zilekg
Početnik
- Poruka
- 45
Potrebna mi je pomoc oko ovog virusa,kako da ga ocistim,sto je najgore mislim da je u bot-u ili ram memoriji.Pokusao sam sa gpmilom programa,formatirao C particiju i opet nista uvek je tu
Pomoc oko spoolsv.exe
- Začetnik teme zilekg
- Datum pokretanja
diabl0
Zainteresovan član
- Poruka
- 180
zilekg
Početnik
- Poruka
- 45
zilekg
Početnik
- Poruka
- 45
Takodje dize mi procese skoro na 100 %
cvrlebg
Aktivan član
- Poruka
- 1.529
aj skeniraj sistem sa malwarebytes-om i spybot-om
zilekg
Početnik
- Poruka
- 45
Sve sam probao ostaje mi samo "nulovanje"
niceboy
Elita
- Poruka
- 20.047
Nije virus sigurno.Ako nemas printer,idi u servise,stopiraj ovaj servis i izaberi disable,restartuj komp i vise se nece ukljucivati..
zilekg
Početnik
- Poruka
- 45
To sam uradio odavno ali mi i dalje drzi neke fajlove spremne za print,ne otkazuje ih cak ni posle formatiranja
niceboy
Elita
- Poruka
- 20.047
Ne kapiram,kakve fajlove drzi spremne za print,sta je konkretno problem?Ako ga ugasis u servisima i disable-ujes nema sanse da se ponovo startuje.Jel imas neki av,jesi li skenirao komp?Ako hoces okaci HJT log da pogledamo ako ima neki malware.
zilekg
Početnik
- Poruka
- 45
Konkretno kako se manifestuje problem ako uopste mogu da objasnim.Sve je pocelo tako sto sam neke fotografije obradjivao u CS3 (skidao sam vise verzija PhotoShopa i pokusavao i sa drugim programima isto se desava).Kada obradjenu fotografiju zapamtim u istom folderu gde sam je otvorio sve je ok,mogu da je otvorim,mogu da uradim rename itd,medjutim kada fotografiju izvedem iz tog foldera (cut ili copy) i iskopiram bilo gde na istoj particiji desava se problem.Problem je sto sa tom fotografijom ne mogu da uradim nista,niti da je obrisem,niti da je kopiram,bas nista,cak kad je otvorim na preview nema nicega,kao da nema fajla a ocitava velicinu,npr 3MB.Pokusavao sam i sa raznim programima za pregledanje fotografija i uvek isto,tj nista.A svaki put kad pokusam da uradim nesto sa fotografijom javlja mi sledece : Cannot delete....jpg, Access is denied..
Nisam laik za racunare ali sve sto sam znao ja sam pokusao,citavu paletu antivir,antimalware i sl programa sam zadnjih 3 dana koristio,formatirao sam C particiju i opet nista
cvrlebg
Aktivan član
- Poruka
- 1.529
a jesi skenirao i te druge particije?
niceboy
Elita
- Poruka
- 20.047
Cekaj..isao si start-run-services.msc,tamo pronasao spoolsv.exe stopirao ga i disableovao i ponovo se startuje??Ako ne moze to idi u group policy i tamo nadji pod user conf pa admin templates pa sistem "don't run specified win app" i tu dodaj spoolsv.exe.
zilekg
Početnik
- Poruka
- 45
vise puta,sumnjam na neki virus u boot-u i mislim da on pravi probleme,samo njih je tesko naci i ocistiti
zilekg
Početnik
- Poruka
- 45
Evo izvestaja posle skena sa A Squared
a-squared Free - Version 4.5
Last update: 27.11.2009 21:21:11
Scan settings:
Scan type: quick
Objects: Memory, Traces, Cookies
Scan archives: On
Heuristics: Off
ADS Scan: On
Proveravanje je započelo: 27.11.2009 21:21:19
c:\program files\enigma software group otkriveno: Trace.Directory.SpyHunter!A2
c:\program files\enigma software group\spyhunter\hosts.bak otkriveno: Trace.File.SpyHunter!A2
c:\program files\enigma software group\spyhunter\scan.log otkriveno: Trace.File.SpyHunter!A2
c:\program files\enigma software group\spyhunter\spyhunter.log otkriveno: Trace.File.SpyHunter!A2
c:\program files\enigma software group\spyhunter\support.log otkriveno: Trace.File.SpyHunter!A2
c:\program files\registry victor\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\utilities\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\settings.ini otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\desktop.ini otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\msn.com.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\radio station guide.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\free hotmail.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\windows.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\windows marketplace.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\windows media.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\customize links.url otkriveno: Trace.File.RegistryVictor!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259013954640000 otkriveno: Trace.TrackingCookie.www6.addfreestats.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259014872640000 otkriveno: Trace.TrackingCookie.ad.httpool.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259097983765000 otkriveno: Trace.TrackingCookie.www.hey.lt!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167871890000 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167874843003 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167874843006 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167874843007 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167883890000 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167883890002 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167883890003 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167884125001 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167884125002 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259185413859000 otkriveno: Trace.TrackingCookie.www.hey.lt!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259224772921000 otkriveno: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230547562000 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230547562002 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230859625000 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230859625003 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687000 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687001 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687002 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687003 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687004 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257170406001 otkriveno: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257179718001 otkriveno: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257179718002 otkriveno: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257977390000 otkriveno: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259258017859001 otkriveno: Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259311246593001 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259311246875004 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259320334453001 otkriveno: Trace.TrackingCookie.adbrite.com!A2
Provereno
Datoteka: 445
Tragova: 607328
Kolačića: 1775
Procesa: 31
Pronađeno
Datoteka: 0
Tragova: 18
Kolačića: 34
Procesa: 0
Registarskih ključeva: 0
Proveravanje je završilo: 27.11.2009 21:22:51
Vreme proveravanja: 0:01:32
a-squared Free - Version 4.5
Last update: 27.11.2009 21:21:11
Scan settings:
Scan type: quick
Objects: Memory, Traces, Cookies
Scan archives: On
Heuristics: Off
ADS Scan: On
Proveravanje je započelo: 27.11.2009 21:21:19
c:\program files\enigma software group otkriveno: Trace.Directory.SpyHunter!A2
c:\program files\enigma software group\spyhunter\hosts.bak otkriveno: Trace.File.SpyHunter!A2
c:\program files\enigma software group\spyhunter\scan.log otkriveno: Trace.File.SpyHunter!A2
c:\program files\enigma software group\spyhunter\spyhunter.log otkriveno: Trace.File.SpyHunter!A2
c:\program files\enigma software group\spyhunter\support.log otkriveno: Trace.File.SpyHunter!A2
c:\program files\registry victor\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\utilities\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\ otkriveno: Trace.Directory.RegistryVictor!A2
c:\program files\registry victor\settings.ini otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\desktop.ini otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\msn.com.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\radio station guide.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\free hotmail.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\windows.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\windows marketplace.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\windows media.url otkriveno: Trace.File.RegistryVictor!A2
c:\program files\registry victor\utilities\favorites\links\customize links.url otkriveno: Trace.File.RegistryVictor!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259013954640000 otkriveno: Trace.TrackingCookie.www6.addfreestats.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259014872640000 otkriveno: Trace.TrackingCookie.ad.httpool.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259097983765000 otkriveno: Trace.TrackingCookie.www.hey.lt!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167871890000 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167874843003 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167874843006 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167874843007 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167883890000 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167883890002 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167883890003 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167884125001 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259167884125002 otkriveno: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259185413859000 otkriveno: Trace.TrackingCookie.www.hey.lt!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259224772921000 otkriveno: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230547562000 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230547562002 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230859625000 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259230859625003 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687000 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687001 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687002 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687003 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259231140687004 otkriveno: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257170406001 otkriveno: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257179718001 otkriveno: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257179718002 otkriveno: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259257977390000 otkriveno: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259258017859001 otkriveno: Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259311246593001 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259311246875004 otkriveno: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ut3b4zww.default\cookies.sqlite:1259320334453001 otkriveno: Trace.TrackingCookie.adbrite.com!A2
Provereno
Datoteka: 445
Tragova: 607328
Kolačića: 1775
Procesa: 31
Pronađeno
Datoteka: 0
Tragova: 18
Kolačića: 34
Procesa: 0
Registarskih ključeva: 0
Proveravanje je završilo: 27.11.2009 21:22:51
Vreme proveravanja: 0:01:32
niceboy
Elita
- Poruka
- 20.047
Jesi li probao sto sam ti napisao u prethodnoj poruci? I ko ti je trazio izvestaj A Squared-a? Trebalo je da okacis HJT izvestaj...
zilekg
Početnik
- Poruka
- 45
evo i tog izvestaja
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:50, on 27.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:50, on 27.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
niceboy
Elita
- Poruka
- 20.047
Log je cist.Jesi li skenirao sa Malwarebytes' Anti-Malware?Jesi li probao ono sto sam ti napisao iznad?Jesi li gledao podesavanja CS-a?
zilekg
Početnik
- Poruka
- 45
Jesam,skenirao sam i sa Malwarebytes,disable-ovao sam ga i nema ga u procesima ali i dalje nista ne mogu da uradim sa pomenutim fotografijama,cim ih izvezem iz osnovnog foldera automatski ih okupira neki proces i ne mogu nista da uradim sa njima.Probao sa i druge programe pored CS-a isto se desava,cak sam i deinstalirao CS.Necu vise da se mucim,uradicu mu low level format
