.ini2 Has been deleted! Attempting to delete C:\windows\system32\opnopMgG.dll C:\windows\system32\opnopMgG.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 17:03, on 2008-05-29 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\b&d\Desktop\New Folder\FR2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C218BC1-B339-40DF-8346-792D2DBAFFB5} - C:\WINDOWS\system32\urqRHwUM.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {454A62D0-0200-463B-90E0-9ED09A139D81} - C:\WINDOWS\System32\opnopMgG.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [80994b8e] rundll32.exe "C:\WINDOWS\System32\fijdttvn.dll",b O4 - HKLM\..\Run: [BM83aa7812] Rundll32.exe "C:\WINDOWS\System32\uywtlqnc.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: urqRHwUM - C:\WINDOWS\SYSTEM32\urqRHwUM.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Profil

bobby Poslao: 29 Maj 2008 17:31 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

bbee Poslao: 29 Maj 2008 19:03 Idi na vrh
offline bbee Novi MyCity građanin Pridružio: 27 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - b&d 2008-05-29 18:53:28.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.488 [GMT 2:00] Running from: C:\Documents and Settings\b&d\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . Error: Cfiles.dat Error: Cfolders.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM83aa7812.xml C:\WINDOWS\system32\cqrkuuam.dll C:\WINDOWS\system32\efcdBSlL.dll C:\WINDOWS\system32\fijdttvn.dll C:\WINDOWS\system32\hpofktqc.dll C:\WINDOWS\system32\hvrclyrm.ini C:\WINDOWS\system32\LlSBdcfe.ini C:\WINDOWS\system32\LlSBdcfe.ini2 C:\WINDOWS\system32\mauukrqc.ini C:\WINDOWS\system32\mrylcrvh.dll C:\WINDOWS\system32\nvttdjif.ini C:\WINDOWS\system32\nwfxxxhm.dll C:\WINDOWS\system32\rnsqmafp.dll C:\WINDOWS\system32\uywtlqnc.dll C:\WINDOWS\system32\wkqmegsw.ini C:\WINDOWS\system32\yewugoim.dll . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-29 17:05 . 2008-05-29 17:08 <DIR> d-------- C:\VundoFix Backups 2008-05-28 02:00 . 2008-05-28 02:00 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-05-28 02:00 . 2008-05-28 02:00 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-05-27 23:50 . 2008-05-27 23:50 <DIR> d-------- C:\Documents and Settings\b&d\Application Data\Sunbelt Software 2008-05-27 23:49 . 2008-05-27 23:49 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-05-27 23:49 . 2008-05-27 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2008-05-27 22:21 . 2008-05-27 23:13 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-05-15 00:59 . 2008-05-29 10:02 <DIR> d-------- C:\Program Files\Security Task Manager 2008-05-15 00:59 . 2008-05-29 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-05-13 19:26 . 2008-05-28 23:47 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2008-05-12 10:56 . 2008-05-28 23:48 735 --a------ C:\WINDOWS\cookies.ini 2008-05-12 10:20 . 2008-05-29 17:33 21 --a------ C:\WINDOWS\pskt.ini 2008-05-11 17:33 . 2008-05-11 17:33 44,032 --a------ C:\WINDOWS\system32\urqRHwUM.dll 2008-05-09 13:02 . 2008-05-09 13:00 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-05-09 13:02 . 2008-05-09 13:00 270,336 --a------ C:\WINDOWS\system32\imon.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 16:59 --------- d-----w C:\Documents and Settings\b&d\Application Data\skypePM 2008-05-29 16:58 --------- d-----w C:\Documents and Settings\b&d\Application Data\Skype 2008-05-13 17:54 --------- d-----w C:\Documents and Settings\b&d\Application Data\Winamp 2008-05-09 11:44 --------- d-----w C:\Program Files\ESET 2008-04-07 12:57 --------- d-----w C:\Program Files\Morton Benson 2008-03-30 19:05 360,124 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-03-15 00:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-01 19:18 8,705,840 ----a-w C:\Program Files\winamp552_full_emusic-7plus_en-us.exe 2008-02-13 14:56 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-14_23.39.13.00 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-27 20:24:55 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-05-27 20:24:55 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-05-27 20:24:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-05-27 20:25:00 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-05-27 20:25:02 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-05-27 20:24:56 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe - 2008-05-14 21:35:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-29 16:57:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll - 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe + 2008-05-27 21:49:39 19,230 ----a-r C:\WINDOWS\Installer\{7136FE70-D1A9-42A5-9BBD-87C440701D9F}\ARPPRODUCTICON.exe + 2006-12-28 14:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll + 2006-10-30 08:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys + 2005-11-02 08:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll + 2005-11-02 08:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll + 2003-02-21 05:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE + 2007-08-27 08:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe + 2005-11-02 08:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll + 2006-06-22 12:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C218BC1-B339-40DF-8346-792D2DBAFFB5}] 2008-05-11 17:33 44032 --a------ C:\WINDOWS\system32\urqRHwUM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{454A62D0-0200-463B-90E0-9ED09A139D81}] C:\WINDOWS\System32\opnopMgG.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-10 17:39 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 05:09 94208] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 05:06 77824] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 05:10 114688] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-09 13:00 917504] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-11 14:15:09 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{1C218BC1-B339-40DF-8346-792D2DBAFFB5}"= C:\WINDOWS\system32\urqRHwUM.dll [2008-05-11 17:33 44032] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHwUM] urqRHwUM.dll 2008-05-11 17:33 44032 C:\WINDOWS\system32\urqRHwUM.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] -ra------ 2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\System32\DRIVERS\iteraid.sys [2004-12-10 09:44] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 22:03] S3 FXDRV;FXDRV;C:\Program Files\SuperUtility\Fxdrv.sys [2004-07-01 23:46] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 18:58:17 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\urqRHwUM.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ESET\nod32krn.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************ . Completion time: 2008-05-29 19:02:17 - machine was rebooted [b&d] ComboFix-quarantined-files.txt 2008-05-29 17:02:12 ComboFix2.txt 2008-05-27 15:56:51 ComboFix3.txt 2008-05-14 21:39:33 Pre-Run: 30,038,425,600 bytes free Post-Run: 30,077,280,256 bytes free 175

Profil

bobby Poslao: 29 Maj 2008 19:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\urqRHwUM.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C218BC1-B339-40DF-8346-792D2DBAFFB5}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{454A62D0-0200-463B-90E0-9ED09A139D81}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bbee Poslao: 29 Maj 2008 19:39 Idi na vrh
offline bbee Novi MyCity građanin Pridružio: 27 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - b&d 2008-05-29 19:27:29.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.480 [GMT 2:00] Running from: C:\Documents and Settings\b&d\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\b&d\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\urqRHwUM.dll . Error: Cfiles.dat Error: Cfolders.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\urqRHwUM.dll . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-29 17:05 . 2008-05-29 17:08 <DIR> d-------- C:\VundoFix Backups 2008-05-28 02:00 . 2008-05-28 02:00 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-05-28 02:00 . 2008-05-28 02:00 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-05-27 23:50 . 2008-05-27 23:50 <DIR> d-------- C:\Documents and Settings\b&d\Application Data\Sunbelt Software 2008-05-27 23:49 . 2008-05-27 23:49 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-05-27 23:49 . 2008-05-27 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2008-05-27 22:21 . 2008-05-27 23:13 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-05-15 00:59 . 2008-05-29 10:02 <DIR> d-------- C:\Program Files\Security Task Manager 2008-05-15 00:59 . 2008-05-29 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-05-13 19:26 . 2008-05-28 23:47 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2008-05-12 10:56 . 2008-05-28 23:48 735 --a------ C:\WINDOWS\cookies.ini 2008-05-12 10:20 . 2008-05-29 17:33 21 --a------ C:\WINDOWS\pskt.ini 2008-05-09 13:02 . 2008-05-09 13:00 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-05-09 13:02 . 2008-05-09 13:00 270,336 --a------ C:\WINDOWS\system32\imon.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 16:59 --------- d-----w C:\Documents and Settings\b&d\Application Data\skypePM 2008-05-29 16:58 --------- d-----w C:\Documents and Settings\b&d\Application Data\Skype 2008-05-13 17:54 --------- d-----w C:\Documents and Settings\b&d\Application Data\Winamp 2008-05-09 11:44 --------- d-----w C:\Program Files\ESET 2008-04-07 12:57 --------- d-----w C:\Program Files\Morton Benson 2008-03-30 19:05 360,124 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-03-15 00:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-01 19:18 8,705,840 ----a-w C:\Program Files\winamp552_full_emusic-7plus_en-us.exe 2008-02-13 14:56 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-14_23.39.13.00 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-27 20:24:55 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-05-27 20:24:55 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-05-27 20:24:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-05-27 20:25:00 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-05-27 20:25:02 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-05-27 20:24:56 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe - 2008-05-14 21:35:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-29 17:30:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll - 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe + 2008-05-27 21:49:39 19,230 ----a-r C:\WINDOWS\Installer\{7136FE70-D1A9-42A5-9BBD-87C440701D9F}\ARPPRODUCTICON.exe + 2006-12-28 14:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll + 2006-10-30 08:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys + 2005-11-02 08:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll + 2005-11-02 08:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll + 2003-02-21 05:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE + 2007-08-27 08:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe + 2005-11-02 08:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll + 2006-06-22 12:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-10 17:39 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 05:09 94208] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 05:06 77824] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 05:10 114688] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-09 13:00 917504] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-11 14:15:09 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHwUM] urqRHwUM.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] -ra------ 2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\System32\DRIVERS\iteraid.sys [2004-12-10 09:44] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 22:03] S3 FXDRV;FXDRV;C:\Program Files\SuperUtility\Fxdrv.sys [2004-07-01 23:46] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 19:31:11 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ESET\nod32krn.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************ . Completion time: 2008-05-29 19:35:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-29 17:35:01 ComboFix2.txt 2008-05-29 17:02:17 ComboFix3.txt 2008-05-27 15:56:51 ComboFix4.txt 2008-05-14 21:39:33 Pre-Run: 30,047,600,640 bytes free Post-Run: 30,039,072,768 bytes free 153 Dopuna: 29 Maj 2008 19:39 juhuuuu Ne mogu da verujem!!!! nod ga vise ne prijavljuje!! imam samo jos jedno pitanje, ako mi mozete reci, koja je vasa preporuka za antivirus i antispyware prog?

Profil

bobby Poslao: 29 Maj 2008 20:05 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nismo jos zavrsili. Skeniraj ponovo HijackThisom i postavi ovde novi log.

Profil

bbee Poslao: 29 Maj 2008 20:42 Idi na vrh
offline bbee Novi MyCity građanin Pridružio: 27 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 20:40:25, on 29.5.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\b&d\Desktop\New Folder\FR2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: urqRHwUM - urqRHwUM.dll (file missing) O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe U medjuvremenu je nod nasao istu stvar u karantinu i u system volume information file koji je verovatno virtumonde sada kaze da su izbrisani i u ponovnom skeniranju ih nema. Prerano radovanje?

Profil

bobby Poslao: 29 Maj 2008 20:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] upomoc virtumonde u operativnoj memoriji

Ko je trenutno na forumu

Ukupno su 1293 korisnika na forumu :: 37 registrovanih, 8 sakrivenih i 1248 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, aramis s, Atomski čoban, Bluper, bobomicek, bojank, Boris Bosiljčić, cinoeye, comi_pfc, dekan.m, Demostant, Denaya, Dr.Strangelove, flash12, FOX, GenZee, goxin, ILGromovnik, Ivica1102, ivica976, Joja, Karla, milenko crazy north, Milometer, milutin134, Mixelotti, Mlav, nemkea71, nenad81, Oscar, procesor, slonic_tonic, Srki94, Stoilkovic, YU-UKI, zdrebac, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by