Problem sa virusom ili spyware-om II

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:19:41, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\Nekorišćene prečice radne površine\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [A!K Mouse Off-road] C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [grampop] C:\DOCUME~1\ADMINI~1\APPLIC~1\PLAN32~1\support blah.exe
O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
End of file - 12760 bytes

Dr Borivoje, molim te pogledaj mi ovo i reci mi jel treba nešto da se briše, počeo je da mi koči komp, ai nešto me zeza Ad-Aware2007

pozz za tebe iz ČA

Poz...

Pokreni Ht, skeniraj i čekiraj:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Klikni na Fix Checked.

Restartuj PC.

Preuzmi Deljob.

• Dvoklikom pokreni deljob.exe
• Log (logit.txt) će se otvoriti u Notepad-u (file će se nalaziti na Desktop-u)
• Iskopiraj sadržaj tog loga u temu na forumu

Postavi i novi HT log (iskopiraj ceo log u jednu poruku, a ne u tri... ).

Au brateee , kakvu ti imaš "Zver" da sve ovo nosi kod tebe leleee , ako sam dobro video
- Msn Live + toolbar
- Yahoo msn + toolbar
- ICQ + toolbar
- Skype
- NetXfer + toolbar
- Orbitdownloader tolbar
- google toolbar ( tebi je IE šaren i čudi me da radi uopšte )
- iPod
- Nokia
- Spybot , Tea Timer
- Adawere 2007
- Nod32
Pa da sam ja na mestu Adawere-a i ja bih zezao . šalim se Kom'p ti još i dobro radi pitam se kakvu zver kriješ od nas ? sačekaj dr_Boru da da svoje mišljenje , meni se učinilo kao da sam video nešto , ali ne bih da se izlećem unapred.

Au dok sam ja razgledao log i polako pisao pojavio se i dr_Bora

dr_Bora:

(iskopiraj ceo log u jednu poruku, a ne u tri... ).

Kliknite za proširenje...

joj bre pa kad ne može u jednoj poruci (10000 slovnih mesta)

File(s) moved to C:\deljob
B5F343C8965CF4A4.job
Files remaining after cleaning
1-Click Maintenance.job
AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
User_Feed_Synchronization-{3C48D21E-9B15-4A24-91B4-3371345A7063}.job
App data folders
Volume in drive C is System
Volume Serial Number is 0CBC-B418
Directory of C:\Documents and Settings\Administrator\Application Data

30.09.2007 11:58 <DIR> .
30.09.2007 11:58 <DIR> ..
21.03.2007 20:38 <DIR> 123FRE~1 123 Free Solitaire
31.12.2006 19:23 <DIR> ACDSYS~1 ACD Systems
13.01.2007 14:27 <DIR> Adobe
13.10.2007 18:09 <DIR> AdobeUM
03.08.2006 18:45 <DIR> Ahead
02.10.2007 11:49 <DIR> APPLEC~1 Apple Computer
07.02.2006 15:41 <DIR> ATI
22.08.2007 12:24 <DIR> BITDOW~1 BitDownload
18.02.2007 20:39 <DIR> BSplayer
21.09.2007 05:42 <DIR> BSPLAY~1 BSplayer Pro
19.06.2007 23:58 <DIR> BVSSOL~1 BVS Solitaire Collection
22.05.2006 00:26 <DIR> CYBERL~1 CyberLink
12.02.2007 12:00 <DIR> DATALA~1 Datalayer
16.06.2007 13:05 <DIR> DMCache
01.07.2007 20:06 <DIR> ESSENT~1 EssentialPIM
27.01.2007 23:54 <DIR> FREEDO~1 Free Download Manager
14.07.2006 19:32 <DIR> FUNKIT~1 funkitron
05.07.2006 21:03 <DIR> Goodsol
03.08.2007 21:02 <DIR> Google
10.08.2007 10:59 <DIR> GRETECH
15.08.2006 12:36 <DIR> Help
02.04.2007 23:00 <DIR> ICQTOO~1 ICQ Toolbar
01.04.2007 01:43 <DIR> ICQLite
18.11.2006 23:16 <DIR> IDENTI~1 Identities
05.05.2007 13:37 <DIR> IDM
15.08.2007 10:14 <DIR> INSTAL~1 InstallShield
23.06.2007 10:33 <DIR> INTERN~1 InternetCalls
21.07.2007 17:21 <DIR> Lavasoft
31.10.2007 21:58 <DIR> LimeWire
15.05.2006 17:33 <DIR> MACROM~1 Macromedia
02.08.2006 21:44 <DIR> MAHJON~1 MahJong Suite
28.05.2006 23:08 <DIR> MEDIAP~1 Media Player Classic
19.04.2007 01:41 <DIR> MICROS~1 Microsoft
17.12.2006 23:57 <DIR> Mozilla
11.11.2006 11:06 <DIR> MSNINS~1 MSNInstaller
24.04.2007 13:02 <DIR> MusicIP
23.08.2007 21:27 <DIR> MxBoost
24.07.2007 16:08 <DIR> Nokia
06.08.2007 00:46 <DIR> NOKIAM~1 Nokia Multimedia Player
07.03.2007 15:56 <DIR> Opera
31.10.2007 22:38 <DIR> Orbit
12.02.2007 11:59 <DIR> PCSUIT~1 PC Suite
15.10.2006 23:37 <DIR> PCTOOL~1 PC Tools
08.10.2007 01:02 <DIR> PLAN32~1 Plan 32
29.10.2006 02:39 <DIR> Real
31.10.2007 22:41 <DIR> Skype
09.08.2006 13:40 <DIR> SolSuite
18.02.2007 16:26 <DIR> SOUNDS~1 SoundSpectrum
31.10.2007 22:39 <DIR> stickies
18.07.2007 12:07 <DIR> SUMATR~1 SumatraPDF
21.07.2007 07:44 <DIR> Sun
07.02.2006 15:41 <DIR> Symantec
07.07.2006 18:11 <DIR> Systweak
24.01.2007 12:36 <DIR> TUNEUP~1 TuneUp Software
24.01.2007 09:42 <DIR> URSoft
13.02.2007 17:26 <DIR> Wildfire
07.08.2007 17:47 <DIR> Yahoo!
09.08.2006 14:15 <DIR> ZONORA~1 Zonora Technologies
0 File(s) 0 bytes
60 Dir(s) 1.670.565.888 bytes free
Volume in drive C is System
Volume Serial Number is 0CBC-B418
Directory of C:\Documents and Settings\All Users\Application Data
02.10.2007 11:12 <DIR> .
02.10.2007 11:12 <DIR> ..
07.02.2006 15:51 <DIR> ACDSYS~1 ACD Systems
07.02.2006 15:53 <DIR> Adobe
02.10.2007 11:12 <DIR> Apple
02.10.2007 11:48 <DIR> APPLEC~1 Apple Computer
07.02.2006 15:30 <DIR> CYBERL~1 CyberLink
11.11.2006 20:58 <DIR> Google
10.08.2007 11:01 <DIR> GRETECH
24.07.2007 10:11 <DIR> INSTAL~1 Installations
15.08.2007 10:14 <DIR> INSTAL~2 InstallShield
21.07.2007 17:38 <DIR> Lavasoft
22.04.2007 00:57 <DIR> MICROS~1 Microsoft
15.05.2006 16:12 <DIR> NVIEW_~1 nView_Profiles
09.03.2007 23:07 <DIR> PCSUIT~1 PC Suite
02.04.2007 22:50 <DIR> PopCap
13.08.2007 21:27 <DIR> Skype
24.07.2007 10:29 <DIR> SPYBOT~1 Spybot - Search & Destroy
25.02.2007 18:54 <DIR> SRSLAB~1 SRS Labs
24.01.2007 11:52 <DIR> Symantec
18.09.2007 18:43 <DIR> TEMP
08.10.2007 01:01 <DIR> TICKFI~1 Tick Find Close Surf
12.06.2006 22:13 <DIR> Trymedia
24.01.2007 12:34 <DIR> TUNEUP~1 TuneUp Software
22.01.2007 18:57 <DIR> VIEWPO~1 Viewpoint
28.08.2006 10:18 <DIR> WINDOW~1 Windows Genuine Advantage
11.11.2006 12:49 <DIR> WINDOW~2 Windows Live Toolbar
05.08.2007 20:50 <DIR> Yahoo!
05.08.2007 22:58 <DIR> YAHOO!~1 Yahoo! Companion
21.03.2007 20:38 <DIR> {FBDA5~1 {FBDA53F5-763E-4114-A576-612E9769C133}
0 File(s) 0 bytes
30 Dir(s) 1.670.565.888 bytes free

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:46:45, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Valve\Steam\Steam.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\My Documents\Nekorišćene prečice radne površine\HiJackThis_v2.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [A!K Mouse Off-road] C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [grampop] C:\DOCUME~1\ADMINI~1\APPLIC~1\PLAN32~1\support blah.exe
O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
End of file - 12522 bytes

Pokreni HT, skeniraj i čekiraj sledeće linije:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O4 - HKCU\..\Run: [grampop] C:\DOCUME~1\ADMINI~1\APPLIC~1\PLAN32~1\support blah.exe

a zatim klikni na Fix Checked.

Imaj na umu da će TeaTimer možda da prijavi promenu u registru - dozvoli je.

Obriši sledeće foldere:

C:\Documents and Settings\Administrator\Application Data\Plan 32
C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf


Restartuj kompjuter.

Ponovo pokreni Deljob.exe i postavi njegov novi log kao i novi HT log.

File(s) moved to C:\deljob
B5F343C8965CF4A4.job
Files remaining after cleaning
1-Click Maintenance.job
AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
User_Feed_Synchronization-{3C48D21E-9B15-4A24-91B4-3371345A7063}.job
App data folders
Volume in drive C is System
Volume Serial Number is 0CBC-B418
Directory of C:\Documents and Settings\Administrator\Application Data
01.11.2007 01:19 <DIR> .
01.11.2007 01:19 <DIR> ..
21.03.2007 20:38 <DIR> 123FRE~1 123 Free Solitaire
31.12.2006 19:23 <DIR> ACDSYS~1 ACD Systems
13.01.2007 14:27 <DIR> Adobe
13.10.2007 18:09 <DIR> AdobeUM
03.08.2006 18:45 <DIR> Ahead
02.10.2007 11:49 <DIR> APPLEC~1 Apple Computer
07.02.2006 15:41 <DIR> ATI
22.08.2007 12:24 <DIR> BITDOW~1 BitDownload
18.02.2007 20:39 <DIR> BSplayer
21.09.2007 05:42 <DIR> BSPLAY~1 BSplayer Pro
19.06.2007 23:58 <DIR> BVSSOL~1 BVS Solitaire Collection
22.05.2006 00:26 <DIR> CYBERL~1 CyberLink
12.02.2007 12:00 <DIR> DATALA~1 Datalayer
16.06.2007 13:05 <DIR> DMCache
01.07.2007 20:06 <DIR> ESSENT~1 EssentialPIM
27.01.2007 23:54 <DIR> FREEDO~1 Free Download Manager
14.07.2006 19:32 <DIR> FUNKIT~1 funkitron
05.07.2006 21:03 <DIR> Goodsol
03.08.2007 21:02 <DIR> Google
10.08.2007 10:59 <DIR> GRETECH
15.08.2006 12:36 <DIR> Help
02.04.2007 23:00 <DIR> ICQTOO~1 ICQ Toolbar
01.04.2007 01:43 <DIR> ICQLite
18.11.2006 23:16 <DIR> IDENTI~1 Identities
05.05.2007 13:37 <DIR> IDM
15.08.2007 10:14 <DIR> INSTAL~1 InstallShield
23.06.2007 10:33 <DIR> INTERN~1 InternetCalls
21.07.2007 17:21 <DIR> Lavasoft
31.10.2007 21:58 <DIR> LimeWire
15.05.2006 17:33 <DIR> MACROM~1 Macromedia
02.08.2006 21:44 <DIR> MAHJON~1 MahJong Suite
28.05.2006 23:08 <DIR> MEDIAP~1 Media Player Classic
19.04.2007 01:41 <DIR> MICROS~1 Microsoft
17.12.2006 23:57 <DIR> Mozilla
11.11.2006 11:06 <DIR> MSNINS~1 MSNInstaller
24.04.2007 13:02 <DIR> MusicIP
23.08.2007 21:27 <DIR> MxBoost
24.07.2007 16:08 <DIR> Nokia
06.08.2007 00:46 <DIR> NOKIAM~1 Nokia Multimedia Player
07.03.2007 15:56 <DIR> Opera
01.11.2007 01:40 <DIR> Orbit
12.02.2007 11:59 <DIR> PCSUIT~1 PC Suite
15.10.2006 23:37 <DIR> PCTOOL~1 PC Tools
29.10.2006 02:39 <DIR> Real
01.11.2007 01:44 <DIR> Skype
09.08.2006 13:40 <DIR> SolSuite
18.02.2007 16:26 <DIR> SOUNDS~1 SoundSpectrum
01.11.2007 01:44 <DIR> stickies
18.07.2007 12:07 <DIR> SUMATR~1 SumatraPDF
21.07.2007 07:44 <DIR> Sun
07.02.2006 15:41 <DIR> Symantec
07.07.2006 18:11 <DIR> Systweak
24.01.2007 12:36 <DIR> TUNEUP~1 TuneUp Software
24.01.2007 09:42 <DIR> URSoft
13.02.2007 17:26 <DIR> Wildfire
07.08.2007 17:47 <DIR> Yahoo!
09.08.2006 14:15 <DIR> ZONORA~1 Zonora Technologies
0 File(s) 0 bytes
59 Dir(s) 1.664.458.752 bytes free
Volume in drive C is System
Volume Serial Number is 0CBC-B418
Directory of C:\Documents and Settings\All Users\Application Data
01.11.2007 01:37 <DIR> .
01.11.2007 01:37 <DIR> ..
07.02.2006 15:51 <DIR> ACDSYS~1 ACD Systems
07.02.2006 15:53 <DIR> Adobe
02.10.2007 11:12 <DIR> Apple
02.10.2007 11:48 <DIR> APPLEC~1 Apple Computer
07.02.2006 15:30 <DIR> CYBERL~1 CyberLink
11.11.2006 20:58 <DIR> Google
10.08.2007 11:01 <DIR> GRETECH
24.07.2007 10:11 <DIR> INSTAL~1 Installations
15.08.2007 10:14 <DIR> INSTAL~2 InstallShield
21.07.2007 17:38 <DIR> Lavasoft
22.04.2007 00:57 <DIR> MICROS~1 Microsoft
15.05.2006 16:12 <DIR> NVIEW_~1 nView_Profiles
09.03.2007 23:07 <DIR> PCSUIT~1 PC Suite
02.04.2007 22:50 <DIR> PopCap
13.08.2007 21:27 <DIR> Skype
24.07.2007 10:29 <DIR> SPYBOT~1 Spybot - Search & Destroy
25.02.2007 18:54 <DIR> SRSLAB~1 SRS Labs
24.01.2007 11:52 <DIR> Symantec
18.09.2007 18:43 <DIR> TEMP
12.06.2006 22:13 <DIR> Trymedia
24.01.2007 12:34 <DIR> TUNEUP~1 TuneUp Software
22.01.2007 18:57 <DIR> VIEWPO~1 Viewpoint
28.08.2006 10:18 <DIR> WINDOW~1 Windows Genuine Advantage
11.11.2006 12:49 <DIR> WINDOW~2 Windows Live Toolbar
05.08.2007 20:50 <DIR> Yahoo!
05.08.2007 22:58 <DIR> YAHOO!~1 Yahoo! Companion
21.03.2007 20:38 <DIR> {FBDA5~1 {FBDA53F5-763E-4114-A576-612E9769C133}
0 File(s) 0 bytes
29 Dir(s) 1.664.458.752 bytes free

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:50:03, on 1.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Administrator\My Documents\Nekorišćene prečice radne površine\HiJackThis_v2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [A!K Mouse Off-road] C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [grampop] C:\DOCUME~1\ADMINI~1\APPLIC~1\PLAN32~1\support blah.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
End of file - 12244 bytes

Zašto ovo izgleda kao da nisi sve odradio?


Skeniraj HT-om i čekiraj sledeće linije:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [grampop] C:\DOCUME~1\ADMINI~1\APPLIC~1\PLAN32~1\support blah.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Klikni na Fix Checked.


-----------------------------------------------------


Pronađi file C:\deljob\B5F343C8965CF4A4.job > desni klik na njega i Properties.
Pređi na Task tab i iskopiraj ovde ono što piše u Run polju.

----------------------------------------------------

Preuzmi ComboFix i sačuvaj ga na Desktop.
Pokreni ga i prati uputstva. Kada završi, otvoriće ti logfile - iskopiraj ga ovde.

one tri linije na HT-u sam 'fixirao'
ali nikako ne mogu da pokrenem Task na DelJob-u - javlja mi se greška 0x80070002: The system cannot find the file specified
isto tako ne mogu da kopiram Run polje, al mi na u tom polju piše
[ ...me~1\admin~1\applic~1\plan32\ ] - doslovno samo to ima u Run polju

sad moram da zatvorim sve da bih odradio ComboFix, čeka me na desktopu - pa me eto opet ovde, izvini ako sam ti malo dosadan
pozz

ComboFix 07-11-01.1 - Administrator 2007-11-01 16:00:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.153 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\drantispy
C:\Program Files\drantispy\Uninstall.exe
C:\WINDOWS\system32\linkprd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.

2007-11-01 15:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 22:03 <DIR> d-------- C:\deljob
2007-10-31 01:17 684,377 --a------ C:\WINDOWS\unins000.exe
2007-10-31 01:17 3,449 --a------ C:\WINDOWS\unins000.dat
2007-10-24 13:13 <DIR> d-------- C:\Program Files\SpeedKing
2007-10-24 13:09 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-13 18:09 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-13 18:09 37,027 --a------ C:\WINDOWS\atmoUn.exe
2007-10-11 19:52 <DIR> d-------- C:\Program Files\TryMedia
2007-10-08 01:00 <DIR> d-------- C:\Program Files\Plan 32
2007-10-02 11:48 <DIR> d-------- C:\Program Files\iTunes
2007-10-02 11:48 <DIR> d-------- C:\Program Files\iPod
2007-10-02 11:47 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-10-02 11:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-02 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 15:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-11-01 15:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2007-11-01 15:05 --------- d-----w C:\Program Files\SP2 Connection Patcher
2007-11-01 15:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\stickies
2007-10-31 20:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-30 23:44 3,056 ----a-w C:\Program Files\plugin-ignore.ini
2007-10-15 02:15 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-10-13 17:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-10-09 20:49 --------- d-----w C:\Program Files\Java
2007-10-07 15:20 --------- d-----w C:\Program Files\KraiSoft
2007-10-03 10:59 --------- d-----w C:\Program Files\Orbitdownloader
2007-10-02 10:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-10-02 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-30 23:26 --------- d-----w C:\Program Files\eMule
2007-09-30 13:55 --------- d-----w C:\Program Files\Maxthon
2007-09-30 09:48 --------- d-----w C:\Program Files\Maxthon2
2007-09-21 04:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
2007-09-20 09:22 --------- d-----w C:\Program Files\LimeWire Download Accelerator
2007-09-20 09:21 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-18 19:36 --------- d-----w C:\Program Files\Puzzle 48er
2007-09-18 17:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-18 14:38 --------- d-----w C:\Program Files\ICQLite
2007-09-18 09:57 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-09-02 20:39 249,856 ------w C:\WINDOWS\Setup1.exe
2007-08-16 18:57 67 ----a-w C:\Program Files\spellcheck.ini
2007-08-16 18:57 3,345 ----a-w C:\Program Files\OperaDef6.ini
2007-08-09 10:22 7,328 ----a-w C:\Program Files\License.rtf
2007-08-09 10:21 79,360 ----a-w C:\Program Files\Opera.exe
2007-08-09 10:21 34,816 ----a-w C:\Program Files\spellcheck.dll
2007-08-09 10:21 3,197,952 ----a-w C:\Program Files\Opera.dll
2007-08-09 10:21 25,600 ----a-w C:\Program Files\OUniAnsi.dll
2007-08-09 09:47 653,124 ----a-w C:\Program Files\chartables.bin
2007-08-09 09:47 218,821 ----a-w C:\Program Files\english.lng
2007-08-06 20:10 1,396,544 ----a-w C:\WINDOWS\FSX_Screensaver.scr
2007-03-29 14:55 7,065 ----a-w C:\Program Files\search.ini
2007-03-22 07:00 99,142 ----a-w C:\Program Files\dialog.ini
2006-11-11 11:44 16,332,072 ----a-w C:\Program Files\Install_Messenger_nous.exe
2006-11-11 02:40 5,332,992 ----a-w C:\Program Files\avg6410f.exe
2006-11-11 02:20 1,424,218 ----a-w C:\Program Files\nt3242ai.exe
2006-11-11 02:06 677,481 ----a-w C:\Program Files\ftpx1010.zip
2006-11-11 02:03 59,843 ----a-w C:\Program Files\magicm28.zip
2006-11-11 02:03 311,064 ----a-w C:\Program Files\sorpro2.zip
2006-10-03 09:19 2,099 ----a-w C:\Program Files\fastforward.ini
2006-06-27 13:10 3,888 ----a-w C:\Program Files\lngcode.txt
2006-05-19 14:44 1,363 ----a-w C:\Program Files\xmlentities.ini
2004-08-20 12:56 290 ----a-w C:\Program Files\c3nform.vxml
2004-02-26 11:35 7,904 ----a-w C:\Program Files\html40_entities.dtd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-02 15:35]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 22:28]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-06-23 10:22]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"A!K Mouse Off-road"="C:\Program Files\A!K Research Labs\Mouse Off-road\OffRoad.exe" [2006-11-05 12:28]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 14:17]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 15:59]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 11:43]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 12:51]
"Steam"="D:\Valve\Steam\Steam.exe" [2007-10-20 11:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 23:28:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-06-12 19:08:42]
TV Remote Control.lnk - C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe [2006-07-24 14:32:52]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S2 878TVCard;Bt878 TV Card - Video Capture;C:\WINDOWS\system32\drivers\Bt878.sys
S2 878TVTuner;Bt878 TV Card - TV Tuner;C:\WINDOWS\system32\drivers\BtTuner.sys
S2 878Xbar;Bt878 TV Card - Crossbar;C:\WINDOWS\system32\drivers\BtXbar.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 16:40:40 C:\WINDOWS\Tasks\1-Click Maintenance.job"
"2007-10-30 12:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-01 14:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-10-31 22:53:19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C48D21E-9B15-4A24-91B4-3371345A7063}.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 16:05:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-01 16:09:49 - machine was rebooted
.
--- E O F ---

Dr Borivoje izvini ali stvarno ne može da stane u jedan post

Ma ja sam se šalio...


Obriši: C:\Program Files\Plan 32


Preuzmi Gmer.

• Raspakuj arhivu u neki folder
• Dvoklikom pokreni gmer.exe
• Na Rootkit tabu, klikni na taster Scan
• Kada skeniranje bude gotovo, klikni na taster Save ... i sačuvaj log kao file1.txt
• Klikni na taster >>> kako bi omogućio pristup ostalim tab-ovima
• Na AutoStart tab-u, klikni na taster Scan
• Kada skeniranje bude gotovo, klikni na taster Copy (time ćeš log iskopirati u Clipboard)
• Otvori Notepad, nalepi kopirani log i sačuvaj ga kao file2.txt
• file1.txt i file2.txt priloži uz iduću poruku

Znači, koristi Sredite priloge.

predpostavljao sam da se šališ

izbrisao sam C:\Program Files\Plan 32

ih, pa ne mogu da skinem Gmer
kad sam prvi put probao pukao mi adsl i sad nikako da uspešno pristupim toj adresi

u Orbit-u mi piše ovo :

2007-11-01 23:12:14 Connecting www.gmer.net:80
2007-11-01 23:12:35 Connect failed! Socket Error=10060
2007-11-01 23:12:35 Wait for retry(5S)
2007-11-01 23:12:40 Connecting www.gmer.net:80
2007-11-01 23:13:01 Connect failed! Socket Error=10060
2007-11-01 23:13:01 Wait for retry(5S)
2007-11-01 23:13:06 Connecting www.gmer.net:80
2007-11-01 23:13:27 Connect failed! Socket Error=10060
2007-11-01 23:13:27 Try to find mirror sites
2007-11-01 23:13:32 Mirror sites not found
2007-11-01 23:13:32 Wait for retry(5S)
2007-11-01 23:13:37 Connecting www.gmer.net:80
2007-11-01 23:13:58 Connect failed! Socket Error=10060
2007-11-01 23:13:58 Wait for retry(5S)
2007-11-01 23:14:03 Connecting www.gmer.net:80
2007-11-01 23:14:24 Connect failed! Socket Error=10060
2007-11-01 23:14:24 Wait for retry(5S)
2007-11-01 23:14:29 Connecting www.gmer.net:80
2007-11-01 23:14:50 Connect failed! Socket Error=10060
2007-11-01 23:14:50 Wait for retry(5S)
2007-11-01 23:14:55 Connecting www.gmer.net:80
2007-11-01 23:15:16 Connect failed! Socket Error=10060
2007-11-01 23:15:16 Wait for retry(5S)
2007-11-01 23:15:21 Connecting www.gmer.net:80
2007-11-01 23:15:42 Connect failed! Socket Error=10060
2007-11-01 23:15:42 Wait for retry(5S)
2007-11-01 23:15:47 Connecting www.gmer.net:80
2007-11-01 23:16:08 Connect failed! Socket Error=10060
2007-11-01 23:16:08 Wait for retry(5S)
2007-11-01 23:16:13 Connecting www.gmer.net:80
2007-11-01 23:16:34 Connect failed! Socket Error=10060
2007-11-01 23:16:34 Wait for retry(5S)
2007-11-01 23:16:39 Connecting www.gmer.net:80
2007-11-01 23:17:00 Connect failed! Socket Error=10060
2007-11-01 23:17:00 Wait for retry(5S)
2007-11-01 23:17:05 Connecting www.gmer.net:80
2007-11-01 23:17:26 Connect failed! Socket Error=10060

itd ... itd ...

probao sam i sa Operom

i evo šta mi kaže :

Ваша претрага - http://www.gmer.net/gmer.zip - не одговара ниједном документу.

Предлози:
Проверите да ли су све речи правилно написане.
Покушајте са другим кључним речима.
Покушајте са уопштенијим кључним речима.