MyCity » Ambulanta -> Arhiva Ambulante » win32/sinteri!generic

win32/sinteri!generic

Napisano na dan: 30.7.2007

win32/sinteri!generic

Sledeća strana

Pagination

Odgovori

cccc Poslao: 30 Jul 2007 00:18 Idi na vrh
offline cccc Novi MyCity građanin Pridružio: 30 Jul 2007 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li zna neko kako da se resim virusa pod ovim nazivom "win32/sinteri!generic", zakacila sam ga otvarajuci postu i prebacila na desktop i ne mogu da ga obrisem.

Profil

oblak Poslao: 30 Jul 2007 08:16 Idi na vrh
offline oblak Legendarni građanin Glavni moderator foruma Mobilni telefoni LEBE KISELI Pridružio: 14 Feb 2005 Poruke: 6355	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ko ti kaze da se tako zove koji antivirus?

Profil

Plankton Poslao: 30 Jul 2007 11:05 Idi na vrh
offline Plankton Građanin Pridružio: 04 Maj 2006 Poruke: 151 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz cccc, mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Isprati uputstva sa ovog linka, a temu ce da prebaci neki od moderatora u odgovarajuci forum.

Profil

cccc Poslao: 30 Jul 2007 23:07 Idi na vrh
offline cccc Novi MyCity građanin Pridružio: 30 Jul 2007 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 11:02:40 PM, on 7/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\system32\lxcfcoms.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Korisnik\Desktop\zajeb.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mystart.incredimail.com/english R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Mini-YuRecnik] C:\YuRecnik\MiniYuRecnik.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.0.15.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - news.beograd.com/AxisCamControl.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{4337D49C-B6E9-4B29-A33F-C3D06C7B6E85}: NameServer = 194.247.192.33 194.247.192.1 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe *ZAKACILA SAM VIRUS POD NAZIVOM "Win32/Sinteri!generic". U MEDJUVREMENU JE IKONICA SA DESKTOPA NESTALA. POSLE SKENIRANJA eTrust EZ Antivirusa locirao je dva mesta: C:/DOCUMENTS AND SETTINGS/KORISNIK/LOCAL SETTINGS WIN32/SINTUN.AC i na C:/WINDOWS/spooldr.exe win32/sintun.ac pozz za Planktona-sorry ako negde gresimo, ne razumemo se najbolje u te stvari:)

Profil

dr_Bora Poslao: 31 Jul 2007 11:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, cccc. Pokreni HijackThis i opet skeniraj, zatim štikliraj sledeće linije: R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebpro.....0.0.15.cab i klikni na Fix Checked. Restartuj kompjuter pa zatim pronađi sledeće foldere i obriši ih: C:\Program Files\AskTBar ( <---AskTBar ) C:\Program Files\MyWebSearch ( <---MyWebSearch ) Zatim preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacila u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj u sledeći post sadržaj ta dva fajla kao i novi HijackThis log. Takođe bih te zamolio da pojasniš šta ti je tačno prijavio anti-virusni program kao poduzete akcije kada je detektovao ta dva fajla ( da li ih je obrisao ili je prijavio da nije u mogućnosti to da uradi ).

Profil

cccc Poslao: 31 Jul 2007 21:30 Idi na vrh
offline cccc Novi MyCity građanin Pridružio: 30 Jul 2007 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Planktonu! Skenirao i stiklirao po uputstvu,restartovao ,MyWebSearch sam obrisao a AskTBar nisam uspeo,pise CANNOT DELETE ASKTBAR... tako da sam tu prekinuo,sta raditi dalje,a sto se tice antivirusa pronasao i obrisao (select-deleted) oba virusa. Unapred hvala na strpljenju!

Profil

dr_Bora Poslao: 31 Jul 2007 21:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na kompjuteru verovatno više nema malware-a, no da bi bili sigurni u to, zamoliću te da ispratiš uputstva iz mog prethodnog post-a do kraja. Znači, potrebni su nam Gmer logovi i novi HijackThis log.

Profil

cccc Poslao: 01 Avg 2007 01:22 Idi na vrh
offline cccc Novi MyCity građanin Pridružio: 30 Jul 2007 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 1:15:17 AM, on 8/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Documents and Settings\Korisnik\Desktop\zajeb.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mystart.incredimail.com/english O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Mini-YuRecnik] C:\YuRecnik\MiniYuRecnik.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - news.beograd.com/AxisCamControl.ocx O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe GMER 1.0.13.12551 - gmer.net Rootkit scan 2007-08-01 00:53:58 Windows 5.1.2600 Service Pack 2 AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7977F1C] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F79780A4] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7978240] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7978010] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7977FF0] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F779FCFA] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F779FF00] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F77A00F0] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F77A00F0] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F77A030C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F779F976] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F77A038C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F77A05C0] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F779FA7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F779FA7C] VET-FILT.SYS Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E16F2C30 Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E16F2C30 Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E16F2C30 Device \Driver\nvatabus \Device\00000070 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys Device \Driver\nvata \Device\00000072 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1567550 Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E1567550 Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E1567550 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F798F6C1] prosync1.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7977F1C] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F79780A4] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7978240] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7978010] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7977FF0] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7977EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7977EB6GMER 1.0.13.12551 - gmer.net Autostart scan 2007-08-01 01:13:08 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> CAISafe /CAISafe/@ = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe MDM /Machine Debug Manager/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" NVSvc /NVIDIA Display Driver Service/@ = %SystemRoot%\system32\nvsvc32.exe Spooler /Print Spooler/@ = %SystemRoot%\system32\spoolsv.exe UMWdf /Windows User Mode Driver Framework/@ = C:\WINDOWS\system32\wdfmgr.exe VETMSGNT /VET Message Service/@ = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE @RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" @WinampAgent"C:\Program Files\Winamp\Winampa.exe" = "C:\Program Files\Winamp\Winampa.exe" @NVMixerTray"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" = "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit @LXCFCATSrundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 @CaAvTray"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" = "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" @CAVRID"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" = "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" @RegistryMechanicC:\Program Files\Registry Mechanic\RegMech.exe /S /file not found/ = C:\Program Files\Registry Mechanic\RegMech.exe /S /file not found/ @NeroFilterCheckC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe @Mini-YuRecnikC:\YuRecnik\MiniYuRecnik.exe = C:\YuRecnik\MiniYuRecnik.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background @Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe @IncrediMailC:\Program Files\IncrediMail\bin\IncMail.exe /c /file not found/ = C:\Program Files\IncrediMail\bin\IncMail.exe /c /file not found/ @MagenticC:\PROGRA~1\Magentic\bin\Magentic.exe /c = C:\PROGRA~1\Magentic\bin\Magentic.exe /c @BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" @updateMgrC:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 /file not found/ = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 /file not found/ HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{596AB062-B4D2-4215-9F74-E9109B0A8153} /Previous Versions Property Page/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /Previous Versions/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /Autoplay for SlideShow/(null) = @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /Extensions Manager Folder/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /Web Folders/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /Microsoft Office HTML Icon Handler/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll @{A70C977A-BF00-412C-90B7-034C51DA2439} /NvCpl DesktopContext Class/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /Play on my TV helper/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /Desktop Explorer/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /Desktop Explorer Menu/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /nView Desktop Context Menu/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1CE2AA40-1317-11D3-9922-00104B0AD431} /CA_AntiVirus/C:\WINDOWS\avshlext.dll = C:\WINDOWS\avshlext.dll @{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} /Pop-Up Stopper &Companion/C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll = C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll @{B327765E-D724-4347-8B16-78AE18552FC3} /NeroDigitalIconHandler/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll @{7F1CF152-04F8-453A-B34C-E609530A9DC8} /NeroDigitalPropSheetHandler/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll @{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /NeroCoverEd Live Icons/C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll = C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers\ >>> CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll @{0CF0B8EE-6596-11D5-A98E-0003470BB48E}C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll = C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar3.dll = c:\program files\google\googletoolbar3.dll @{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll @{FE063DB1-4EC0-403e-8DD8-394C54984B2C}C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL = C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\MAGENT~1.SCR HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://mystart.incredimail.com/english = mystart.incredimail.com/english @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\system32\itss.dll mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll 000000000002@PackedCatalogItem = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll 000000000003@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll 000000000004@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll 000000000005@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll 000000000011@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup = Cyber-shot Viewer Media Check Tool.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>> Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk ---- EOF - GMER 1.0.13 --- UFFFF,nadam se da je uradjeno sve kako treba,s tim st nismo uspeli obrisati AskTBar.

Profil

dr_Bora Poslao: 01 Avg 2007 11:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis i opet skeniraj, zatim štikliraj sledeće linije: O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL i klikni na Fix Checked ( prethodno zatvori ostale programe ). Restartuj kompjuter pa zatim pronađi sledeći folder i obriši ga: C:\Program Files\AskTBar ( <---AskTBar ) Sve ostalo je u redu i nakon što se odradi gore navedeno, možemo smatrati da je slučaj rešen.

Profil

cccc Poslao: 02 Avg 2007 20:48 Idi na vrh
offline cccc Novi MyCity građanin Pridružio: 30 Jul 2007 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Veeliiki pozdrav za dr Boru,ja se nadam da smo resili problem,pa se cujemo nekom drugom prilikom! Pozz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » win32/sinteri!generic

Ko je trenutno na forumu

Ukupno su 1239 korisnika na forumu :: 14 registrovanih, 1 sakriven i 1224 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: avijacija, Bane san, Bickoooo, dragoljub11987, kybonacci, lcc, Leonov, Majka, mercedesamg, Mercury, Metanoja, sombrero, Stija zmija, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by