Please help-računalu stvarno spor, virus?

neno85 · #1 26 ožujak 2008, 15:42

HELLO - moj računalo od posljednjih nekoliko dana pokrenut je stvarno spor, sam pokrenuti Spybot, nađu gomila stvari i navodno je dobio osloboditi od njega - ali zatim moj računalo je još uvijek sporo .. Please help ... ovdje je moj HJT log datoteka ...

neno85 · #2 26 ožujak 2008, 15:43

Logfile of HijackThis v1.99.1
Scan spremljena u 6:47:29 Na 3/26/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ System32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PRISMSVC.EXE
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ PRISMSVR.EXE
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI9 FA.EXE
C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Adobe \ Adobe Photoshop Lightroom 1,2 \ apdproxy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ BitTorrent \ bittorrent.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Dell Wireless \ PRISMCFG.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Documents and Settings \ Neven \ Desktop \ sniper.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.finderg.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ System32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / installquiet / keeploaded / nodetect
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [gramofonska igla Foto EPSON R320 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI9 FA.EXE / P30 "EPSON gramofonska igla Foto R320 Series" / O6 "USB002" / M "gramofonska igla Foto R320"
O4 - HKLM \ .. \ Run: [ProfileWatcher] C: \ Program Files \ ProfileWatcher \ profilewatcher.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Adobe Photoshop Lightroom 1,2 \ apdproxy.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe-tišina
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent] "C: \ Program Files \ BitTorrent \ bittorrent.exe" - force_start_minimized
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C: \ Program Files \ LimeWire \ LimeWire.exe
O4 - Startup: Stardock ObjectDock.lnk = C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Bežični WLAN USB 2.0 Card Utility.lnk =?
O8 - Extra kontekst meni stavka: & Search -? P = ZK
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Program Files \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (200B3EE9-7242-4EFD-B1E4-D97EE825BA53) (VerifyGMN Class) -- http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) --
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1162589752500
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1162829153500
O16 - DPF: (AB86CE53-AC9F-449F-9399-D8ABCA09EC09) (Get_ActiveX Control) -- https: / / h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: (D18F962A-3722-4B59-B08D-28BB9EB2281E) (PhotosCtrl Class) -- http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Obavijesti: PRISMAPI.DLL - C: \ Windows \ System32 \ PRISMAPI.DLL
O20 - Winlogon Obavijesti: PRISMGNA.DLL - C: \ Windows \ System32 \ PRISMGNA.DLL
O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown vlasnika - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe "/ usluga (file missing)
O23 - Service: avast! Web Scanner - Unknown vlasnika - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe "/ usluga (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: hpdj - Unknown vlasnika - C: \ DOCUME ~ 1 \ Owner \ Mještani ~ 1 \ Temp \ hpdj.exe (file missing)
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ System32 \ nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems - C: \ WINDOWS \ system32 \ PRISMSVC.EXE

**evilfantasy** · #3 26 ožujak 2008, 16:35

Imate neki štetni sadržaj prikazuje u zapisnik. Molimo otiđite OVDJE i učiniti CCleaner, Superantispyware i MBAM scans. Post logove kad je dovršeno uz novu Hijackthis log. Budite sigurni da neće pokretati Hijackthis do nakon druge su potpune i skenira računalo je ponovo pokrenuti.

Napomena Predlaže se da ide na Dodaj / Ukloni programe i deinstalirati ProfileWatcher.

Quote:

ProfileWatcher:
Infiltrates vaš MySpace račun i šalje oglasa na svim svojim prijateljima komentari stranice.

neno85 · #4 2. travanj 2008, 15:10

ovo je log malwarebytes

neno85 · #5 2. travanj 2008, 15:11

ovo je hijackthis log
Logfile of HijackThis v1.99.1
Scan spremljena u 6:16:51 Na 4/2/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ System32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PRISMSVC.EXE
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ PRISMSVR.EXE
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI9 FA.EXE
C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Adobe \ Adobe Photoshop Lightroom 1,2 \ apdproxy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Dell Wireless \ PRISMCFG.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Neven \ Desktop \ sniper.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.finderg.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ System32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / installquiet / keeploaded / nodetect
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [gramofonska igla Foto EPSON R320 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATI9 FA.EXE / P30 "EPSON gramofonska igla Foto R320 Series" / O6 "USB002" / M "gramofonska igla Foto R320"
O4 - HKLM \ .. \ Run: [ProfileWatcher] C: \ Program Files \ ProfileWatcher \ profilewatcher.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Adobe Photoshop Lightroom 1,2 \ apdproxy.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe-tišina
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent] "C: \ Program Files \ BitTorrent \ bittorrent.exe" - force_start_minimized
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C: \ Program Files \ LimeWire \ LimeWire.exe
O4 - Startup: Stardock ObjectDock.lnk = C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Bežični WLAN USB 2.0 Card Utility.lnk =?
O8 - Extra kontekst meni stavka: & Search -? P = ZK
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Program Files \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (200B3EE9-7242-4EFD-B1E4-D97EE825BA53) (VerifyGMN Class) -- http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1162589752500
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1162829153500
O16 - DPF: (AB86CE53-AC9F-449F-9399-D8ABCA09EC09) (Get_ActiveX Control) -- https: / / h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: (D18F962A-3722-4B59-B08D-28BB9EB2281E) (PhotosCtrl Class) -- http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Obavijesti: PRISMAPI.DLL - C: \ Windows \ System32 \ PRISMAPI.DLL
O20 - Winlogon Obavijesti: PRISMGNA.DLL - C: \ Windows \ System32 \ PRISMGNA.DLL
O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown vlasnika - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe "/ usluga (file missing)
O23 - Service: avast! Web Scanner - Unknown vlasnika - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe "/ usluga (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: hpdj - Unknown vlasnika - C: \ DOCUME ~ 1 \ Owner \ Mještani ~ 1 \ Temp \ hpdj.exe (file missing)
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ System32 \ nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems - C: \ WINDOWS \ system32 \ PRISMSVC.EXE

neno85 · #6 2. travanj 2008, 15:13

i to je superantispyware log --- Znam da ovo čuje puno - ali vi ste doista spasilac puno hvala ----

SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 03/28/2008 at 08:37

Application Version: 4.0.1154

Core Pravila Database Version: 3426
Trace Pravila Database Version: 1418

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 00:42:44

Memorija predmeta skenirane: 515
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 5073
Matični prijetnje otkrivena: 0
File skenirane podatke: 15903
File prijetnje otkrivena: 0

moj računalo je još uvijek sporo - nema promjena jer pretražuje ...

**evilfantasy** · #7 2. travanj 2008, 15:20

Mi moramo pokrenuti više moćna scan. Neće potrajati vrlo dugo.

Molimo, preuzmite Combofix by sUBs jedan od linkova ispod.
(Isprobajte sve tri ako je potrebno)

Važno! Combofix.exe MORA biti spremljene i otrča iz Desktop.

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka Combofix.
Važno! Privremeno onemogućiti tvoj AntiVirus, Skripta za blokiranje i bilo koji protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan.
- Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.
- Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
Upozorenje: Combofix disconnects vašem računalu s Interneta. Se veza automatski obnovljena prije Combofix izvrši njegove vožnji.
Dvaput kliknite combofix.exe i slijedite upute.
- Odaberite Da da biste prihvatili Disclaimers.[
Kada završite, on će proizvesti prijava za vas.
Pošta da se prijavite u vaš sljedeći odgovor.

Upozorenje: Ne mouseclick combofix's prozor dok je pokrenut. To svibanj uzrokovati da se štala

Ako Combofix prometuje na poteškoće i prestaje preuranjeno, veza može biti ručno restored by ponovo pokrenuti računalo.
Važno: Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski prije reconnecting na Internet.

neno85 · #8 2. travanj 2008, 15:38

ovdje je combofix log

**evilfantasy** · #9 2. travanj 2008, 15:57

I odaberite Otvoriti Hijackthis li sustav skeniranja tek tada staviti kvačica pored ovih enteies.

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.finderg.com
O8 - Extra kontekst meni stavka: & Search -? P = ZK

Zatvori sve prozore osim Hijackthis i kliknite na Fix checked.

----------

Molimo trčanje F-Secure Online Scanner

Napomena: Ovaj Skener radi sa Internet Explorer Samo!

Pomaknite se na dno stranice i kliknite na gumb Start scanning. Prozor će pop up.
Omogućiti Active X kontrole da se instalira na vaše računalo, a zatim kliknite gumb Prihvati
Kliknite Full System Scan i dopustiti komponentama za preuzimanje i scan to kompletan.
Ako se utvrdi štetnih sadržaja, provjerite Submit uzoraka za F-Secure a zatim odaberite Automatsko čišćenje
Prilikom čišćenja ima finitished, kliknite na Prikaži izvješće (to će otvoriti prozor programa Internet Explorer koja sadrži izvješća)
Označite i kopirajte (Ctrl + C) kompletan izvještaj, a Zalijepi (Ctrl + V) u novom odgovorite na ovaj post
- Ako Automatsko čišćenje s Submit uzoraka smrzne, kliknite Odustani, Zatim Novo pretraživanje
Kada je opcija čišćenje predstavljaju, Isključi Submit uzoraka za F-Secure
Kliknite Automatsko čišćenje
Prilikom čišćenja ima finitished, kliknite Prikaži izvješće (ovaj će se otvoriti prozor programa Internet Explorer koja sadrži izvješća)
Označite i kopirajte (Ctrl + C) kompletan izvještaj, a Zalijepi (Ctrl + V) u novom odgovorite na ovaj post.

Ovaj skeniranja može potrajati poprilično vremena, stoga molimo da budete strpljivi

neno85 · #10 2. travanj 2008, 17:41

Scanning Report

Srijeda, 02. travanj 2008 19:19:08 - 20:30:00

Computer name: NEVEN-MS8XDAEE4
Skeniranje tip: Scan Sustav za štetne sadržaje, rootkits
Target: C: \
Result: 1 pronađene štetne sadržaje

Praćenje Cookie (spyware)

Sistemski

Statistika

Skenirane:

Files: 39253

System: 3397

Ne skeniraju: 22

Akcije:

Dezinficirati: 0

Preimenovali: 0

Izbrisano: 0

None: 1

Poslato: 0

Ne skeniraju datoteke:

C: \ PAGEFILE.SYS

C: \ WINDOWS \ SYSTEM32 \ CONFIG \ DEFAULT

C: \ WINDOWS \ SYSTEM32 \ CONFIG \ SAM

C: \ WINDOWS \ SYSTEM32 \ CONFIG \ SIGURNOSTI

C: \ WINDOWS \ SYSTEM32 \ CONFIG \ SOFTWARE

C: \ WINDOWS \ SYSTEM32 \ CONFIG \ SYSTEM

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ CALLCONT.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ GDI32.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ H323.TSP

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ H323MSP.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ HELPCTR.EXE

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ IPNATHLP.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ LSASRV.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ MF3216.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ MSASN1.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ Msgina.dll

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ MST120.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ NETAPI32.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ NMCOM.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ RTCDLL.DLL

C: \ WINDOWS \ $ NTUNINSTALLKB835732 $ \ SCHANNEL.DLL

C: \ Documents and Settings \ NEVEN \ Local Settings \ Temp \ HSPERFDATA_NEVEN \ 2636

Opcije

Skeniranje motora:

F-Secure USS: 2.30.0

F-Secure Hydra: 2.8.8110, 2008/04/02

F-Secure AVP: 7.0.171, 2008/04/02

F-Secure Pegasus: 1.20.0, 2008/02/28

F-Secure Blacklight: 1.0.64

Scanning Options:

Scan definirane datoteke: COM exe sys OV? Bin SCR DLL SHS htm HTML HTT VBS JS INF VXD RADI? XL? RTF CPL talentovana osoba hta PP? PWZ P? T MSO PIF. ACM ASP AX CNV CSC DRV INI MDB MFD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML izviždati HLP TD0 TT6 Poruka ASD JSE VBE WSC CHM EML PRC SHB LNK WSF (* PDF zl? XML ZIP XXX Ani AVB BAT Cmd JPG LSP KARTA mht MIF PHP POT SWF wmf NWS TAR

Koristite napredno heuristike

Copyright © 1998-2007 Product Support |Pošalji uzorke virusa F-Secure

F-Secure ne preuzima nikakvu odgovornost za materijalne kreirana objavljenih ili treće osobe koja F-Secure World Wide Web stranice imaju link na. Osim ako imate jasno je navedeno drugačije, podnošenjem materijala na bilo kojem od naših poslužitelja, na primjer putem e-maila ili preko naše F-Secure je CGI E-mail, pristajete na to da je materijal koji ste svibanj učiniti dostupnim biti objavljen u F-Secure Svijet Wide Pages ili hard-copy publikacija. Te htijenje stići F-Secure javnim web stranicama tako da kliknete na linkove podcrtavanje. Dok ovo radite, vaš pristup će biti prijavljeni na naš privatni pristup statistikama s vašom domenom name.This podaci neće biti otkriveni trećim stranama. Slažete se da se ne poduzmu mjere protiv nas u odnosu na materijale koje ćete poslati. Osim ako imate jasno je navedeno drugačije, podnošenjem materijala jamčite da li F-Secure svibanj inkorporirati bilo kakve koncepte opisane u njega u F-Secure proizvoda / publikacije bez odgovornosti.