Virus-Antivirus :: Pc Klinika ~ Doktori za vas kompjuter

Toolbar

Pravilnik foruma

Burek marketing

Najčešća pitanja

Posetite Burek Prodavnicu

Zatvori

BUREK marketing

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Virus-Antivirus (Moderatori: enaB, chelavi1)

Trenutno vreme je: 27. Apr 2024, 08:05:26

Korisnici koji su trenutno na forumu 0 članova i 1 gost pregledaju ovu temu.

Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu!

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Stranice:

2 3 ... 5

Tema: Virus-Antivirus (Pročitano 6336 puta)

Al3k5aNd4R

03. Jun 2008, 16:02:01

Zvezda u usponu

Ko bi reko da nisam normalan?? 0_o

Zodijak
Pol
Poruke	1851
Zastava

	Windows XP
	Opera 9.27
	Nokia

A kako ja da uklonim neki virus, usporava mi internet i racunar, skinuo mi je neki toolbar security za ie i svaka dva minuta mi ga otvara sa nekom stranicom microsoft antivirus.. adavare ga nije izbrisao, nod ga nije izbrisao, your unistaller ga nije izbrisao, ccleaner ga nije izbrisao...

IP sačuvana

Zatvori

MunkaZe

Poruka #1

03. Jun 2008, 16:04:30

Supermoderator

Legenda foruma

Always outnumbered, never outgunned.

Zodijak
Pol
Poruke	47481
Zastava

	Windows Vista
	Mozilla Firefox 2.0.0.14

preporucujemo Vam da skenirate Vas racunar sa HiJackThis software-om koji je besplatan i mozete ga download-ovati na ovoj adresi, nakon cega zakacite ovde Vas tekstualni HiJackThis log.

IP sačuvana

Glasajte u anketi i izaberite temu narednog BFMC takmicenja
Ta divna stvorenja

Zatvori

Al3k5aNd4R

Poruka #2

03. Jun 2008, 16:13:01

Zvezda u usponu

Ko bi reko da nisam normalan?? 0_o

Zodijak
Pol
Poruke	1851
Zastava

	Windows XP
	Opera 9.27
	Nokia

Citat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:29, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\NetProject\scit.exe
H:\Program Files\NetProject\sbmntr.exe
H:\Program Files\Unlocker\UnlockerAssistant.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\Google\Google Talk\googletalk.exe
H:\WINDOWS\vsnpstd.exe
H:\Program Files\NetProject\sbsm.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\WINDOWS\system32\LEXBCES.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\LEXPPS.EXE
H:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Common Files\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Eset\nod32krn.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\TeamViewer3\TeamViewer_Host.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\TeamViewer3\TeamViewer.exe
H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\NetProject\scm.exe
H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\msiexec.exe
H:\WINDOWS\system32\MsiExec.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\NOTEPAD.EXE
E:\Program files\Opera 9\Opera.exe
H:\WINDOWS\system32\wuauclt.exe
I:\My Downloads\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: hattrickmontenegro.freeforums.org Toolbar - {889f9768-2157-42e0-8405-4ec14aacc9e8} - H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - H:\WINDOWS\system32\mfc42dx1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - H:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: hattrickmontenegro.freeforums.org Toolbar - {889f9768-2157-42e0-8405-4ec14aacc9e8} - H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - H:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: hattrickmontenegro.freeforums.org Toolbar - {889f9768-2157-42e0-8405-4ec14aacc9e8} - H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - H:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [UnlockerAssistant] H:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "H:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] H:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] H:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CloneCDTray] "H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SVRemote] c:\Program Files\SVRemote\USB20Remote.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yamaha DS-XG Driver] H:\WINDOWS\system32\vdriver.exe
O4 - HKCU\..\Run: [STYLEXP] H:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKLM\..\Policies\Explorer\Run: [some] H:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] H:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\pchealth" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\msagent" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: nod32.lnk = C:\Program Files\ESET\nod32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://miss.smscentar.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A025F8C-3498-42D1-A3BA-31B8B7EAB387} (ButtonX Control) - http://miss.smscentar.com/ActiveX.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - H:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - H:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15335 bytes

ovo?

IP sačuvana

Zatvori

MunkaZe

Poruka #3

03. Jun 2008, 16:45:00

Supermoderator

Legenda foruma

Always outnumbered, never outgunned.

Zodijak
Pol
Poruke	47481
Zastava

	Windows Vista
	Mozilla Firefox 2.0.0.14

Da to

Preuzmi Combofix odavde : link ili odavde link

Kako instalirati ComboFix sa i bez Recovery Konzole : Link

Kada zavrsi dace ti tekstualni log koji ces negde sacuvati, zakaci taj log ovde. Nakon toga ponovo uradi HJT i zakaci novi HJT log ovde.

« Poslednja izmena: 03. Jun 2008, 16:46:26 od MunkaZe »

IP sačuvana

Glasajte u anketi i izaberite temu narednog BFMC takmicenja
Ta divna stvorenja

Zatvori

Al3k5aNd4R

Poruka #4

03. Jun 2008, 17:04:52

Zvezda u usponu

Ko bi reko da nisam normalan?? 0_o

Zodijak
Pol
Poruke	1851
Zastava

	Windows XP
	Opera 9.27
	Nokia

ComboFix 08-06-01.6 - Administrator 2008-06-03 16:53:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2337 [GMT 2:00]
Running from: I:\My Downloads\ComboFix\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\Administrator\Application Data\inst.exe
H:\Documents and Settings\Administrator\Favorites\Online Security Test.url
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
H:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
H:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
H:\Program Files\NetProject
H:\Program Files\NetProject\myd.ico
H:\Program Files\NetProject\mym.ico
H:\Program Files\NetProject\myp.ico
H:\Program Files\NetProject\myv.ico
H:\Program Files\NetProject\ot.ico
H:\Program Files\NetProject\sbmdl.dll
H:\Program Files\NetProject\sbmntr.exe
H:\Program Files\NetProject\sbsm.exe
H:\Program Files\NetProject\sbun.exe
H:\Program Files\NetProject\scit.exe
H:\Program Files\NetProject\scm.exe
H:\Program Files\NetProject\scu.exe
H:\Program Files\NetProject\ts.ico
H:\Program Files\NetProject\wamdl.dll
H:\Program Files\NetProject\waun.exe
H:\WINDOWS\system32\lxhsvcd.dll
H:\WINDOWS\system32\pskill.exe
H:\WINDOWS\system32\qviexio3.dat
H:\WINDOWS\system32\wininitc.dll

----- BITS: Possible infected sites -----

hxxp://cr
.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 13:04 . 2008-06-03 13:04   <DIR>   d--------   H:\Documents and Settings\LocalService\Application Data\TeamViewer
2008-06-03 12:09 . 2008-06-03 12:09   <DIR>   d--------   H:\Program Files\CCleaner
2008-06-02 18:36 . 2008-06-02 18:36   <DIR>   d--------   H:\Program Files\Lavasoft
2008-06-02 18:36 . 2008-06-02 18:36   <DIR>   d--------   H:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 18:36 . 2008-06-02 18:37   <DIR>   d--------   H:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 18:06 . 2008-06-01 18:06   2,913   --a------   H:\WINDOWS\system32\msmediaq.dll
2008-06-01 18:06 . 2008-06-02 12:14   620   --a------   H:\WINDOWS\system32\storeras.dat
2008-06-01 13:45 . 1998-09-02 10:02   194,320   --a------   H:\WINDOWS\system32\qcut.dll
2008-06-01 13:45 . 1998-08-27 06:51   182,032   --a------   H:\WINDOWS\system32\dxtmsft3.dll
2008-06-01 13:45 . 1998-08-20 13:02   140,800   --a------   H:\WINDOWS\system32\tm20dec.ax
2008-06-01 13:45 . 1998-09-02 10:28   63,488   --a------   H:\WINDOWS\system32\unam4ie.exe
2008-06-01 13:45 . 1998-09-02 10:28   38,160   --a------   H:\WINDOWS\system32\LMRTREND.dll
2008-06-01 13:45 . 1998-08-17 11:21   11,776   --a------   H:\WINDOWS\system32\mciqtz.drv
2008-06-01 13:45 . 1998-08-17 11:21   10,240   --a------   H:\WINDOWS\system32\vidx16.dll
2008-06-01 13:45 . 1998-08-17 11:21   5,672   --a------   H:\WINDOWS\system32\quartz.vxd
2008-06-01 13:45 . 2008-06-01 13:45   4,608   --a------   H:\WINDOWS\system32\w95inf32.dll
2008-06-01 13:45 . 2008-06-01 13:45   2,272   --a------   H:\WINDOWS\system32\w95inf16.dll
2008-06-01 13:39 . 2008-06-03 12:57   <DIR>   d--------   H:\Program Files\directx
2008-05-31 01:15 . 2008-05-31 01:15   <DIR>   d--------   H:\Program Files\Tuning Car Studio
2008-05-28 16:15 . 2008-05-30 16:59   <DIR>   d--------   H:\Program Files\SpeedSim
2008-05-28 16:15 . 2008-05-28 16:15   <DIR>   d--------   H:\Documents and Settings\Administrator\Application Data\SpeedSim
2008-05-23 18:44 . 2008-05-23 18:44   <DIR>   d--------   H:\Program Files\Notepad++
2008-05-23 18:44 . 2008-05-23 18:44   <DIR>   d--------   H:\Documents and Settings\Administrator\Application Data\Notepad++
2008-05-23 13:20 . 2008-05-23 13:20   <DIR>   d--------   H:\Program Files\xchat
2008-05-23 13:20 . 2008-06-01 23:21   <DIR>   d--------   H:\Documents and Settings\Administrator\Application Data\X-Chat 2
2008-05-21 15:32 . 2008-05-21 15:32   60,416   --a------   H:\WINDOWS\system32\mfc42dx1.dll
2008-05-12 18:50 . 2008-05-12 18:50   <DIR>   d--------   H:\Program Files\Common Files\Adobe AIR
2008-05-12 18:50 . 2008-05-12 18:50   <DIR>   d--------   H:\Program Files\Adobe Media Player
2008-05-12 11:02 . 2008-05-12 11:02   244   --ah-----   H:\sqmnoopt06.sqm
2008-05-12 11:02 . 2008-05-12 11:02   232   --ah-----   H:\sqmdata06.sqm
2008-05-09 19:42 . 2008-05-09 19:42   <DIR>   d--------   H:\Program Files\SweetIM
2008-05-09 19:42 . 2008-05-09 19:42   <DIR>   d--------   H:\Documents and Settings\All Users\Application Data\SweetIM
2008-05-07 14:07 . 2008-05-29 14:25   <DIR>   d--------   H:\Program Files\TeamViewer3
2008-05-07 14:07 . 2008-05-07 14:07   <DIR>   d--------   H:\Documents and Settings\Administrator\Application Data\TeamViewer
2008-05-07 14:05 . 2008-05-07 14:05   <DIR>   d--------   H:\Documents and Settings\Administrator\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 14:59   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\Skype
2008-06-03 11:04   ---------   d-----w   H:\Program Files\Google
2008-06-03 10:57   ---------   d-----w   H:\Program Files\NSS
2008-06-03 10:57   ---------   d-----w   H:\Program Files\My Company Name
2008-06-03 10:57   ---------   d-----w   H:\Program Files\Mv2Player
2008-06-03 10:57   ---------   d-----w   H:\Program Files\Game Translator
2008-06-03 10:57   ---------   d-----w   H:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-03 10:02   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-02 15:47   ---------   d-----w   H:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-01 17:11   196,608   ----a-w   H:\WINDOWS\system32\drivers\aStandard.bin
2008-06-01 11:39   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-06-01 10:07   ---------   d-----w   H:\Program Files\Metin2_UK
2008-05-31 19:06   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\Hamachi
2008-05-22 17:22   ---------   d-----w   H:\Program Files\sXe Injected
2008-05-21 11:02   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-16 13:00   ---------   d-----w   H:\Program Files\Java
2008-05-11 15:58   ---------   d-----w   H:\Program Files\Steam
2008-05-05 19:27   ---------   d-----w   H:\Program Files\ESET
2008-05-05 10:08   ---------   d-----w   H:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-02 14:55   ---------   d-----w   H:\Program Files\TmNationsForever
2008-05-01 23:37   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\DNA
2008-04-30 23:26   ---------   d-----w   H:\Program Files\Dreamcatcher
2008-04-29 18:37   ---------   d-----w   H:\Program Files\vghd
2008-04-29 17:57   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\vghd
2008-04-24 20:06   12,152,678   ----a-w   H:\WINDOWS\ferrari_marzo2008.scr
2008-04-23 21:39   ---------   d-----w   H:\Program Files\MyTubePlayer
2008-04-23 10:52   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\UseNeXT
2008-04-23 10:02   471,040   ----a-w   H:\WINDOWS\screen_foghorn.scr
2008-04-23 10:00   12,288   ----a-w   H:\WINDOWS\impborl.dll
2008-04-22 21:13   ---------   d-----w   H:\Program Files\iTunes
2008-04-22 21:00   ---------   d-----w   H:\Program Files\Safari
2008-04-22 20:10   ---------   d-----w   H:\Program Files\Gham
2008-04-22 13:34   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\Netscape
2008-04-22 13:33   ---------   d-----w   H:\Program Files\Netscape
2008-04-17 22:23   ---------   d-----w   H:\Program Files\YuRecnik
2008-04-17 20:38   ---------   d-----w   H:\Program Files\Your Uninstaller 2006
2008-04-17 13:19   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\StarOffice8
2008-04-17 12:40   ---------   d-----w   H:\Program Files\WinFlip
2008-04-17 12:40   ---------   d-----w   H:\Program Files\ViStart
2008-04-15 12:56   ---------   d-----w   H:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-09 10:30   21,840   ----a-w   H:\WINDOWS\system32\SIntfNT.dll
2008-04-09 10:30   17,212   ----a-w   H:\WINDOWS\system32\SIntf32.dll
2008-04-09 10:30   12,067   ----a-w   H:\WINDOWS\system32\SIntf16.dll
2008-04-09 10:28   ---------   d--h--w   H:\Program Files\InstallShield Installation Information
2008-04-09 10:20   ---------   d-----w   H:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-09 08:03   ---------   d-----w   H:\Program Files\Common Files\Adobe
2008-04-09 07:56   ---------   d-----w   H:\Program Files\Common Files\Macrovision Shared
2008-04-08 21:17   ---------   d-----w   H:\Program Files\iPod
2008-04-05 16:04   ---------   d-----w   H:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-04 00:00   ---------   d-----w   H:\Program Files\Picasa2
2008-03-26 08:09   151,583   ----a-w   H:\WINDOWS\system32\msjint40.dll
2008-03-26 08:09   151,583   ------w   H:\WINDOWS\system32\DllCache\msjint40.dll
2008-03-25 08:20   219,936   ----a-w   H:\WINDOWS\system32\msltus40.dll
2008-03-25 08:20   219,936   ------w   H:\WINDOWS\system32\DllCache\msltus40.dll
2008-03-19 09:40   1,845,888   ----a-w   H:\WINDOWS\system32\win32k.sys
2008-03-19 09:40   1,845,888   ------w   H:\WINDOWS\system32\DllCache\win32k.sys
2008-03-10 23:20   32   ----a-w   H:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-03 17:53   78,336   ----a-w   H:\WINDOWS\system32\ieencode.dll
2008-03-03 17:53   78,336   ----a-w   H:\WINDOWS\system32\DllCache\ieencode.dll
2008-03-03 17:52   70,656   ----a-w   H:\WINDOWS\system32\DllCache\iedw.exe
2008-03-03 17:52   599,552   ----a-w   H:\WINDOWS\system32\DllCache\iexplore.exe
2008-03-03 17:52   41,984   ----a-w   H:\WINDOWS\system32\licmgr10.dll
2008-03-03 17:52   41,984   ----a-w   H:\WINDOWS\system32\DllCache\licmgr10.dll
2008-03-03 17:52   349,184   ----a-w   H:\WINDOWS\system32\DllCache\iedkcs32.dll
2008-03-03 17:52   224,768   ----a-w   H:\WINDOWS\system32\DllCache\ieaksie.dll
2008-03-03 17:52   193,024   ----a-w   H:\WINDOWS\system32\DllCache\msrating.dll
2008-03-03 17:52   17,920   ----a-w   H:\WINDOWS\system32\DllCache\corpol.dll
2008-03-03 17:52   17,920   ----a-w   H:\WINDOWS\system32\corpol.dll
2008-03-03 17:52   116,224   ----a-w   H:\WINDOWS\system32\DllCache\occache.dll
2008-03-03 17:52   105,984   ----a-w   H:\WINDOWS\system32\DllCache\url.dll
2008-03-03 17:51   94,208   ----a-w   H:\WINDOWS\system32\DllCache\inseng.dll
2008-03-03 17:51   70,656   ----a-w   H:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-03-03 17:51   69,120   ----a-w   H:\WINDOWS\system32\iesetup.dll
2008-03-03 17:51   69,120   ----a-w   H:\WINDOWS\system32\DllCache\iesetup.dll
2008-03-03 17:51   69,120   ----a-w   H:\WINDOWS\system32\DllCache\admparse.dll
2008-03-03 17:51   69,120   ----a-w   H:\WINDOWS\system32\admparse.dll
2008-03-03 17:51   557,056   ----a-w   H:\WINDOWS\system32\DllCache\jscript.dll
2008-03-03 17:51   44,032   ----a-w   H:\WINDOWS\system32\DllCache\iernonce.dll
2008-03-03 17:51   149,504   ----a-w   H:\WINDOWS\system32\DllCache\ieakui.dll
2008-03-03 17:51   126,464   ----a-w   H:\WINDOWS\system32\DllCache\advpack.dll
2008-03-03 17:51   119,808   ----a-w   H:\WINDOWS\system32\DllCache\ieakeng.dll
2008-03-03 17:50   60,928   ----a-w   H:\WINDOWS\system32\DllCache\icardie.dll
2008-03-03 17:50   48,128   ----a-w   H:\WINDOWS\system32\mshtmler.dll
2008-03-03 17:50   48,128   ----a-w   H:\WINDOWS\system32\DllCache\mshtmler.dll
2008-03-03 17:50   45,568   ----a-w   H:\WINDOWS\system32\mshta.exe
2008-03-03 17:50   45,568   ----a-w   H:\WINDOWS\system32\DllCache\mshta.exe
2008-03-03 17:50   44,544   ----a-w   H:\WINDOWS\system32\DllCache\pngfilt.dll
2008-03-03 17:50   36,352   ----a-w   H:\WINDOWS\system32\imgutil.dll
2008-03-03 17:50   36,352   ----a-w   H:\WINDOWS\system32\DllCache\imgutil.dll
2008-03-03 17:50   345,600   ----a-w   H:\WINDOWS\system32\DllCache\dxtmsft.dll
2008-03-03 17:50   268,800   ----a-w   H:\WINDOWS\system32\DllCache\iertutil.dll
2008-03-03 17:50   212,992   ----a-w   H:\WINDOWS\system32\DllCache\dxtrans.dll
2008-03-03 17:46   68,096   ----a-w   H:\WINDOWS\system32\DllCache\hmmapi.dll
2008-03-03 17:34   440,832   ----a-w   H:\WINDOWS\system32\DllCache\ieapfltr.dll
2007-12-03 12:56   81,920   ----a-w   H:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-12-03 12:56   47,360   ----a-w   H:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2007-11-10 11:18   56   --sh--r   H:\WINDOWS\system32\4D5BADF124.sys
2007-11-10 11:18   1,890   --sha-w   H:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-08-09 02:55 2016768 f196becedb849a135260b758fa546618   H:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba   H:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 11:16 2028032 67f887be4a15764efa817eb59b2cead3   H:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 01:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba   H:\WINDOWS\system32\DllCache\ntkrnlpa.exe
2007-02-28 11:16 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c   H:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2006-08-09 02:32 2137088 7000146d1b17fe998ba56f244eacc37d   H:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9   H:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 11:53 2148352 feaa6ee86437705f6dfc5e083f54a1f6   H:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9   H:\WINDOWS\system32\DllCache\ntoskrnl.exe
2007-02-28 11:53 2137600 e6679c3023b17d8b78946bc5df53fa20   H:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 13:26 1423360 6d29e1166bf943c0b39cad2c5df022cc   H:\WINDOWS\explorer.exe
2006-08-09 02:30 1032192 45757077a47c68a603a79b03a1a836ab   H:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658   H:\WINDOWS\system32\DllCache\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658   H:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000AC13-3487-1583-C4BE-BE6A839DB000}]
2008-05-21 15:32   60416   --a------   H:\WINDOWS\system32\mfc42dx1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889f9768-2157-42e0-8405-4ec14aacc9e8}]
2008-03-13 11:30   1524248   --a------   H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12   1164600   --a------   H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{889F9768-2157-42E0-8405-4EC14AACC9E8}"= "H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll" [2008-03-13 11:30 1524248]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "H:\Program Files\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{889f9768-2157-42e0-8405-4ec14aacc9e8}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{889F9768-2157-42E0-8405-4EC14AACC9E8}"= H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll [2008-03-13 11:30 1524248]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= H:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{889f9768-2157-42e0-8405-4ec14aacc9e8}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"Yamaha DS-XG Driver"="H:\WINDOWS\system32\vdriver.exe" [ ]
"STYLEXP"="H:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 15:15 1359872]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"Google Update"="H:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-05-27 21:17 119280]
"PcSync"="H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="H:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-05-06 09:29 6656]
"SoundMAXPnP"="H:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 09:29 872448]
"JMB36X Configure"="H:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"nod32kui"="H:\Program Files\Eset\nod32kui.exe" [2007-10-13 19:40 949376]
"Google Desktop Search"="H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-13 20:39 1838592]
"googletalk"="H:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"snpstd"="H:\WINDOWS\vsnpstd.exe" [2004-06-10 14:48 286720]
"Sony Ericsson PC Suite"="H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920]
"CloneCDTray"="H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"SVRemote"="c:\Program Files\SVRemote\USB20Remote.exe" [ ]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="H:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SweetIM"="H:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 23:16:38 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.dvacm"= H:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= H:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= H:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 16:16 171464 E:\Program files\Daemontools\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 H:\Program Files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\Install\\mIRC\\mIRC\\mirc.exe"=
"H:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"H:\\Program Files\\TimHillOne\\H264WebCamPro\\H264WebCamPro.exe"=
"H:\\WINDOWS\\system32\\dpvsetup.exe"=
"H:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"H:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"F:\\Codemasters\\RD3.exe"=
"H:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"H:\\Documents and Settings\\Administrator\\Application Data\\Thinstall\\Alcohol_120%_v1.9.6.5429\\4000004900003i\\StarWindServiceAE.exe"=
"H:\\Half-life\\hl.exe"=
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Half-life\\hlds.exe"=
"H:\\hl 2\\Half-life\\hl.exe"=
"H:\\hl 2\\Half-life\\hltv.exe"=
"H:\\Program Files\\Valve\\HLServer\\hlds.exe"=
"H:\\Program Files\\Valve\\HLServer\\hl.exe"=
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"H:\\Program Files\\DNA\\btdna.exe"=
"H:\\Program Files\\BitTorrent\\bittorrent.exe"=
"E:\\Program files\\Opera 9\\Opera.exe"=
"F:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"H:\\Half-life\\hltv.exe"=
"H:\\Program Files\\iTunes\\iTunes.exe"=
"H:\\Program Files\\TmNationsForever\\TmForever.exe"=
"I:\\My Downloads\\Racer\\racer\\racer.exe"=
"H:\\Program Files\\Skype\\Phone\\Skype.exe"=
"H:\\Program Files\\xchat\\xchat.exe"=

R2 TeamViewer;TeamViewer 3;"H:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
R3 Video3D;ASUS Video3D Service;H:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
R4 atidgllk;atidgllk;H:\WINDOWS\atidgllk.sys [2005-10-20 10:29]
S3 ggflt;SEMC USB Flash Driver Filter;H:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-02 20:45]
S3 ntportio;ntportio;I:\My Documents\Ostalo\telefoni\Sony Ericsson\semc2.2\semc2.2\ntportio.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup   REG_SZ    hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16dbed3f-7449-11dc-9b2f-001d6006852e}]
\Shell\Auto\command - K:\Autorun.exe
\Shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b4cf982-86f7-11dc-9b5f-001d6006852e}]
\Shell\Auto\command - K:\Autorun.exe
\Shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 16:58:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
.
------------------------ Other Running Processes ------------------------
.
H:\WINDOWS\system32\ati2evxx.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\WINDOWS\system32\ati2evxx.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\LEXBCES.EXE
H:\WINDOWS\system32\LEXPPS.EXE
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\ESET\nod32krn.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\TeamViewer3\TeamViewer.exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\WINDOWS\system32\WgaTray.exe
H:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Common Files\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-06-03 17:03:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 15:02:59

Pre-Run: 23,429,443,584 bytes free
Post-Run: 23,572,054,016 bytes free

385   --- E O F ---   2008-05-23 23:45:10

IP sačuvana

Zatvori

Al3k5aNd4R

Poruka #5

03. Jun 2008, 17:07:08

Zvezda u usponu

Ko bi reko da nisam normalan?? 0_o

Zodijak
Pol
Poruke	1851
Zastava

	Windows XP
	Opera 9.27
	Nokia

evo shta sad?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:40, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\LEXBCES.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\LEXPPS.EXE
H:\Program Files\Unlocker\UnlockerAssistant.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\Eset\nod32kui.exe
H:\Program Files\Google\Google Talk\googletalk.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\WINDOWS\vsnpstd.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ATKKBService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\SweetIM\Messenger\SweetIM.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\TGTSoft\StyleXP\StyleXP.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Eset\nod32krn.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\TeamViewer3\TeamViewer_Host.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\TeamViewer3\TeamViewer.exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\WINDOWS\system32\WgaTray.exe
H:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\Program files\Opera 9\Opera.exe
H:\WINDOWS\system32\msiexec.exe
H:\WINDOWS\explorer.exe
I:\My Downloads\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: hattrickmontenegro.freeforums.org Toolbar - {889f9768-2157-42e0-8405-4ec14aacc9e8} - H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Microsoft Shared Library Object Version - {0000AC13-3487-1583-C4BE-BE6A839DB000} - H:\WINDOWS\system32\mfc42dx1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: hattrickmontenegro.freeforums.org Toolbar - {889f9768-2157-42e0-8405-4ec14aacc9e8} - H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - H:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: hattrickmontenegro.freeforums.org Toolbar - {889f9768-2157-42e0-8405-4ec14aacc9e8} - H:\Program Files\hattrickmontenegro.freeforums.org\tbhatt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - H:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [UnlockerAssistant] H:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "H:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] H:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] H:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CloneCDTray] "H:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SVRemote] c:\Program Files\SVRemote\USB20Remote.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yamaha DS-XG Driver] H:\WINDOWS\system32\vdriver.exe
O4 - HKCU\..\Run: [STYLEXP] H:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\pchealth" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\msagent" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "H:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: nod32.lnk = C:\Program Files\ESET\nod32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://miss.smscentar.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A025F8C-3498-42D1-A3BA-31B8B7EAB387} (ButtonX Control) - http://miss.smscentar.com/ActiveX.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - H:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - H:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - H:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14487 bytes

IP sačuvana

Zatvori

MunkaZe

Poruka #6

03. Jun 2008, 17:39:41

Supermoderator

Legenda foruma

Always outnumbered, never outgunned.

Zodijak
Pol
Poruke	47481
Zastava

	Windows Vista
	Mozilla Firefox 2.0.0.14

Nista, odlicno, sad idemo dalje Smile

Preuzmi SmitfraudFix odavde: link

Sacuvaj ga negde na komp, najbolje na dektop.
sa desktopa pokreni SmitfraudFix.exe
kreirace se folder pod imenom SmitfraudFix na desktopu takodje.

Sada restartuj masinu i udji u safe mode.
U safe modu udji na desktopu u folder SmitfraudFix i dva puta klikni na smitfraudfix.cmd da pokrenes skriptu.
Izaberi opciju 2 - Clean, tako sto ces kucati 2 i stisnuti ENter
Sad sacekaj da skripta odradi posao.
Kad zavrsi pitace te: Registry cleaning - Do you want to clean the registry? , a ti stisni Y i stisni Enter.
Ako te pita da zamenis jedan inficirani fajl ti izaberi takodje Y.

Na kraju ce verovatno traziti restart i sacuvati txt fajl pod imenom rapport.txt najverovatnije na H:.
Zakaci taj log ovde.

Ocisti Temporary Internet Files, history, cache, cookies.
Pokreni SPybot Search&Destroy, update-uj ga na mrezi, pusti da skenira, obrisi sta pronadje.
Kada sve to zavrsis, akaci novi HJT log.

IP sačuvana

Glasajte u anketi i izaberite temu narednog BFMC takmicenja
Ta divna stvorenja

Zatvori

Al3k5aNd4R

Poruka #7

03. Jun 2008, 17:52:53

Zvezda u usponu

Ko bi reko da nisam normalan?? 0_o

Zodijak
Pol
Poruke	1851
Zastava

	Windows XP
	Opera 9.27
	Nokia

moram li kolacice?
onda mi je lakse da reinstaliram windows, nego da cackam nesto sto ne znam..
inace sad mi je iskocio onaj windows geniue, izgleda da mi se izbrisao taj neki crack koji ga je blokirao..

Kako da udjem u safemode?

ne bih kolacice jer imam sacuvano preko 100 sifara za razne sajtove i forume na operi..

« Poslednja izmena: 03. Jun 2008, 18:16:05 od Al3k5aNd4R »

IP sačuvana

Zatvori

diarno

Poruka #8

03. Jun 2008, 18:25:40

Krajnje beznadezan

Out of Space and Time

Zodijak
Pol
Poruke	10499
Zastava

	Windows XP
	Mozilla Firefox 2.0.0.14

Uzmi ovaj program

http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25

I sa njim ocisti smece..Vidis tamo gde pise "Da li zelite da obrisete sifre" na ovom linku..E pa ti kao sto je napisano kad ti iskoci to obavestenje kliknes No...I nece ti biti obrisane sifre...
U safe mode ulazis ovako

http://forums.majorgeeks.com/showthread.php?t=115579

P.S. Izvini Munkaze..cisto da ti malo olaksam Smile

« Poslednja izmena: 03. Jun 2008, 18:26:46 od diarno »

IP sačuvana

I like to pretend I'm alone. Completely alone. Maybe post-apocalypse or plague... Whatever. No-one left to act normal for. No need to hide who I really am. It would be... freeing.

Zatvori

MunkaZe

Poruka #9

03. Jun 2008, 18:27:31

Supermoderator

Legenda foruma

Always outnumbered, never outgunned.

Zodijak
Pol
Poruke	47481
Zastava

	Windows Vista
	Mozilla Firefox 2.0.0.14

okej nemoj onda brisati cookies ...

ZA win genuine ne brini, ubicemo ga posle Smile

U safe mode ulazis tako sto pritiskas (najcesce) F8 pre nego sto pocne da se dize Windows, dakle dok je ekran jos crn, odmah nakon restarta. Ako nece sa F8 pokusaj sa F12 itd ...
Onda ce te pitati da izaberes od nekoliko ponudjenih opcija, i ti izaberi SAFE MODE.
Zatim sacekaj dok on izlista servise, i podici ce win u safe modu (losa rezolucija) , ali ce sve biti na svom mestu kao i u normal modu. Zatim na Desktopu pronadji svoj folder za SmitFraudFix i dalje znas i sam Smile

edit

nema na cemu, i ovako je frka danas Smile

« Poslednja izmena: 03. Jun 2008, 18:28:12 od MunkaZe »

IP sačuvana

Glasajte u anketi i izaberite temu narednog BFMC takmicenja
Ta divna stvorenja