Prijava na forum:
Ime:
Lozinka:
Prijavi me trajno:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:

ConQUIZtador
Trenutno vreme je: 08. Avg 2025, 10:59:06
nazadnapred
Korisnici koji su trenutno na forumu 0 članova i 0 gostiju pregledaju ovu temu.

 Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Idi dole
Stranice:
1 2 3 [Sve]
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Tema: MSN virus  (Pročitano 7068 puta)
16. Mar 2008, 21:59:21
Jet set burekdzija


Who hesitates masturbates

Zodijak Aquarius
Pol Muškarac
Poruke 5514
Zastava Srbija,Sabac
OS
Windows XP
Browser
Opera 9.26
mob
Nokia N85
imam problem
moj brat je cackao komp i bez razmisljanja prihvatio nesto od druga koji ima virus
i sad i ja imam virus koji sam salje nesto na engleskom svima koji su mi u friends listi
kako da ga obrisem,vec me nervira
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


"I always tell the truth. Even when I lie."

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
Skini neki od antivirus programa.
Imaš ovde urađen kompletan test svih AV programa.

Preporučujem ti www.avast.com
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Jet set burekdzija


Who hesitates masturbates

Zodijak Aquarius
Pol Muškarac
Poruke 5514
Zastava Srbija,Sabac
OS
Windows XP
Browser
Opera 9.26
mob
Nokia N85
e jbg,nisam toliko glup
skenirao sam sa 3 antivirusa (nod32,ad-aware i spyware terminator)
ali oni ga ne nalaze
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Prijatelj foruma
Poznata licnost

MC- argus

Zodijak
Pol Muškarac
Poruke 4467
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
HTC 
Skenirao si samo sa jednim a to je nod, znaci skini sta ti je reko covek pa skeniraj.
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


"I always tell the truth. Even when I lie."

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
Imaš verziju na srpskom, odmah registruj i skini najnoviju dopunu. Sve je besplatno.
Ako ti i sa tim ne pokaže ništa onda javi.
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Jet set burekdzija


Who hesitates masturbates

Zodijak Aquarius
Pol Muškarac
Poruke 5514
Zastava Srbija,Sabac
OS
Windows XP
Browser
Opera 9.26
mob
Nokia N85
sad cu da probam
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Moderator
Krajnje beznadezan


Ko zadnji, ćelava mu keva!

Zodijak Aries
Pol Muškarac
Poruke 13104
Zastava Batajnica
OS
Linux
Browser
Mozilla
mob
Samsung SGH-E630
Spybot  Smile

Prilikom pojavljivanja doticnih problema kao preliminarno resenje preporucujemo vam da skenirate vas racunar sa azuriranim Anti-Virus i Anti-Spyware programima. Posetite ovu temu za vise informacija, kao i ovu temu za spisak i test najboljih Anti-Virus programa.
Ukoliko se Vas problem i dalje pojavljuje, preporucujemo Vam da skenirate Vas racunar sa HiJackThis software-om koji je besplatan i mozete ga download-ovati na ovoj adresi, nakon cega zakacite ovde Vas tekstualni HiJackThis log.
IP sačuvana
social share
                                       
enaB <=> Bane, "Ena" nije moje ime                    f -1(Smile)= Smiley

Don't watch it, because we all know that a watched pot does not boil, and watched cake does not bake.
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


&quot;I always tell the truth. Even when I lie.&quot;

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
Meni se na samom logovanju pojavljuju u poslednje vreme neke greške.
Ne znam zašto.

Logfile of HijackThis v1.99.1
Scan saved at 22:51:58, on 16.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Totalcmd\TotalCmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hattrick Forever\HattrickForever.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Flash MX\Flash.exe
D:\Backup C\Desktop\Internet\Download\Programi\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ApexDC++] "C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


&quot;I always tell the truth. Even when I lie.&quot;

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
Šta je ovo?
To mi izbacuje na početku.
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Moderator
Krajnje beznadezan


Ko zadnji, ćelava mu keva!

Zodijak Aries
Pol Muškarac
Poruke 13104
Zastava Batajnica
OS
Linux
Browser
Mozilla
mob
Samsung SGH-E630
Obriši to
http://www.bleepingcomputer.com/startups/amvo.exe-21216.html

i za tebe važi
Prilikom pojavljivanja doticnih problema kao preliminarno resenje preporucujemo vam da skenirate vas racunar sa azuriranim Anti-Virus i Anti-Spyware programima. Posetite ovu temu za vise informacija, kao i ovu temu za spisak i test najboljih Anti-Virus programa.
Ukoliko se Vas problem i dalje pojavljuje, preporucujemo Vam da skenirate Vas racunar sa HiJackThis software-om koji je besplatan i mozete ga download-ovati na ovoj adresi, nakon cega zakacite ovde Vas tekstualni HiJackThis log.

...ali i ovo
Nemojte slati vise komentara za redom. Postoji dugme izmeni ako ste nesto zaboravili reci. Postovanjem vise odgovora zaredom tema se samo razvodnjava i smanjuje se preglednost. Za ostala pravila ponasanja pogledajte pravilnik Burek Foruma. Smiley
IP sačuvana
social share
                                       
enaB <=> Bane, "Ena" nije moje ime                    f -1(Smile)= Smiley

Don't watch it, because we all know that a watched pot does not boil, and watched cake does not bake.
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


Veni, vici,vidi

Zodijak Libra
Pol Muškarac
Poruke 3639
Zastava Sarajevo BIH
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.11;
mob
Nokia 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

trebas ova tri fiksirati i ponovo skeniraj ukoliko se ponovo pojavi skini Combo fix i pokreni trebo bi on izbrissati.Nedavno sam imao isti problem ali uspio sam skinuti imas temu (oko 5 ,6 strane)amvo.exe pa pogledaj
IP sačuvana
social share

sve ce to narod pozlatiti
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


&quot;I always tell the truth. Even when I lie.&quot;

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
amvo sam obrisao i iz system foldera i iz startupa i iz registry-ja.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - Ovaj sam sada obrisao.
A ovo treće gde mi pokreće Apache to nikako ne znam kako da ugasim.
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Moderator
Legenda foruma


Zodijak Taurus
Pol Muškarac
Poruke 31625
Zastava Beograd
OS
Windows XP
Browser
Opera 9.25
mob
Nokia 6120
Amvo bi trebalo da je dosta. To je to sto salje poruke svima. Wink
IP sačuvana
social share
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
Zakaci novi log.
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


&quot;I always tell the truth. Even when I lie.&quot;

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
Logfile of HijackThis v1.99.1
Scan saved at 16:35:37, on 17.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Totalcmd\TotalCmd.exe
D:\Backup C\Desktop\Internet\Download\Programi\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ApexDC++] "C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Majku mu evo ga opet.
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Moderator
Legenda foruma


Zodijak Taurus
Pol Muškarac
Poruke 31625
Zastava Beograd
OS
Windows XP
Browser
Opera 9.25
mob
Nokia 6120
Fixuj ga opet iz Safe Mode-a, pa pokreni normalno Windows, pa pokreni SDFix koji mozes skinuti odavde.
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
Okaci posle novi log. Wink
IP sačuvana
social share
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
Neces ga tako popraviti. Moras da brises iz registry-ja rucno ili da instaliras KIS koji ima definicije za ovaj trojan.

Preuzmi ComboFix odavde :    ComboFix

Kako instalirati ComboFix sa i bez Recovery Konzole : link
Potreban ti je samo prvi deo, dakle samo ga instaliraj i pokreni, recovery konzola nije sada prioritet, cisto da vidimo hoce li da ga ubije, a trebalo bi jer je skripta jako dobra.
Obrati paznju na upozorenja da nakon pokretanja ComboFix-a ne stiskas ni jedno dugme na tastaturi i ne pomeras misa, jer se desava da se proces jednostavno zamrzne.

Nakon toga udji u safe mode, pokreni Spybot S&D, pusti da skenira i brisi sta god da nadje.
Ako je i dalje tu, daj novi log od HJT-a i postavi mi log od ComboFix-a takodje (pitace te da sacuvas log negde u toku rada sa njim, ili ce sam da stavi txt log negde na sistemsku particiju, to je u zavisnosti od verzije pa ne znam tacno).
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


&quot;I always tell the truth. Even when I lie.&quot;

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
OK. Sad ću pokušati.
SD fix mi nije pomogao.

EDIT: Evo ga log.

ComboFix 08-03-14.4 - Alen 2008-03-17 17:22:28.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.983 [GMT 1:00]
Running from: D:\Internet\Download\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-02-17 to 2008-03-17  )))))))))))))))))))))))))))))))
.

2008-03-17 17:01 . 2008-03-17 17:02   <DIR>   d--------   C:\SDFix
2008-03-17 01:58 . 2008-03-17 01:58   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\Corel
2008-03-17 01:52 . 2008-03-17 01:52   <DIR>   d--------   C:\Program Files\Corel
2008-03-17 01:52 . 2008-03-17 01:52   <DIR>   d--------   C:\Program Files\Common Files\Corel
2008-03-17 01:34 . 2008-03-17 01:34   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-03-17 01:31 . 2008-03-17 01:24   691,545   --a------   C:\WINDOWS\unins000.exe
2008-03-17 01:31 . 2008-03-17 01:31   2,549   --a------   C:\WINDOWS\unins000.dat
2008-03-17 01:20 . 2008-03-17 02:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-17 00:14 . 2008-03-17 00:14   <DIR>   d--------   C:\WINDOWS\Sun
2008-03-16 21:27 . 2008-03-16 21:27   <DIR>   d--------   C:\Program Files\Hattrick Forever
2008-03-15 14:21 . 2008-03-15 14:21   <DIR>   d--------   C:\Program Files\Real
2008-03-15 14:21 . 2008-03-15 14:21   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-03-15 14:21 . 2008-03-15 14:21   <DIR>   d--------   C:\Program Files\Common Files\Real
2008-03-15 08:58 . 2008-03-15 08:58   101,166   -r-hs----   C:\cfdflx.com
2008-03-14 15:46 . 2008-03-14 15:46   159,241   --a------   C:\kugla1.jpg
2008-03-14 13:03 . 2008-03-14 13:03   <DIR>   d--------   C:\Program Files\Recnik jezickih nedoumica
2008-03-14 01:02 . 2008-03-14 03:06   <DIR>   d--------   C:\Program Files\Italijanski 3
2008-03-14 01:01 . 2008-03-14 01:01   <DIR>   d--------   C:\Program Files\Italijanski 2
2008-03-14 01:01 . 2008-03-14 01:01   <DIR>   d--------   C:\Documents and Settings\Alen\WINDOWS
2008-03-14 01:01 . 1996-01-31 07:09   1,593,681   --a------   C:\Program Files\ITXSTRA2.EXE
2008-03-14 01:00 . 2008-03-14 01:03   <DIR>   d--------   C:\Program Files\Italijanski
2008-03-14 00:59 . 2008-03-14 01:01   141   --a------   C:\WINDOWS\asym.ini
2008-03-13 21:35 . 2008-03-13 21:35   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-03-13 21:20 . 2008-03-13 22:16   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\AdobeUM
2008-03-13 20:09 . 2008-03-13 20:09   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-13 20:07 . 2008-03-13 20:10   <DIR>   d--------   C:\Program Files\Common Files\Autodesk Shared
2008-03-13 20:07 . 2008-03-13 20:10   <DIR>   d--------   C:\Program Files\Autodesk
2008-03-13 20:03 . 2005-05-26 15:34   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2008-03-13 01:37 . 2008-03-13 01:37   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-13 01:36 . 2008-03-13 01:36   <DIR>   d--------   C:\Program Files\TechSmith
2008-03-13 01:36 . 2008-03-13 01:36   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 12:26 . 2008-03-12 12:26   <DIR>   d--------   C:\Program Files\uTorrent
2008-03-12 12:26 . 2008-03-17 04:12   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\uTorrent
2008-03-11 14:31 . 2008-03-11 14:31   <DIR>   d--------   C:\Program Files\Windows Live Toolbar
2008-03-11 14:31 . 2008-03-11 14:31   <DIR>   d--------   C:\Program Files\Windows Live Favorites
2008-03-11 14:29 . 2008-03-11 14:29   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-03-11 14:29 . 2008-03-11 14:29   <DIR>   d--------   C:\Documents and Settings\Alen\Contacts
2008-03-11 14:28 . 2008-03-11 14:29   163   --a------   C:\forum.php
2008-03-11 14:15 . 2008-03-11 14:28   <DIR>   d--------   C:\Program Files\Windows Live
2008-03-11 14:15 . 2008-03-11 14:28   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-11 14:15 . 2008-03-11 14:15   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-11 13:32 . 2008-03-17 04:08   <DIR>   d--------   C:\Program Files\Opera
2008-03-11 13:20 . 2007-04-18 17:12   2,854,400   --a--c---   C:\WINDOWS\system32\dllcache\msi.dll
2008-03-11 13:20 . 2005-05-04 14:45   271,360   --a--c---   C:\WINDOWS\system32\dllcache\msihnd.dll
2008-03-11 13:20 . 2005-05-04 14:45   78,848   --a--c---   C:\WINDOWS\system32\dllcache\msiexec.exe
2008-03-11 00:41 . 2008-03-11 00:41   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\Lavasoft
2008-03-11 00:40 . 2008-03-11 00:40   <DIR>   d--------   C:\Program Files\DAEMON Tools
2008-03-11 00:40 . 2008-03-11 00:40   223,128   --a------   C:\WINDOWS\system32\drivers\dtscsi.sys
2008-03-11 00:39 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-03-11 00:39 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-03-11 00:39 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-03-11 00:30 . 2008-03-11 00:30   642,560   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-03-11 00:30 . 2008-03-11 00:30   96,256   --a------   C:\WINDOWS\system32\drivers\sptd8429.sys
2008-03-11 00:12 . 2008-03-11 00:12   <DIR>   d--------   C:\Program Files\UltraISO
2008-03-11 00:12 . 2008-03-11 00:12   <DIR>   d--------   C:\Program Files\Common Files\EZB Systems
2008-03-11 00:04 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-03-10 18:47 . 2008-03-17 04:08   <DIR>   d--------   C:\Program Files\Common Files\Macromedia
2008-03-10 17:36 . 2007-12-07 03:21   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-10 17:36 . 2007-07-01 04:31   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-10 17:36 . 2007-07-01 04:36   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-10 17:36 . 2007-12-07 03:21   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-10 17:36 . 2007-12-07 03:21   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-10 17:36 . 2007-12-07 03:21   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-10 17:36 . 2007-12-07 03:21   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-10 17:36 . 2007-12-07 03:21   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-10 17:36 . 2007-12-06 12:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-10 17:00 . 2008-03-10 17:00   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\ACD Systems
2008-03-10 16:58 . 2008-03-17 04:01   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-03-10 16:58 . 2008-03-10 16:58   <DIR>   d--------   C:\Program Files\Common Files\ACD Systems
2008-03-10 16:58 . 2008-03-10 16:58   <DIR>   d--------   C:\Program Files\ACD Systems
2008-03-10 16:58 . 2008-03-10 16:58   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-10 16:03 . 2008-03-16 20:53   <DIR>   d--------   C:\Program Files\Winamp
2008-03-10 16:03 . 2008-03-10 21:38   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\Winamp
2008-03-10 15:48 . 2008-03-10 15:48   <DIR>   d--------   C:\Program Files\Webteh
2008-03-10 15:48 . 2008-03-10 15:48   <DIR>   d--------   C:\Program Files\Ligos
2008-03-10 15:48 . 2000-06-23 14:05   136,704   ---------   C:\WINDOWS\system32\iacenc.dll
2008-03-10 15:48 . 2000-06-22 13:09   56,320   ---------   C:\WINDOWS\system32\iyvu9_32.dll
2008-03-10 15:47 . 2008-03-10 15:47   <DIR>   d--------   C:\Program Files\XviD
2008-03-10 15:47 . 2008-03-10 15:47   <DIR>   d--------   C:\Program Files\Mv2Player
2008-03-10 15:46 . 2008-03-10 15:46   <DIR>   d--------   C:\Program Files\ffdshow
2008-03-10 15:46 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-03-10 15:45 . 2008-03-17 04:08   <DIR>   d--------   C:\WINDOWS\system32\QuickTime
2008-03-10 15:45 . 2008-03-10 15:45   <DIR>   d--------   C:\Program Files\DivX
2008-03-10 15:45 . 2008-03-10 15:45   <DIR>   d--------   C:\Program Files\AC3Filter
2008-03-10 15:45 . 2008-03-10 15:45   <DIR>   d--------   C:\Program Files\3ivx
2008-03-10 15:45 . 2004-05-25 16:06   417,792   --a------   C:\WINDOWS\system32\ac3filter.cpl
2008-03-10 15:45 . 1999-12-17 11:13   86,016   --a------   C:\WINDOWS\unvise32.exe
2008-03-10 15:43 . 2002-12-31 13:00   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-03-10 15:39 . 2008-03-11 00:04   <DIR>   d--------   C:\Program Files\Java
2008-03-10 15:34 . 2008-03-10 15:34   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-03-10 15:33 . 2008-03-10 15:33   <DIR>   d--------   C:\Program Files\Totalcmd
2008-03-10 15:32 . 2008-03-17 04:08   <DIR>   d--------   C:\Program Files\Macromedia
2008-03-10 15:26 . 2008-03-10 15:26   0   --a------   C:\WINDOWS\[INI]
2008-03-10 15:25 . 2008-03-10 15:26   <DIR>   d--------   C:\WINDOWS\uninstall
2008-03-10 15:25 . 2008-03-10 15:26   <DIR>   d--------   C:\Program Files\StartupStar
2008-03-10 14:41 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-03-10 14:39 . 2008-03-10 14:39   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-03-10 14:38 . 2008-03-10 14:38   <DIR>   d--------   C:\Program Files\MSBuild
2008-03-10 14:35 . 2008-03-10 14:35   <DIR>   d--------   C:\Program Files\ApexDC++_Gusari_XY6
2008-03-10 14:34 . 2008-03-10 14:37   <DIR>   d--------   C:\WINDOWS\SHELLNEW

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 03:08   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-17 00:52   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-10 12:18   ---------   d-----w   C:\Program Files\Alwil Software
2008-03-10 12:17   103,516   --sh--r   C:\b.com
2008-03-10 12:14   ---------   d-----w   C:\Program Files\ASUS
2008-03-10 12:14   ---------   d-----w   C:\Documents and Settings\Alen\Application Data\U3
2008-03-10 12:11   ---------   d-----w   C:\Program Files\AMD
2008-03-10 12:10   ---------   d-----w   C:\Program Files\Analog Devices
2008-03-10 12:08   ---------   d-----w   C:\Program Files\NVIDIA Corporation
2008-03-10 11:52   ---------   d-----w   C:\Program Files\microsoft frontpage
1996-02-01 01:23   1,180,026   ----a-w   C:\Program Files\GRAMMAR.TBK
1996-01-31 07:27   1,381,140   ----a-w   C:\Program Files\SYSTEM.TBK
1995-11-19 18:11   1,991,048   ----a-w   C:\Program Files\SIGLA.FLC
1995-10-28 13:10   238,136   ----a-w   C:\Program Files\SIGLA.WAV
1995-09-27 09:31   1,501,194   ----a-w   C:\Program Files\PRONU5.WAV
1995-09-27 09:27   64,966   ----a-w   C:\Program Files\PRONU6.WAV
1995-09-27 09:23   230,682   ----a-w   C:\Program Files\PRONU3.WAV
1995-09-27 09:21   736,912   ----a-w   C:\Program Files\PRONU4.WAV
1995-06-27 09:47   998,718   ----a-w   C:\Program Files\PRONU.WAV
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"ApexDC++"="C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe" [2008-03-09 16:39 3109888]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 14:21 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2005-12-22 08:00:00 5513216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4575a3f6-ef66-11dc-99f6-001bfcdfa3ac}]
\Shell\AutoRun\command - J:\v.cmd
\Shell\explore\Command - J:\v.cmd
\Shell\open\Command - J:\v.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a158226-ee9b-11dc-99f0-000a941310a5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a158227-ee9b-11dc-99f0-000a941310a5}]
\Shell\AutoRun\command - G:\3o.exe
\Shell\explore\Command - G:\3o.exe
\Shell\open\Command - G:\3o.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 15:37:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 17:23:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 17:23:36
ComboFix-quarantined-files.txt  2008-03-17 16:23:35
.
2008-03-14 02:38:40   --- E O F --- 
« Poslednja izmena: 17. Mar 2008, 17:26:34 od AlenNS »
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
I novi HJT log
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Udaljen sa foruma
Jet set burekdzija


&quot;I always tell the truth. Even when I lie.&quot;

Zodijak Cancer
Pol Muškarac
Poruke 5530
Zastava Novi Sad - Bar
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
mob
Samsung D900
Evo ga. U Safe modu mi je S&D našao 49 čuda. Smiley

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:00:17, on 17.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Alen\LOCALS~1\Temp\HIJACK.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ApexDC++] "C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8429 bytes
IP sačuvana
social share
Edit by latifovich: Potpis uklonjen zbog duzine!
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.12
Iz safe moda ga nema?  Smile

Idi rucno iz safe moda i nadji ga u C:\WINDOWS\system32\amvo.exe ako je tu obrisi ga (shift+delete), ako ga nema ok.

Znaci dok si u safe modu, pokreni HJT i fixuj sledece:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

(ovo smo ocistili sve nepotrebne stavke, cisto iz predostroznosti, jer realan problem se ne vidi - za sada)
Kad fixujes zatvori HJT i ostani u safe modu.
Sad otvori registry iz safe moda start/run/regedit
navedi do sledeceg kljuca:

HKEY_CURRENT_USER\software\microsoft\windows\ currentversion\explorer\mountpoints2
Ako postoji - obrisi ga, dakle desni klik na njega u levom panelu i delete.

Dalje, radis u registry bazi, svi naredni kljucevi ne moraju da postoje, tj mozda ih je Spybot izmenio nakon restarta, ako ne postoje preskoci do sledeceg, ako postoje, uradi kao sto je savetovano:

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
Sa desne strane bi trebalo da je unos:
avpa = "C:\Windows\System32\avpo.exe"
Obrisi taj unos (desni klik na taj unos u listi i delete).

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advanced
U desnom panelu bi trebalo da je unos:
 Hidden = "2"
Desni klik na value name i izaberi Modify. Promeni value data ovom unosu u 0  (nula)

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advanced
U desnom panelu trebalo bi da postoji ovaj unos:
 ShowSuperHidden = "0"
Desni klik na value name i izaberi Modify. Promeni value data ovom unosu u 1 

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Advanced>Folder> Hidden>SHOWALL
U desnom panelu trebalo bi da postoji ovaj unos:
 CheckedValue = "0"
Desni klik na value name i izaberi Modify. Promeni value data ovom unosu u 1 

Zatvori registry, i dalje si u safe modu.
Idi na start /search

trazi u svim fajlovima i folderima i omoguci i hidden files and folders
dakle trazis AUTORUN.INF
kada ti izbaci listu fajlova otvori svaki autorun.inf i pregledaj unose i ako postoje sledeci unosi obrisi taj fajl: (ali samo ako postoje sledeci unosi, ako ih nema predji na drugi fajl ):

[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=utdetect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=utdetect.com

Bez obzira da li si brisao ili nisi autorun.inf (u zavisnosti da li je postojao ovaj unos) sad pokreni registry cleaner. Kad zavrsis sa ciscenjem registry baze izadji iz safe moda.
Kad se digne win normalno, idi na start/ run/kucaj  msconfig
Kartica startup

Odstikliraj sve aplikacije koje ne zelis da ti se dizu sa sistemom.
Restart
Digni masinu normalno (ne iz safe moda) i daj mi novi HJT log.
« Poslednja izmena: 17. Mar 2008, 18:31:06 od MunkaZe »
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Idi gore
Stranice:
1 2 3 [Sve]
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Trenutno vreme je: 08. Avg 2025, 10:59:06
nazadnapred
Prebaci se na:  

Poslednji odgovor u temi napisan je pre više od 6 meseci.  

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

web design

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Nova godina Beograd :: nova godina restorani :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Sudski tumač Novi Beograd

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.

Copyright © 2002- "Burek.com", all rights reserved. Performance: 0.107 sec za 13 q. Powered by: SMF. © 2005, Simple Machines LLC.