IE VELIKI problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.Tek sto sam reinstalirao i podigao sistem izlazi upozorenje da je IE naisao na gresku i da mora da se zatvori.Uprozoru (dont)send error pise:
C:\DOCUME~1\PCZUFG~1\LOCALS~1\Temp\WERa2dc.dir00\drwtsn32.exe.mdmp
C:\DOCUME~1\PCZUFG~1\LOCALS~1\Temp\WERa2dc.dir00\appcompat.txt.
Internet skoro da NE radi.Zahvaljujem za bilo kakvu pomoc.Evo log liste:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:41, on 9.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system\VMwareService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\PC ZUFGH\Desktop\moj folder\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe

--
End of file - 4133 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Postavljeni log je čist a rušenje IE-a ne mora da ima bilo kakve veze sa malware-om.



No... Odradićemo još jednu proveru.



Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Toliko mi je usporio i sam rad racunara da trenutno ne mogu ovo da odradim sa gmer-om a sistem je tek reinstaliran.Cesto mi se pojavljuje prozor i pise:C\WINDOWS\System32\x.exe.NTVDM CPU illegal instruction...Odgovorite ako znate sta je ovo ako ne pokusacu kasnije da posaljem log-ove sa gmer-a

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gmer može da sačeka za sada...


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I jutros kad sam podigao sistem otvorio se prozor IE sa greskom:
C:\DOCUME~1\PCZUFG~1\LOCALS~1\Temp\WERa0f7.dir00\svchost.exe.mdmp
Evo log liste od Combofix-a(bio je aktivan NOD32):
ComboFix 08-12-07.04 - PC ZUFGH 2008-12-10 9:53:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.696 [GMT 1:00]
Running from: c:\documents and settings\PC ZUFGH\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\divx.dll
c:\windows\system32\x.exe
G:\autorun.inf
g:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213
g:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
g:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 09:51 . 2008-12-10 09:51 69 --a------ c:\windows\NeroDigital.ini
2008-12-10 09:08 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-10 00:30 . 2008-12-10 00:30 <DIR> d-------- c:\program files\Rockstar Games
2008-12-09 22:18 . 2008-12-10 00:29 23 --a------ c:\windows\BlendSettings.ini
2008-12-09 21:55 . 2008-12-09 21:55 <DIR> d-------- c:\documents and settings\PC ZUFGH\Application Data\ACD Systems
2008-12-09 21:47 . 2008-12-09 21:47 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-09 19:06 . 2008-12-09 19:16 250 --a------ c:\windows\gmer.ini
2008-12-09 16:47 . 2008-12-09 16:46 23,552 -r-hs---- c:\windows\system\VMwareService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 23:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 14:26 --------- d-----w c:\program files\Diskeeper Corporation
2008-12-09 14:26 --------- d-----w c:\documents and settings\PC ZUFGH\Application Data\Leadertech
2008-12-09 14:25 --------- d-----w c:\program files\Yahoo!
2008-12-09 14:25 --------- d-----w c:\program files\CCleaner
2008-12-09 14:24 --------- d-----w c:\program files\Ahead
2008-12-09 14:23 --------- d-----w c:\program files\Common Files\Ahead
2008-12-09 14:22 99,965 ----a-w c:\windows\UninstallFirefox.exe
2008-12-09 14:20 --------- d-----w c:\program files\Winamp
2008-12-09 14:17 --------- d-----w c:\program files\CyberLink
2008-12-09 14:17 --------- d-----w c:\documents and settings\PC ZUFGH\Application Data\CyberLink
2008-12-09 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-09 14:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-09 14:15 --------- d-----w c:\program files\Mv2Player
2008-12-09 14:15 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-09 14:15 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-09 14:14 --------- d-----w c:\program files\Common Files\Adobe
2008-12-09 14:11 --------- d-----w c:\program files\Microsoft.NET
2008-12-09 14:10 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-09 14:06 10,368 ----a-w c:\windows\system32\drivers\pfc.sys
2008-12-09 14:06 --------- d-----w c:\program files\Common Files\ACD Systems
2008-12-09 14:06 --------- d-----w c:\program files\ACD Systems
2008-12-09 14:06 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-09 13:57 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-12-09 13:54 --------- d-----w c:\program files\ESET
2008-12-09 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-09 13:36 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-11-14 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-09-16 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system\\VMwareService.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" [2008-12-09 23552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\PC ZUFGH\Application Data\Mozilla\Firefox\Profiles\am6zdhcn.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-10 09:57:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-10 9:59:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 08:59:46

Pre-Run: 30.943.252.480 bytes free
Post-Run: 31,091,138,560 bytes free

129

Dopuna: 10 Dec 2008 13:14

Nisam mogao da uploudujem GMER fajlove.Iskopirao sam ih:
GMER 1.0.14.14536 - gmer.net
Rootkit scan 2008-12-10 12:50:33
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1804] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [ C2, 04, 00, 00 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.14 ----

Dopuna: 10 Dec 2008 13:18

GMER 1.0.14.14536 - gmer.net
Autostart scan 2008-12-10 12:56:35
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Diskeeper@ = "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
ekrn@ = "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
RichVideo@ = "C:\Program Files\CyberLink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????????
UMWdf@ = C:\WINDOWS\system32\wdfmgr.exe
VMwareService@ = "C:\WINDOWS\system\VMwareService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@egui"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
@RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
@LanguageShortcut"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" = "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
@WinampAgentC:\Program Files\Winamp\winampa.exe = C:\Program Files\Winamp\winampa.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@DiskeeperSystray"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*Eset Smart Security - Context Menu Shell Extension*/C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
Adobe Reader Synchronizer.lnk = Adobe Reader Synchronizer.lnk

---- EOF - GMER 1.0.14 ----

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

Upload-uj sledeći file: c:\windows\system\VMwareService.exe

Upload link: http://www.mycity.rs/ambulanta-upload.php