Forum.hr

Natrag   Forum.hr > Informatička tehnologija > IT Help service > Security
Korisničko ime
Lozinka

Security Antivirusi, firewalli, patchevi, service packovi, updatei, ... Sve o sigurnosti vašeg računala.

Odgovor
 
Tematski alati Opcije prikaza
Old 07.12.2008., 10:53   #1
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Spyware Doubleclick - Kako ga se rijesiti?

Prije par dana sam pokupila spyware "doubleclick". Spybot mi ga je nasao i izbrisao ali i dalje moram kliknut na ikonicu 4 puta umjesto 2 puta kako bi ga otvorila.

Evo rezultata scana Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:51, on 7.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\SweetIM\Messenger\SweetIM.exe
E:\Program Files\Softwin\BitDefender10\bdagent.exe
E:\Program Files\Softwin\BitDefender10\bdmcon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Flatbed\ScanPanel\ScnPanel.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F20B0E6-E32D-470D-9885-B1C230E2BE07} - (no file)
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CD912E69-1B5E-4B6D-B5C1-D34B5164F87B} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {F210CD5D-7DCA-4B8E-AEA0-B6986FBE77CE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [BDMCon] "E:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\RunOnce: [SpybotDeletingC5830] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] ~"E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB8914] command /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1342] cmd /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5278] command /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.e xe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2] cmd /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.e xe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2162] cmd /c del "E:\WINDOWS\system32\printer.exe"
dobardan is offline  
Odgovori s citatom
Old 07.12.2008., 10:55   #2
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = E:\Flatbed\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1204903183468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtrSJCt - E:\WINDOWS\
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12429 bytes


Ako netko zna kako se rijesiti spyware, molim da mi javi!
dobardan is offline  
Odgovori s citatom
Old 07.12.2008., 11:11   #3
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
imaš pandu,eset i bitdefender...deinstaliraj pandu i eset

ovo fixaj hijekom
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F20B0E6-E32D-470D-9885-B1C230E2BE07} - (no file)
O2 - BHO: (no name) - {CD912E69-1B5E-4B6D-B5C1-D34B5164F87B} - (no file)
O2 - BHO: (no name) - {F210CD5D-7DCA-4B8E-AEA0-B6986FBE77CE} - (no file)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
isključi sistem restore
u safe modu obriši ručno ovo
O20 - Winlogon Notify: awtrSJCt - E:\WINDOWS\
skenaj sa spaybotom u safe modu....idi u normalni mod i opet hijek log napravi
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 07.12.2008., 11:51   #4
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Quote:
mvanb kaže: Pogledaj post
imaš pandu,eset i bitdefender...deinstaliraj pandu i eset

ovo fixaj hijekom
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F20B0E6-E32D-470D-9885-B1C230E2BE07} - (no file)
O2 - BHO: (no name) - {CD912E69-1B5E-4B6D-B5C1-D34B5164F87B} - (no file)
O2 - BHO: (no name) - {F210CD5D-7DCA-4B8E-AEA0-B6986FBE77CE} - (no file)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
isključi sistem restore
u safe modu obriši ručno ovo
O20 - Winlogon Notify: awtrSJCt - E:\WINDOWS\
skenaj sa spaybotom u safe modu....idi u normalni mod i opet hijek log napravi
Ne mogu nac taj file 20 - Winlogon Notify: awtrSJCt - E:\WINDOWS\ sa "search"
dobardan is offline  
Odgovori s citatom
Sponsored links
Advertisement
 
Advertisement
Old 07.12.2008., 12:11   #5
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
napravi reda prvo na kompu.
deinstaliraj uredno sve antivirus programe i spajbot..superspajvere.
instaliraj kav http://www.kaspersky.com/de/product_...link=201519188
prilikom instalacije trijal key odaberi i da se updejta
poslje instalacije mu u opcijama sve popali da skena i duboko.
prvo skenaj normalno pa u safe modu..briši sve šta nađe
napravi onda hijek log i postaj opet
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 08.12.2008., 09:16   #6
Moby Master
Jedna pička
 
Moby Master Avatar
 
Registracija: Apr 2008.
Lokacija: Behind you
Postova: 2,593
Ajde što ne skineš Malwarebyte's!
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 08.12.2008., 21:12   #7
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Evo rezultata Hijackthis nakon scana, s tim da i dalje moram kliknut 4 puta na ikonicama.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:12, on 8.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\Program Files\SweetIM\Messenger\SweetIM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\Flatbed\ScanPanel\ScnPanel.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] ~"E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = E:\Flatbed\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1204903183468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,E:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9505 bytes
dobardan is offline  
Odgovori s citatom
Old 08.12.2008., 21:49   #8
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
kako znaš da je spyware "doubleclick"?
"doubleclick" ima samo sa ie browserom veze i sa Cookies a ne sa ikonama na desktopu..
fixaj ovo..deinstaliraj sve toolbare
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 08.12.2008., 22:01   #9
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Evo jesam, što da sad radim?
dobardan is offline  
Odgovori s citatom
Old 08.12.2008., 22:09   #10
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
jel ti kasperski šta našo i briso?
jel surfaš sa ie?ako da..probaj surfat sa ff ili operom pa vidi jel isti problem tu.
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 08.12.2008., 22:11   #11
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Quote:
mvanb kaže: Pogledaj post
jel ti kasperski šta našo i briso?
jel surfaš sa ie?ako da..probaj surfat sa ff ili operom pa vidi jel isti problem tu.
Nasao je Kasperski nesto i brisao.

Surfam inace sa FF.
dobardan is offline  
Odgovori s citatom
Old 08.12.2008., 22:19   #12
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Quote:
Moby Master kaže: Pogledaj post
Ajde što ne skineš Malwarebyte's!
Probat cu s tim onda!
dobardan is offline  
Odgovori s citatom
Old 08.12.2008., 22:21   #13
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
idi na start-run-utipkaj regedit pa ok

vidi jel ove ključeve u registriju imaš
SOFTWARE\Microsoft\Windows\CurrentVersion\Backup\( doubleclick.com)\
SOFTWARE\Microsoft\Windows\CurrentVersion\Backup\( doubleclick.net)
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(dou bleclick.net)
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(dou bleclick.net)\
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\(doubleclick.com)
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\(doubleclick.net)
SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Pref ixes(doubleclick.net)\
SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Pref ixes\(doubleclick.com)\
SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Pref ixes\(doubleclick.net)
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 08.12.2008., 22:22   #14
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
Quote:
dobardan kaže: Pogledaj post
Probat cu s tim onda!
probaj..i sejvaj log ako šta nađe..da vidimo šta je našo
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 09.12.2008., 19:00   #15
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Maknula Kas, instalirala Nod32 al i dalje moram 4 puta na ikonicu kliknuti.

Evo novog loga od Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:01, on 9.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\SweetIM\Messenger\SweetIM.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\Flatbed\ScanPanel\ScnPanel.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] ~"E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = E:\Flatbed\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1204903183468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
dobardan is offline  
Odgovori s citatom
Old 09.12.2008., 20:11   #16
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
isti log ko i onaj gore..ništa nisi fixala,deinstalirala,brisala...nod stavila.jel nod šta našo?
jesi sa ovim šta našla? http://www.malwarebytes.org/
start up skrinšot daj..programi koji se sa kompom startaju
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 09.12.2008., 21:49   #17
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Instalirala sam Malwarebytes, izbrisao mi sljedece fileove:

HKEY_CLASSES_ROOT\windowsupdate.windowsupdate (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\windowsupdate.windowsupdate.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e6201fa-02dd-4a0b-8699-1328e0602314} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df16c60e-f85b-4459-86ae-4977656339ec} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b5ac49a2-94f2-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b5af0562-94f3-42bd-f434-2604812c797d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b3b010a1-a877-4cd7-bab5-9ee8f9965e20} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\UninstallSXS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ssnipe (Rogue.SpySnipe) -> Quarantined and deleted successfully.

E:\Documents and Settings\Darko i\My Documents\Downloads\ACDSee Photo Manager v10.0\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\Documents and Settings\Darko i\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Schedule\ImagePath (Hijack.Service) -> Bad: (E:\WINDOWS\system32\drivers\spools.exe) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
dobardan is offline  
Odgovori s citatom
Old 09.12.2008., 22:03   #18
mvanb
Banned
 
mvanb Avatar
 
Registracija: Nov 2006.
Postova: 1,319
jel pomoglo šta?
__________________
today is a good day to die
mvanb is offline  
Odgovori s citatom
Old 09.12.2008., 23:04   #19
Moby Master
Jedna pička
 
Moby Master Avatar
 
Registracija: Apr 2008.
Lokacija: Behind you
Postova: 2,593
Trebalo bi!
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 10.12.2008., 22:39   #20
dobardan
sad će to, samo što nije
 
dobardan Avatar
 
Registracija: Sep 2003.
Lokacija: kt
Postova: 2,218
Nije, uvijek ista stvar!
dobardan is offline  
Odgovori s citatom
Sponsored links
Advertisement
 
Advertisement
Odgovor


Tematski alati
Opcije prikaza

Pravila postanja
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smajlići su On
[IMG] kôd je On
HTML kôd je Off





Sva vremena su GMT +1. Trenutno vrijeme je: 17:31.



Powered by vBulletin Version 3.8.4 (hrvatski)
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Site content ©1999-2009 Forum.hr
Ad Management by RedTyger