Poslao: 17 Dec 2006 01:15
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
OK, Boby nije problem! Laku noc!
Boonty
Vidalia
Emoticons Mail
EZSmileys
Vade Retro Outlook Express
E, ovako: Ovaj Prvi ,,boonty,, neznam niti sam znao da je program. Znaci nisam instalirao!
Drugi ,,vidalia,, sam instalirao jer sam mislio da je to Proxy koji krije IP adresu ali sam se zeznuo i evo ga ukljucen u desnom uglu i ne koristim ga! Neznam ni dali mi krije IP adresu!
Treci ,,Emoticons Mail,, sam ja instalirao i mislim da je to program za smajlije i nemogu N-i-k-a-k-o da ga deinstaliram!
Cetvrti, ,,Vade Retro Outlook Express,,... iskreno, za ovaj se ne secam dali sam ja instalirao i dali mi je uopste potreban jer neznam kao prvo ni cemu sluzi!
Nadam se da razumes!?
Za ove:
C:\APPS\IE\offline\sw.htm
C:\WINDOWS\system32\zcoxmgvt.exe
C:\WINDOWS\system32\ebkp.dll
Zipovacu ih i saljem sutra!
|
|
|
|
Poslao: 17 Dec 2006 17:06
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Posalji mi jos i folder C:\Program\Delade filer\BOONTY Shared
Nakon toga bootuj komjuter u SafeMode i obrisi sledece:
celi folderi:
C:\Program\MyWebSearch
C:\Program\HbTools
C:\Program\Error Safe Free
C:\Program\Emoticons Mail\
Pojedinacni fajlovi:
C:\WINDOWS\system32\zcoxmgvt.exe
Sledece fajlove premesti u neki drugi folder (za slucaj da zatreba da ih vratimo nazad):
C:\WINDOWS\system32\ebkp.dll
U Add/Remove programs (ili kako se vec to zove na Svedskom) pokusaj da nadjes i da deinstaliras:
Vidalia
Vade Retro Outlook Express
Osim toga, u logu se pojavljuje da koristis alternativne metode unosa teksta (s desna-ulevo, kao arapski, hebrejski i slicni). Jel koristis tako nesto ili neznas odakle to sada na tvom kompjuteru?
Kada pobrises ono sto sam gore nabrojao, vrati se u Normalni mod rada Windowsa i napravi svez HJT log.
|
|
|
|
Poslao: 17 Dec 2006 17:57
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
celi folderi:
C:\Program\MyWebSearch
C:\Program\HbTools
C:\Program\Error Safe Free
C:\Program\Emoticons Mail\
Ja za ovo neznam da uradim jer nikad nisam pristupio u Safe Mode-u jer su mi rekli da moze da bude opesno ako tu nesto petljam!
No, dali mogu da izbrisem te programe iz Add/Remove!?
Dopuna: 17 Dec 2006 17:52
ovako mi pise kad udjem u Safe Mode!
System.INI - Win.INI - Boot.INI - Usluge - Auto start!
Kada udjem u Boot.INI pise:
/SafeBOOT
/NogUIBOOT
/BootLog
/BaseVideo
/SOS
Dopuna: 17 Dec 2006 17:57
bobby ::Osim toga, u logu se pojavljuje da koristis alternativne metode unosa teksta (s desna-ulevo, kao arapski, hebrejski i slicni). Jel koristis tako nesto ili neznas odakle to sada na tvom kompjuteru?
Za ovo prvi put cujem! Ne koristim!
|
|
|
|
|
Poslao: 17 Dec 2006 18:46
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
Ne, nisam tako ali sam usao u ,,Start,, i onda ,,trazi,,! Posle toga sam napisao ,,msconfig,, i to je sve! Pokusacu da restartujem kompjuter!
Ove programe sam malopre deinstalirao iz Add/Remove i nadam se da je u redu. Ovaj program ,,Vade Retro Outlook Express,, nemogu da ga nadjem! Neznam zasto, a bio je tu pre dva dana!
Dopuna: 17 Dec 2006 18:46
Evo sada sam zavrsio i pretragu SpyBotom i pronasao je ovo:
Adrevolver
Advertising.com
Avenue A, inc.
Blue Streak
CoolWWWSearch
DoubleClick
ErrorSafe
FastClick
Funweb
GoClick
Hotbar
LingStrategy
MediaPlex
Statcounter
TagASaurus
WhenUsearch
Win32.Small.ddx
Zanox
Zedo
|
|
|
|
Poslao: 17 Dec 2006 19:00
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Odlicno.
Postavi novi log da vidimo da li je propustio nesto.
|
|
|
|
Poslao: 17 Dec 2006 19:08
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
Logfile of HijackThis v1.99.1
Scan saved at 19:05:18, on 2006-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
D:\Documents and Settings\goran.049747020057\Mina dokument\Winamp\winampa.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\goran.049747020057.000\Skrivbord\Muzika\NARODNA MUZIKA\GOGA\FASCIKLA_____\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\goran.049747020057\Mina dokument\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EZ Smileys] "D:\EZ Smileys\EZSmileys.exe"
O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program\Delade filer\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
Dopuna: 17 Dec 2006 19:08
Eto! Jel ima problema ili je sve isto!?
|
|
|
|
|
Poslao: 17 Dec 2006 19:40
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
Boby, neznam da udjem u Safe Mode!
Restartovao sam kompjuter vec 4 put i nista! Kliknem F8 i kada udjem tamo pise: _Select a boot first service_
+Hard Disk
CDRom
Intel UNDI, PXE
Usao sam u Hard Disk i tamo pise:
Ch2 M. : Satao-ST3
Bootable Add- in Cards
U koje god da udjem od ova dva izbaci mi ono Windows i kompjuter nastavi normalnim radom!
U CDROM-u je isti slucaj, znaci samo nastavi sa radom!
|
|
|
|
Poslao: 17 Dec 2006 19:58
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Mnogo rano pritiskas F8, probaj malo kasnije.
Ako ti ni to ne uspe, onda imam i drugog resenja, ali treba da se skine jos jedan program.
|
|
|
|