MyCity » Ambulanta -> Arhiva Ambulante » [helen1] explorer.exe nestaje i pojavljuje se

[helen1] explorer.exe nestaje i pojavljuje se

Napisano na dan: 22.6.2008

[helen1] explorer.exe nestaje i pojavljuje se

Sledeća strana

Pagination

Odgovori

dubajic Poslao: 22 Jun 2008 23:56 Idi na vrh
offline dubajic Novi MyCity građanin Pridružio: 22 Jun 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Video sam da ste vec nekolicini pomogli da se rese virusa koji kao rezultat daje nestajanje i pojavljivanje ikona i taskbara, pa Vas molim da ako neko ima vremena da i meni pomogne. Unapred zahvalan Logfile of HijackThis v1.99.1 Scan saved at 11:53:57 PM, on 6/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Zoki\Desktop\redenje\tre.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: Shell= O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0F8F84CF-DCBA-4426-AC18-30A8AB00C526} - C:\WINDOWS\system32\urqopPig.dll O2 - BHO: (no name) - {1111D324-F0E0-4D5D-9E9E-DE509164E3A1} - C:\WINDOWS\system32\hgGvwvwW.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {71DC3272-C9DD-477C-882B-A8CD281C3E6F} - C:\WINDOWS\system32\pmnNdCrs.dll (file missing) O2 - BHO: (no name) - {71F1C1DD-9E78-43E4-B0DA-8AEE585FFAB8} - C:\WINDOWS\system32\yayyVoOe.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: (no name) - {C26FE2D3-E2F0-444E-8BB5-C11E3A5F81BF} - C:\WINDOWS\system32\ssqPfddC.dll (file missing) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\RunOnce: [avp6_post_install] msiexec.exe /i"c:\kav\kav7\kav.en.msi" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - [Link mogu videti samo ulogovani korisnici]\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: CabBuilder - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEDAAAC-8121-4222-8FA7-E687337FC7C7}: NameServer = 77.105.0.18,77.105.0.19 O17 - HKLM\System\CS2\Services\Tcpip\..\{1FEDAAAC-8121-4222-8FA7-E687337FC7C7}: NameServer = 77.105.0.18,77.105.0.19 O17 - HKLM\System\CS3\Services\Tcpip\..\{1FEDAAAC-8121-4222-8FA7-E687337FC7C7}: NameServer = 77.105.0.18,77.105.0.19 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: urqopPig - C:\WINDOWS\SYSTEM32\urqopPig.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Profil

helen1 Poslao: 23 Jun 2008 12:36 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Zasto ne koristis antivirus. Mozemo da ti ocistimo komp, ali ces se ponovo vrlo brzo zaraziti? Instaliraj neki AV pod hitno. uradi sledece: Spybot S&D's Teatimer Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. Zatim, Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dubajic Poslao: 23 Jun 2008 23:25 Idi na vrh
offline dubajic Novi MyCity građanin Pridružio: 22 Jun 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imao sam AVG instaliran, a virus mi je usao, verovatno mojom greskom. Posto mi posle nije bio od pomoci deinstalirao sam ga i hteo da instaliram Kaspersky ali nije moglo i zato nema nijednog antivirusa u izvestaju. ComboFix 08-06-19.2 - Zak 2008-06-23 22:46:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.501 [GMT 2:00] Running from: C:\Documents and Settings\Zoki\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\CddfPqss.ini C:\WINDOWS\system32\CddfPqss.ini2 C:\WINDOWS\system32\dbfb.dll C:\WINDOWS\system32\eOoVyyay.ini C:\WINDOWS\system32\eOoVyyay.ini2 C:\WINDOWS\system32\hgGvwvwW.dll C:\WINDOWS\system32\srCdNnmp.ini C:\WINDOWS\system32\srCdNnmp.ini2 C:\WINDOWS\system32\urqopPig.dll C:\WINDOWS\system32\WwvwvGgh.ini C:\WINDOWS\system32\WwvwvGgh.ini2 . ((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))) . 2008-06-19 17:16 . 2008-06-19 17:16 <DIR> d-------- C:\kav 2008-06-18 23:34 . 2008-06-18 23:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-18 23:34 . 2008-06-18 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-17 18:35 . 2008-06-18 20:33 386 --a------ C:\WINDOWS\wininit.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-19 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-06-18 21:34 --------- d-----w C:\Program Files\Lavasoft 2008-06-17 21:13 --------- d-----w C:\Documents and Settings\Zoki\Application Data\AVG7 2008-06-17 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-17 16:34 --------- d-----w C:\Documents and Settings\Zoki\Application Data\SpywareRemover 2008-06-17 14:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-17 14:45 --------- d-----w C:\Program Files\Spyware Terminator 2008-05-22 07:36 --------- d-----w C:\Program Files\CCleaner 2008-05-11 17:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-01 14:02 --------- d--h--w C:\Program Files\Sefilware 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 16:05 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Yahoo! 2008-04-26 09:03 --------- d-----w C:\Program Files\Advanced WindowsCare V2 2008-04-25 09:46 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-16 10:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-16 10:28 307,200 ------w C:\WINDOWS\Setup1.exe 2006-07-19 21:09 49,728 ----a-w C:\Documents and Settings\Zoki\Application Data\GDIPFONTCACHEV1.DAT 2005-08-04 21:48 6,144 --sha-w C:\Program Files\Thumbs.db 2003-08-20 23:42 147 ----a-w C:\Program Files\_DEISREG.ISR 2003-08-20 23:42 13,545 ----a-w C:\Program Files\DeIsL1.isu 2003-02-18 11:13 1,442 ----a-w C:\Program Files\readme.txt 2003-02-18 11:12 197 ----a-w C:\Program Files\policy.dyn 2003-02-18 11:08 1,580,032 ----a-w C:\Program Files\tmaster.exe 2003-02-14 09:28 16,585 ----a-w C:\Program Files\Beginner.cnt 2003-01-29 10:51 990 ----a-w C:\Program Files\builder.hdr 2003-01-29 10:51 359,936 ----a-w C:\Program Files\builder.wiz 2003-01-29 09:30 13,165 ----a-w C:\Program Files\order.htm 2003-01-29 09:15 431 ----a-w C:\Program Files\UK1001B.exc 2003-01-29 08:33 809 ----a-w C:\Program Files\uk0802.exc 2003-01-29 08:31 1,403 ----a-w C:\Program Files\uk0704.exc 2003-01-29 08:29 770 ----a-w C:\Program Files\uk0703.exc 2003-01-29 08:27 859 ----a-w C:\Program Files\uk0702.exc 2003-01-29 08:25 1,382 ----a-w C:\Program Files\uk0604.exc 2003-01-29 08:22 823 ----a-w C:\Program Files\uk0603.exc 2003-01-29 08:21 828 ----a-w C:\Program Files\uk0602.exc 2003-01-29 08:19 653 ----a-w C:\Program Files\UK0201.exc 2003-01-29 08:15 874 ----a-w C:\Program Files\uk0502.exc 2003-01-29 08:07 908 ----a-w C:\Program Files\UK0203.exc 2003-01-29 08:05 413 ----a-w C:\Program Files\UK0501B.exc 2003-01-29 08:03 1,420 ----a-w C:\Program Files\uk0405.exc 2003-01-29 07:59 576 ----a-w C:\Program Files\uk0404.exc 2003-01-29 07:50 585 ----a-w C:\Program Files\uk0401.exc 2003-01-29 07:49 790 ----a-w C:\Program Files\uk0402.exc 2003-01-29 07:46 767 ----a-w C:\Program Files\UK0302.exc 2003-01-29 07:46 733 ----a-w C:\Program Files\uk03gh.exc 2003-01-28 15:40 2,389 ----a-w C:\Program Files\Typing.cnt 2003-01-28 15:39 7,289 ----a-w C:\Program Files\Revision.cnt 2003-01-27 09:32 5,552 ----a-w C:\Program Files\Specials.cnt 2003-01-22 14:48 679 ----a-w C:\Program Files\UKBASI3.INT 2003-01-22 13:10 380 ----a-w C:\Program Files\protr.int 2003-01-22 13:06 214 ----a-w C:\Program Files\ukergo3.int 2003-01-22 13:03 187 ----a-w C:\Program Files\UKBASI1.INT 2003-01-22 13:01 428 ----a-w C:\Program Files\UKCAPI.INT 2003-01-22 12:49 526 ----a-w C:\Program Files\UKBASI4.INT 2003-01-22 12:37 405 ----a-w C:\Program Files\UKBASI2.INT 2003-01-22 12:27 486 ----a-w C:\Program Files\UKERGO2.INT 2003-01-22 12:24 276 ----a-w C:\Program Files\UKERGO1.INT 2003-01-22 12:13 3,468 ----a-w C:\Program Files\Numpad.cnt 2003-01-16 07:56 12,643 ----a-w C:\Program Files\tutor.htm 2003-01-16 07:26 8,921 ----a-w C:\Program Files\support.htm 2003-01-15 13:03 10,259 ----a-w C:\Program Files\schools.htm 2003-01-13 15:17 41,428 ----a-w C:\Program Files\language.eng 2003-01-08 17:17 10,964 ----a-w C:\Program Files\protrainer.htm 2002-09-17 11:18 787 ----a-w C:\Program Files\UKN1303.exc 2002-08-22 11:18 1,096 ----a-w C:\Program Files\uk0504.exc 2002-08-15 10:39 1,202 ----a-w C:\Program Files\UK0204.exc 2002-08-15 10:29 591 ----a-w C:\Program Files\uk1304.exc 2002-08-15 10:27 802 ----a-w C:\Program Files\UK0103.exc 2002-08-15 10:27 616 ----a-w C:\Program Files\UK0102.exc 2002-08-15 10:27 292 ----a-w C:\Program Files\uk0102d.exc 2002-08-15 10:07 140 ----a-w C:\Program Files\uk0403a.exc 2002-08-15 10:06 132 ----a-w C:\Program Files\uk0600qz.exc 2002-08-15 07:18 144 ----a-w C:\Program Files\uk0900qz.exc 2002-08-15 07:15 144 ----a-w C:\Program Files\uk0900.exc 2002-08-15 06:59 157 ----a-w C:\Program Files\uk1302a.exc 2002-08-15 06:56 158 ----a-w C:\Program Files\uk1301b.exc 2002-08-15 06:55 190 ----a-w C:\Program Files\uk1301a.exc 2002-08-15 06:45 112 ----a-w C:\Program Files\uk1000.exc 2002-08-15 06:41 150 ----a-w C:\Program Files\uk0800.exc 2002-08-15 06:40 132 ----a-w C:\Program Files\uk0700.exc 2002-08-15 06:39 132 ----a-w C:\Program Files\uk0600.exc 2002-08-15 06:37 180 ----a-w C:\Program Files\uk0500.exc 2002-08-15 06:33 108 ----a-w C:\Program Files\uk0400.exc 2002-08-15 06:31 162 ----a-w C:\Program Files\uk0300.exc 2002-08-15 06:30 226 ----a-w C:\Program Files\uk0200.exc 2002-08-15 06:24 1,168 ----a-w C:\Program Files\UK0105.exc 2002-08-07 08:50 234 ----a-w C:\Program Files\uk0100d.exc 2002-08-07 08:46 138 ----a-w C:\Program Files\uk0100.exc 2002-08-06 11:32 969 ----a-w C:\Program Files\UK0303.exc 2002-08-06 11:30 810 ----a-w C:\Program Files\UK0202.exc 2002-08-06 10:30 1,442 ----a-w C:\Program Files\uk1305.exc 2002-08-06 10:23 694 ----a-w C:\Program Files\uk1303.exc 2002-08-06 10:20 705 ----a-w C:\Program Files\uk1302.exc 2002-08-06 10:18 215 ----a-w C:\Program Files\uk1301.exc 2002-08-06 10:14 1,335 ----a-w C:\Program Files\uk1004.exc 2002-08-06 10:12 816 ----a-w C:\Program Files\uk1002.exc 2002-08-06 10:08 1,376 ----a-w C:\Program Files\uk0904.exc 2002-08-06 10:06 744 ----a-w C:\Program Files\uk0903.exc . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DC3272-C9DD-477C-882B-A8CD281C3E6F}] C:\WINDOWS\system32\pmnNdCrs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71F1C1DD-9E78-43E4-B0DA-8AEE585FFAB8}] C:\WINDOWS\system32\yayyVoOe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C26FE2D3-E2F0-444E-8BB5-C11E3A5F81BF}] C:\WINDOWS\system32\ssqPfddC.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12 222720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-07-03 15:54:53 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"= 0 (0x0) "Btn_Fullscreen"= 1 (0x1) "Btn_MailNews"= 1 (0x1) "Btn_Size"= 1 (0x1) "Btn_Print"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll "vidc.ir32"= C:\WINDOWS\System32\ir32_32.dll "vidc.ir31"= C:\WINDOWS\System32\ir32_32.dll "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook] C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-05-18 12:29 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-07 18:56 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-03-27 08:35 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VideoAcceleratorService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\kav\\kav7\\setup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-12-08 13:32] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 14:47] S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 14:48] S4 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2007-12-08 13:32] . Contents of the 'Scheduled Tasks' folder "2008-06-01 18:30:48 C:\WINDOWS\Tasks\Advanced WindowsCare.job" - C:\Program Files\Advanced WindowsCare V2\AutoCare.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-23 23:02:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-06-23 23:08:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-23 21:08:49 Pre-Run: 877,891,584 bytes free Post-Run: 980,705,280 bytes free 255 --- E O F --- 2008-03-19 09:02:54

Profil

helen1 Poslao: 24 Jun 2008 21:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\Documents and Settings\Zoki\Application Data\SpywareRemover Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DC3272-C9DD-477C-882B-A8CD281C3E6F}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71F1C1DD-9E78-43E4-B0DA-8AEE585FFAB8}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C26FE2D3-E2F0-444E-8BB5-C11E3A5F81BF}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dubajic Poslao: 24 Jun 2008 21:23 Idi na vrh
offline dubajic Novi MyCity građanin Pridružio: 22 Jun 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jutros i veceras kada sam palio racunar nisu mi nestajale ikonice ComboFix 08-06-19.2 - Zak 2008-06-24 21:13:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.488 [GMT 2:00] Running from: C:\Documents and Settings\Zoki\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Zoki\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Zoki\Application Data\SpywareRemover . ((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))) . 2008-06-19 17:16 . 2008-06-19 17:16 <DIR> d-------- C:\kav 2008-06-18 23:34 . 2008-06-18 23:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-18 23:34 . 2008-06-18 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-17 18:35 . 2008-06-18 20:33 386 --a------ C:\WINDOWS\wininit.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-19 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-06-18 21:34 --------- d-----w C:\Program Files\Lavasoft 2008-06-17 21:13 --------- d-----w C:\Documents and Settings\Zoki\Application Data\AVG7 2008-06-17 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-17 14:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-17 14:45 --------- d-----w C:\Program Files\Spyware Terminator 2008-05-22 07:36 --------- d-----w C:\Program Files\CCleaner 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-11 17:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-01 14:02 --------- d--h--w C:\Program Files\Sefilware 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 16:05 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Yahoo! 2008-04-26 09:03 --------- d-----w C:\Program Files\Advanced WindowsCare V2 2008-04-25 09:46 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-16 10:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-16 10:28 307,200 ------w C:\WINDOWS\Setup1.exe 2006-07-19 21:09 49,728 ----a-w C:\Documents and Settings\Zoki\Application Data\GDIPFONTCACHEV1.DAT 2005-08-04 21:48 6,144 --sha-w C:\Program Files\Thumbs.db 2003-08-20 23:42 147 ----a-w C:\Program Files\_DEISREG.ISR 2003-08-20 23:42 13,545 ----a-w C:\Program Files\DeIsL1.isu 2003-02-18 11:13 1,442 ----a-w C:\Program Files\readme.txt 2003-02-18 11:12 197 ----a-w C:\Program Files\policy.dyn 2003-02-18 11:08 1,580,032 ----a-w C:\Program Files\tmaster.exe 2003-02-14 09:28 16,585 ----a-w C:\Program Files\Beginner.cnt 2003-01-29 10:51 990 ----a-w C:\Program Files\builder.hdr 2003-01-29 10:51 359,936 ----a-w C:\Program Files\builder.wiz 2003-01-29 09:30 13,165 ----a-w C:\Program Files\order.htm 2003-01-29 09:15 431 ----a-w C:\Program Files\UK1001B.exc 2003-01-29 08:33 809 ----a-w C:\Program Files\uk0802.exc 2003-01-29 08:31 1,403 ----a-w C:\Program Files\uk0704.exc 2003-01-29 08:29 770 ----a-w C:\Program Files\uk0703.exc 2003-01-29 08:27 859 ----a-w C:\Program Files\uk0702.exc 2003-01-29 08:25 1,382 ----a-w C:\Program Files\uk0604.exc 2003-01-29 08:22 823 ----a-w C:\Program Files\uk0603.exc 2003-01-29 08:21 828 ----a-w C:\Program Files\uk0602.exc 2003-01-29 08:19 653 ----a-w C:\Program Files\UK0201.exc 2003-01-29 08:15 874 ----a-w C:\Program Files\uk0502.exc 2003-01-29 08:07 908 ----a-w C:\Program Files\UK0203.exc 2003-01-29 08:05 413 ----a-w C:\Program Files\UK0501B.exc 2003-01-29 08:03 1,420 ----a-w C:\Program Files\uk0405.exc 2003-01-29 07:59 576 ----a-w C:\Program Files\uk0404.exc 2003-01-29 07:50 585 ----a-w C:\Program Files\uk0401.exc 2003-01-29 07:49 790 ----a-w C:\Program Files\uk0402.exc 2003-01-29 07:46 767 ----a-w C:\Program Files\UK0302.exc 2003-01-29 07:46 733 ----a-w C:\Program Files\uk03gh.exc 2003-01-28 15:40 2,389 ----a-w C:\Program Files\Typing.cnt 2003-01-28 15:39 7,289 ----a-w C:\Program Files\Revision.cnt 2003-01-27 09:32 5,552 ----a-w C:\Program Files\Specials.cnt 2003-01-22 14:48 679 ----a-w C:\Program Files\UKBASI3.INT 2003-01-22 13:10 380 ----a-w C:\Program Files\protr.int 2003-01-22 13:06 214 ----a-w C:\Program Files\ukergo3.int 2003-01-22 13:03 187 ----a-w C:\Program Files\UKBASI1.INT 2003-01-22 13:01 428 ----a-w C:\Program Files\UKCAPI.INT 2003-01-22 12:49 526 ----a-w C:\Program Files\UKBASI4.INT 2003-01-22 12:37 405 ----a-w C:\Program Files\UKBASI2.INT 2003-01-22 12:27 486 ----a-w C:\Program Files\UKERGO2.INT 2003-01-22 12:24 276 ----a-w C:\Program Files\UKERGO1.INT 2003-01-22 12:13 3,468 ----a-w C:\Program Files\Numpad.cnt 2003-01-16 07:56 12,643 ----a-w C:\Program Files\tutor.htm 2003-01-16 07:26 8,921 ----a-w C:\Program Files\support.htm 2003-01-15 13:03 10,259 ----a-w C:\Program Files\schools.htm 2003-01-13 15:17 41,428 ----a-w C:\Program Files\language.eng 2003-01-08 17:17 10,964 ----a-w C:\Program Files\protrainer.htm 2002-09-17 11:18 787 ----a-w C:\Program Files\UKN1303.exc 2002-08-22 11:18 1,096 ----a-w C:\Program Files\uk0504.exc 2002-08-15 10:39 1,202 ----a-w C:\Program Files\UK0204.exc 2002-08-15 10:29 591 ----a-w C:\Program Files\uk1304.exc 2002-08-15 10:27 802 ----a-w C:\Program Files\UK0103.exc 2002-08-15 10:27 616 ----a-w C:\Program Files\UK0102.exc 2002-08-15 10:27 292 ----a-w C:\Program Files\uk0102d.exc 2002-08-15 10:07 140 ----a-w C:\Program Files\uk0403a.exc 2002-08-15 10:06 132 ----a-w C:\Program Files\uk0600qz.exc 2002-08-15 07:18 144 ----a-w C:\Program Files\uk0900qz.exc 2002-08-15 07:15 144 ----a-w C:\Program Files\uk0900.exc 2002-08-15 06:59 157 ----a-w C:\Program Files\uk1302a.exc 2002-08-15 06:56 158 ----a-w C:\Program Files\uk1301b.exc 2002-08-15 06:55 190 ----a-w C:\Program Files\uk1301a.exc 2002-08-15 06:45 112 ----a-w C:\Program Files\uk1000.exc 2002-08-15 06:41 150 ----a-w C:\Program Files\uk0800.exc 2002-08-15 06:40 132 ----a-w C:\Program Files\uk0700.exc 2002-08-15 06:39 132 ----a-w C:\Program Files\uk0600.exc 2002-08-15 06:37 180 ----a-w C:\Program Files\uk0500.exc 2002-08-15 06:33 108 ----a-w C:\Program Files\uk0400.exc 2002-08-15 06:31 162 ----a-w C:\Program Files\uk0300.exc 2002-08-15 06:30 226 ----a-w C:\Program Files\uk0200.exc 2002-08-15 06:24 1,168 ----a-w C:\Program Files\UK0105.exc 2002-08-07 08:50 234 ----a-w C:\Program Files\uk0100d.exc 2002-08-07 08:46 138 ----a-w C:\Program Files\uk0100.exc 2002-08-06 11:32 969 ----a-w C:\Program Files\UK0303.exc 2002-08-06 11:30 810 ----a-w C:\Program Files\UK0202.exc 2002-08-06 10:30 1,442 ----a-w C:\Program Files\uk1305.exc 2002-08-06 10:23 694 ----a-w C:\Program Files\uk1303.exc 2002-08-06 10:20 705 ----a-w C:\Program Files\uk1302.exc 2002-08-06 10:18 215 ----a-w C:\Program Files\uk1301.exc 2002-08-06 10:14 1,335 ----a-w C:\Program Files\uk1004.exc 2002-08-06 10:12 816 ----a-w C:\Program Files\uk1002.exc 2002-08-06 10:08 1,376 ----a-w C:\Program Files\uk0904.exc 2002-08-06 10:06 744 ----a-w C:\Program Files\uk0903.exc . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-23 21:01:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-24 18:32:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12 222720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-07-03 15:54:53 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"= 0 (0x0) "Btn_Fullscreen"= 1 (0x1) "Btn_MailNews"= 1 (0x1) "Btn_Size"= 1 (0x1) "Btn_Print"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll "vidc.ir32"= C:\WINDOWS\System32\ir32_32.dll "vidc.ir31"= C:\WINDOWS\System32\ir32_32.dll "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook] C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-05-18 12:29 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-07 18:56 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-03-27 08:35 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VideoAcceleratorService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\kav\\kav7\\setup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-12-08 13:32] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 14:47] S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 14:48] S4 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2007-12-08 13:32] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-01 18:30:48 C:\WINDOWS\Tasks\Advanced WindowsCare.job" - C:\Program Files\Advanced WindowsCare V2\AutoCare.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-24 21:16:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-24 21:19:02 ComboFix-quarantined-files.txt 2008-06-24 19:18:56 ComboFix2.txt 2008-06-23 21:08:57 Pre-Run: 960,606,208 bytes free Post-Run: 946,409,472 bytes free 233 --- E O F --- 2008-03-19 09:02:54

Profil

helen1 Poslao: 24 Jun 2008 21:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje? Ima li problema?

Profil

dubajic Poslao: 24 Jun 2008 22:37 Idi na vrh
offline dubajic Novi MyCity građanin Pridružio: 22 Jun 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne vidim da ima nekih problema, mada eto ni jutros kada sam palio racunar nije bilo problema sa ikonicama i taskbarom. Nadam se da ce tako i ostati, a ako nesto bude narednih dana a nadam se da nece, cucemo se. U svakom slucaju puno Vam hvala na trudu i vremenu, stvarno ste sjajni. Pozdrav

Profil

helen1 Poslao: 25 Jun 2008 20:49 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [helen1] explorer.exe nestaje i pojavljuje se

Ko je trenutno na forumu

Ukupno su 1321 korisnika na forumu :: 109 registrovanih, 9 sakrivenih i 1203 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., Alexa77, aramis s, Armadillo, Avalon015, Ben Roj, blackjack, bojan_t, bojank, bokisha253, Borej, Boris90, Cian, Citalac, Civa, cojapop, darkojbn, debeli, DeerHunter, deLacy, Dimitrije Paunovic, Dorijan Grej, Drakce65, drgrozozo, dusanobr, ElGenius, Erast Petrovic, Fabius, gasha, goxin, h8propaganda, havoc995, Holy Saber, ikan, IQ116, Jakonjveliki, jodzula, Jose, K2, kljift, Kobrim, Koridor, kubura91, kybonacci, Lazur_01, lcc, Limeni91, LostInSpaceandTime, Marko987, markolopin, markomacii9, MB120mm, Mi lao shu, miki kv, mikrimaus, milanpetkovicv, mile.ilic75, MILO-VAN, misa1xx, Mldo, Mrav Obrad, Najax, nelezele, neutrino, niksa517, omen, opt1, Paklenica, Pale2025, Parker, ping15, Pohovani_00, Povratak1912, Prašinar, precan, rakivan, Regrut Boskica, samojednoimeznam, samsung, sekretar, septembar, Shadow soldier, Skok23, sova72, spalev, Srna, sslay, StalniPromatrač, strelac07, styg, tamno.nebo, Tandrkalo, trademark1982, Tribal, TRZH92, ujke, User98, vathra, vladao75, vladas87, Vladko, wizzardone, Wrangler, zg, ZlatniRez, Zoca, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by