Connection problemi

**rocker9455** · #1 5. studeni 2008, 12:37

Bok,
rečeno mi je da se napisati kidnapovati by this logfile od serverguy ovaj post:
http://www.computer-juice.com/forums...998/ # post90830

Evo ga:
Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 19:36:22, dana 05/11/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Unable to get Internet Explorer verzija!
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ PeerGuardian2 \ pg2.exe
C: \ Program Files \ POP zavirivalo \ POPPeeper.exe
C: \ Program Files \ uTorrent \ utorrent.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Program Files \ filehippo.com \ UpdateChecker.exe
C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ CalcFire \ CalcFire.exe
C: \ Program Files \ FreshIP \ FreshIP.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: "klikni za poziv" BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-in SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" / skrivanje / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Program Files \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP zavirivalo] "C: \ Program Files \ POP zavirivalo \ POPPeeper.exe" min -
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" / background
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Program Files \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Program Files \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Ograničenja prisutan
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Ograničenja prisutan
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O13 - DefaultPrefix:
O13 - WWW Prefiks:
O13 - Home Prefiks:
O13 - Mozaik Prefiks:
O13 - FTP Prefiks:
O13 - smolastoga Prefiks:
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5869 bytes

**evilfantasy** · #2 5. studenog 2008, 15:27

Preuzimanje Malwarebytes' Anti-zaštita od zlonamjernih programa (MBAM)

Dvokliknite mbam-setup.exe i slijedite upute za instaliranje programa.
Na kraju, svakako jedan je postavljena kvačica pored sljedeće:
- Update Malwarebytes' Anti-zaštita od zlonamjernih programa
- Launch Malwarebytes' Anti-zaštita od zlonamjernih programa
Zatim kliknite na Završi.
Ako se ažuriranje je pronađen, on će preuzeti i instalirati najnoviju verziju.
Nakon što program učita, odaberite Obavi brzo pretraživanje, A zatim kliknite Scan.
Kada se skeniranje završi, kliknite na U redu, Zatim Prikaži rezultate za prikaz rezultata.
Budite sigurni da je sve provjeriti, a zatim kliknite Ukloni odabrano.
Kad je završio dezinfekcija, a zapisnik će se otvoriti u Notepad i vi svibanj biti zatraženo da Restart. (Vidi Extra bilješka)
U zapisnik se automatski sprema po MBAM i mogu biti pregledani klikom na tab Evidencije u MBAM.
Kopirajte i zalijepite cijeli izvještaj u vašem sljedeći odgovor.

Extra Napomena: Ako MBAM susrete datoteku koja je teško ukloniti, bit će predstavljen sa 1 of 2 upitom, kliknite U redu da biste bilo i nek MBAM nastaviti s procesom dezinfekcije, ako je zatraženo da ponovo pokrenete računalo, učinite to odmah.

**rocker9455** · #3 6. studeni 2008, 01:01

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,30
Database Version: 1368
5/1/2600 Windows Service Pack 2

06/11/2008 07:44:27
mbam-log-2008-11-06 (07-44-27). txt

Scan type: Quick Scan
Objekti skenirane: 43086
Proteklo vrijeme: 3 minute (s), 25 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 0
Registry Values zaraženih: 0
Registry Data Items zaraženih: 3
Mape zaraženih: 0
Zaraženih datoteka: 1

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> karanteni i uspješno izbrisan.

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
C: \ WINDOWS \ run32.sys (Trojan.Agent) -> karanteni i uspješno izbrisan.

**evilfantasy** · #4 6. studeni 2008, 09:35

Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.

Link # 1
Link # 2

** Napomena: Važno je da se sprema izravno na svoj Desktop

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix.

Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite combofix.exe i slijedite upute.

Za instalaciju sustava Windows XP Recovery Console:

- Ako koristite sustav Windows XP i već nemate instaliranu konzolu za oporavak, provjerite Vašu internetsku vezu je aktivna (ako je moguće) i kliknite na Da.
- Ako za neki razlog Internet nije rad klik Ne.
-- Ako ne koristite Windows XP, nećete biti upozoreni.
- Kada se od vas zatraži da prihvatite LUKK-klikni U redu.
- Prihvatiti Microsoft EULA (Klikni Da).
- Kada su rekli da RC je ispravno instaliran kliknite DA da nastavi skeniranje za štetne sadržaje.

Kada završite ComboFix će proizvesti prijava za vas.
Objaviti ComboFix log i novu HijackThis log u sljedećem odgovoru.

Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

**rocker9455** · #5 6. studeni 2008, 10:56

ComboFix 08-11-05.02 - Administrator 2008-11-06 17:52:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 0:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008/10/06 da 2008/11/06 ))))))))))) ))))))))))))))))))))
.

2008-11-06 07:59. 2008-11-06 07:59 236 - a ------ C: \ sqmdata02.sqm
2008-11-06 07:59. 2008-11-06 07:59 200 - a ------ C: \ sqmnoopt02.sqm
2008-11-06 07:39. 2008-11-06 07:39 236 - a ------ C: \ sqmdata01.sqm
2008-11-06 07:39. 2008-11-06 07:39 200 - a ------ C: \ sqmnoopt01.sqm
2008-11-05 22:36. 2008-11-05 22:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-10-22 16:10 38.496 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys
2008-11-05 22:35. 2008-10-22 16:10 15.504 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys
2008-11-05 19:35. 2008-11-05 19:35 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Program Files \ Cabos
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Shared
2008-11-04 22:07. 2008-11-04 22:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Cabos
2008-11-04 17:50. 2008-11-04 17:50 <DIR> d -------- C: \ CloneDVDTemp
2008-11-04 17:49. 2008-11-04 17:49 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Razraditi Bytes
2008-11-04 17:37. 2008-11-04 17:37 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SlySoft
2008-11-04 17:33. 2008-11-04 17:33 <DIR> d -------- C: \ Program Files \ Razraditi Bytes
2008-11-04 17:31. 2008-11-04 17:31 <DIR> d -------- C: \ Program Files \ SlySoft
2008-11-03 17:05. 2008-11-03 17:05 2.560 - a ------ C: \ Windows \ _MSRSTRT.EXE
2008-11-03 17:05. 2008-11-03 17:05 236 - a ------ C: \ sqmdata00.sqm
2008-11-03 17:05. 2008-11-03 17:05 200 - a ------ C: \ sqmnoopt00.sqm
2008-11-03 17:04. 2008-11-03 17:05 <DIR> d -------- C: \ Program Files \ Your Uninstaller 2008
2008-11-03 17:04. 2008-11-03 17:05 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ Temp
2008-11-03 17:04. 2008-11-03 17:04 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ URSoft
2008-11-03 17:01. 2008-11-03 17:09 158 - a ------ C: \ Windows \ nurtab.bat
2008-11-03 07:53. 2008-11-03 07:53 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ ImgBurn
2008-11-03 07:50. 2008-11-03 07:50 0 --------- C: \ Windows \ WB.ini
2008-11-02 13:19. 2008-11-02 13:36 64 - a ------ C: \ Windows \ prio.ini
2008-11-01 22:23. 2008-11-01 22:23 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ VLC
2008-11-01 18:49. 2008-11-01 18:49 410.976 - a ------ C: \ Windows \ system32 \ deploytk.dll
2008-11-01 11:04. 2008-11-06 07:46 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Odličja
2008-11-01 11:00. 2008-11-01 11:03 <DIR> d -------- C: \ Program Files \ Mozilla Firefox 3,1 Beta 1
2008-11-01 10:59. 2008-11-01 10:59 <DIR> d -------- C: \ Program Files \ Microsoft
2008-11-01 10:57. 2008-11-01 10:58 <DIR> d -------- C: \ Program Files \ Windows Live
2008-11-01 10:54. 2008-11-01 10:54 <DIR> d -------- C: \ Program Files \ filehippo.com
2008-11-01 10:51. 2008-11-01 10:51 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live
2008-10-31 13:40. 2008-11-04 21:34 <DIR> d -------- C: \ Program Files \ DupeEliminator
2008-10-31 10:32. 2008-10-31 10:32 <DIR> d -------- C: \ Program Files \ Foxit Software
2008-10-30 23:21. 2008-10-30 23:21 <DIR> d -------- C: \ Windows \ nedjelja
2008-10-30 22:55. 2008-10-30 23:00 <DIR> d -------- C: \ Program Files \ Free Music Zilla
2008-10-30 22:55. 2008-10-30 22:59 <DIR> d -------- C: \ downloads
2008-10-30 22:55. 2008-10-30 22:55 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ FMZilla
2008-10-30 22:38. 2008-10-31 22:55 <DIR> d -------- C: \ DVDVideoSoft
2008-10-30 21:03. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Belkin
2008-10-30 21:03. 2005-10-03 09:49 204.800 - a ------ C: \ Windows \ system32 \ UploadDLL.dll
2008-10-30 21:03. 2005-11-20 04:31 192.512 - a ------ C: \ Windows \ system32 \ blkwcd.dll
2008-10-30 21:03. 2005-10-03 09:50 167.936 - a ------ C: \ Windows \ system32 \ BelkinwcuiDLL.dll
2008-10-30 21:03. 2005-10-03 09:50 101.888 - a ------ C: \ Windows \ system32 \ CrashRpt.dll
2008-10-30 21:03. 2005-10-03 09:49 81.920 - a ------ C: \ Windows \ system32 \ brdcm2k.dll
2008-10-30 21:03. 2005-10-03 09:49 61.440 - a ------ C: \ Windows \ system32 \ BelkinHWStatus.dll
2008-10-30 21:03. 2004-10-29 12:09 53.248 - a ------ C: \ Windows \ system32 \ preflib.dll
2008-10-30 20:23. 2008-10-30 20:23 20.747 - a ------ C: \ Windows \ System32 \ Drivers \ AegisP.sys
2008-10-30 20:23. 2003-07-24 12:10 17.149 - a ------ C: \ Windows \ system32 \ DNINDIS5.SYS
2008-10-30 20:21. 2008-10-30 20:21 <DIR> d -------- C: \ Program Files \ DVDVideoSoft
2008-10-30 20:21. 2008-10-30 20:22 <DIR> d -------- C: \ Program Files \ Common Files \ DVDVideoSoft
2008-10-30 20:21. 2002-01-05 14:37 344.064 - a ------ C: \ Windows \ system32 \ msvcr70.dll
2008-10-30 11:23. 2008-10-30 11:23 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2008-10-30 09:53. 2008-11-02 16:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ VSO
2008-10-30 09:53. 2008-10-30 09:53 47.360 - a ------ C: \ Windows \ System32 \ Drivers \ pcouffin.sys
2008-10-30 09:53. 2008-10-30 09:53 47.360 - a ------ C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
2008-10-30 09:52. 2008-10-30 09:52 <DIR> d -------- C: \ Program Files \ VSO
2008-10-30 09:52. 2004-05-04 12:53 1.645.320 - a ------ C: \ Windows \ gdiplus.dll
2008-10-30 09:52. 2006-05-20 17:16 1.184.984 - a ------ C: \ Windows \ system32 \ wvc1dmod.dll
2008-10-30 09:52. 2006-05-11 20:21 626.688 - a ------ C: \ Windows \ system32 \ vp7vfw.dll
2008-10-30 09:52. 2006-09-29 13:24 217.127 - a ------ C: \ Windows \ system32 \ drv43260.dll
2008-10-30 09:52. 2006-09-29 13:25 208.935 - a ------ C: \ Windows \ system32 \ drv33260.dll
2008-10-30 09:52. 2006-09-29 13:26 176.165 - a ------ C: \ Windows \ system32 \ drv23260.dll
2008-10-30 09:52. 2007-03-18 21:37 65.602 - a ------ C: \ Windows \ system32 \ cook3260.dll
2008-10-29 14:11. 2008-10-29 15:48 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ dvdcss
2008-10-29 13:17. 2008-10-29 13:17 376 - a ------ C: \ Windows \ ODBC.INI
2008-10-29 13:16. 2003-06-18 17:31 17.920 - a ------ C: \ Windows \ system32 \ mdimon.dll
2008-10-29 13:13. 2008-10-29 13:13 <DIR> d -------- C: \ Program Files \ Microsoft ActiveSync
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Windows \ SHELLNEW
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Program Files \ Microsoft.NET
2008-10-29 13:08. 2008-10-29 13:08 <DIR> dr.-h ----- C: \ MSOCache
2008-10-29 11:53. 2008-10-29 11:53 12.670 - a ------ C: \ Windows \ system32 \ LexFiles.ulf
2008-10-29 11:52. 2008-10-30 09:38 <DIR> d -------- C: \ temp \ (9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15)
2008-10-29 11:52. 2008-10-29 11:53 <DIR> d -------- C: \ Program Files \ Lexmark 730 Series
2008-10-29 11:17. 2008-10-31 13:03 <DIR> d -------- C: \ Program Files \ ručna kočnica
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ FreshIP
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ izbacivač
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ CalcFire
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Windows \ SIS
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ sisagp
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ VGA SIS Utilities V3.81
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d - h ----- C: \ Program Files \ InstallShield Installation Information
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Common Files \ InstallShield
2008-10-29 09:26. 2007-06-25 16:45 262.144 - a ------ C: \ Windows \ system32 \ sistray.exe
2008-10-29 09:26. 2006-04-12 19:35 208.896 - a ------ C: \ Windows \ Progress.exe
2008-10-29 09:26. 2007-06-25 16:44 135.168 --------- C: \ Windows \ system32 \ SiSApCom.dll
2008-10-29 09:26. 2007-06-25 16:46 110.592 --------- C: \ Windows \ system32 \ TVMode.dll
2008-10-29 09:26. 2007-06-29 21:04 92.761 - a ------ C: \ Windows \ VGAsetup.ini
2008-10-29 09:26. 2008-10-29 09:26 78.664 - a ------ C: \ Windows \ system32 \ VGAunistlog.ini
2008-10-29 09:26. 2007-06-25 16:46 65.536 --------- C: \ Windows \ system32 \ SiSHook.dll
2008-10-29 09:25. 2007-06-25 16:46 9.728 - a ------ C: \ Windows \ system32 \ SiSPIns2.dll
2008-10-28 20:06. 2004-08-03 22:58 5.504 - a ------ C: \ Windows \ System32 \ Drivers \ MSTEE.sys
2008-10-28 20:05. 2004-08-03 23:10 85.376 - a ------ C: \ Windows \ System32 \ Drivers \ NABTSFEC.sys
2008-10-28 20:05. 2004-08-03 23:10 19.328 - a ------ C: \ Windows \ System32 \ Drivers \ WSTCODEC.SYS
2008-10-28 20:05. 2004-08-03 23:10 17.024 - a ------ C: \ Windows \ System32 \ Drivers \ CCDECODE.sys
2008-10-28 20:05. 2004-08-04 00:56 16.384 - a ------ C: \ Windows \ system32 \ ipsink.ax
2008-10-28 20:05. 2004-08-03 23:10 15.360 - a ------ C: \ Windows \ System32 \ Drivers \ StreamIP.sys
2008-10-28 20:05. 2004-08-03 23:10 11.136 - a ------ C: \ Windows \ System32 \ Drivers \ SLIP.sys
2008-10-28 20:05. 2004-08-03 23:10 10.880 - a ------ C: \ Windows \ System32 \ Drivers \ NdisIP.sys
2008-10-28 19:49. 2008-10-28 19:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-28 19:49. 1998-01-23 12:22 304.128 - a ------ C: \ Windows \ IsUninst.exe
2008-10-28 19:49. 2002-08-20 14:58 139.264 - a ------ C: \ Windows \ system32 \ IDEproperty.dll
2008-10-28 19:49. 2002-10-17 15:14 49.024 - a ------ C: \ Windows \ System32 \ Drivers \ sisidex.sys
2008-10-28 19:49. 2002-08-20 17:19 9.472 - a ------ C: \ Windows \ System32 \ Drivers \ sisperf.sys
2008-10-28 19:49. 2003-03-25 17:50 4.096 - a ------ C: \ Windows \ System32 \ Drivers \ siside.sys
2008-10-28 18:36. 2008-10-28 18:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Media Player Classic
2008-10-28 18:19. 2008-10-28 18:49 <DIR> d -------- C: \ Windows \ system32 \ Adobe
2008-10-28 18:19. 2008-08-06 15:27 499.712 - a ------ C: \ Windows \ system32 \ msvcp71.dll
2008-10-28 18:10. 2008-10-28 18:10 822 - a ------ C: \ Windows \ langorig.ini
2008-10-28 17:58. 2008-03-03 14:25 5.702 - ah ----- C: \ Windows \ nod32restoretemdono.reg
2008-10-28 17:58. 2008-03-03 18:21 568 - ah ----- C: \ Windows \ nod32fixtemdono.reg
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Program Files \ ESET
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ ESET
2008-10-28 17:49. 2008-10-28 17:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Kontakti
2008-10-28 17:07. 2008-10-28 17:07 <DIR> d -------- C: \ Program Files \ POP zavirivalo
2008-10-28 17:07. 2008-11-04 20:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ POP zavirivalo
2008-10-28 17:02. 2008-10-28 17:02 <DIR> d -------- C: \ Documents and Settings \ Administrator \ dwhelper
2008-10-28 17:01. 2008-10-28 17:01 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-10-28 17:01. 2008-04-17 13:12 107.368 - a ------ C: \ Windows \ system32 \ GEARAspi.dll
2008-10-28 17:01. 2008-04-17 13:12 15.464 - a ------ C: \ Windows \ System32 \ Drivers \ GEARAspiWDM.sys
2008-10-28 17:00. 2008-10-28 17:00 <DIR> d -------- C: \ Program Files \ QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 15:52 --------- d ----- wc: \ Program Files \ Opera
2008-10-23 15:07 99.904 AW ---- C: \ Windows \ System32 \ Drivers \ AnyDVD.sys
2008-09-09 00:03 51.712 ---- AW c: \ windows \ system32 \ sirenacm.dll
2008-08-29 10:18 87.336 ---- AW c: \ windows \ system32 \ DNS-sd.exe
2008-08-29 09:53 61.440 ---- AW c: \ windows \ system32 \ dnssd.dll
2007-07-31 12:00 34.048 ar ---- C: \ Program Files \ Mozilla Firefox \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ar ---- C: \ Program Files \ Mozilla Firefox \ plugins \ upd62int.dll
2007-07-31 12:00 34.048 ar ---- C: \ Program Files \ opera \ program \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ar ---- C: \ Program Files \ opera \ program \ plugins \ upd62int.dll
.

------- ------- Sigcheck

2007-07-31 12:00 360576 c7be59b07c6eb74bea6fd67c1b164015 c: \ windows \ system32 \ drivers \ Tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"PeerGuardian" = "C: \ Program Files \ PeerGuardian2 \ pg2.exe" [2007-01-30 1432064]
"POP zavirivalo" = "C: \ Program Files \ POP zavirivalo \ POPPeeper.exe" [2008-07-18 1437696]
"μTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"uTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2008-09-09 3513344]
"Google Update" = "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" [2008-11-01 133104]
"filehippo.com" = "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" [2008-10-22 147968]
"AnyDVD" = "C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe" [2008-11-04 2259904]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"egui" = "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2008-11-01 136600]
"SiSPower" = "SiSPower.dll" [2007/06/25 c: \ windows \ system32 \ SiSPower.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"nltide_2" = "shell32" [X]
"nltide_3" = "advpack.dll" [2007/07/31 c: \ windows \ system32 \ advpack.dll]

C: \ Documents and Settings \ Administrator \ Start Menu \ Programs \ Startup \
CalcFire.lnk - C: \ Program Files \ CalcFire \ CalcFire.exe [2008-09-04 283529]
FreshIP.lnk - C: \ Program Files \ FreshIP \ FreshIP.exe [2008-09-15 232891]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Komunalne Tray.lnk - c: \ windows \ system32 \ sistray.exe [2008-10-29 262144]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"MemCheckBoxInRunDlg" = 1 (0x1)
"StartMenuFavorites" = 0 (0x0)
"Start_ShowMyComputer" = 1 (0x1)
"Start_ShowMyDocs" = 1 (0x1)
"Start_ShowMyMusic" = 0 (0x0)
"Start_ShowRun" = 1 (0x1)
"Start_ShowSearch" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ sad rentversion \ Policies \ Explorer]
"NoInternetIcon" = 1 (0x1)
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \ WBSrv]
2008-09-16 08:44 174328 C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar]
"UpdatesDisableNotify" = dword: 00000001
"AntiVirusDisableNotify" = dword: 00000001
"AntiVirusOverride" = dword: 00000001
"FirewallOverride" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" =
"c: \ \ Program Files \ \ Free Music Zilla \ \ FMZilla.exe" =
"c: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"c: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ java.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R1 epfwtdir; epfwtdir; c: \ Windows \ System32 \ Drivers \ epfw tdir.sys [2008-02-20 33800]
R1 lusbaudio; Logitech USB mikrofon; c: \ windows \ system32 \ drivers \ OVSound2.sy s [2001-08-17 25216]
R2 JavaQuickStarterService; Java Quick Početničko; C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe [2008-11-01 152984]
R3 QCEmerald; Logitech QuickCam Web, c: \ Windows \ System32 \ Drivers \ OVCE.sys [2001-08-17 31872]
S2 NOD32FiXTemDono; Eset NOD32 Boot, c: \ windows \ system32 \ Regedt32.exe [2007-07-31 3584]
S3 DNINDIS5; DNINDIS5 NDIS Driver Protocol; c: \ programa ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SY S [2003-07-24 17149]

NETSVCS zahteva Popravci - tekuće stavke prikazane
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
MRS
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Raspored
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Teme
TrkWks
W32Time
WZCSVC
WMI
WmdmPmSp
winmgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs

* Nedavno Created Service * - CATCHME
* Nedavno Created Service * - PROCEXP90
.
Sadržaj je 'Scheduled Tasks' folder

2008/11/03 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 12:34]

2008/11/06 C: \ Windows \ Tasks \ GoogleUpdateTaskUser.job
- C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe [2008-11-01 10:54]
.
.
------- Supplementary Scan -------
.
FireFox -: Profil - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ p2eog6ij.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.google.com/
FF -: plugin - C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ 1.2.131.25 \ npGoogleOneClick6.dl l
FF -: plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ preglednik \ plugins \ nppl3260.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ preglednik \ plugins \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-11-06 17:53:46
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
Completion time: 2008-11-06 17:55:07
ComboFix-u karanteni-files.txt 2008-11-06 17:54:43
ComboFix2.txt 2008-11-06 17:44:22

Pre-Run: 71168983040 bytes free
Post-Run: 71160324096 bytes free

306

**rocker9455** · #6 6. studeni 2008, 10:56

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 17:56:55, dana 06/11/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Unable to get Internet Explorer verzija!
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ POP zavirivalo \ POPPeeper.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Program Files \ filehippo.com \ UpdateChecker.exe
C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ iTunes \ iTunes.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: "klikni za poziv" BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-in SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" / skrivanje / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Program Files \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP zavirivalo] "C: \ Program Files \ POP zavirivalo \ POPPeeper.exe" min -
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" / background
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Program Files \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Program Files \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Ograničenja prisutan
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefiks:
O13 - Home Prefiks:
O13 - Mozaik Prefiks:
O13 - FTP Prefiks:
O13 - smolastoga Prefiks:
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Indeksiranje Service (CiSvc) - Unknown vlasnika - C: \ WINDOWS \ system32 \ cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5724 bytes

**evilfantasy** · #7 6. studeni 2008, 11:30

Otvori HijackThis i odaberite Da li je sustav skenirati samo.

Stavite oznaku uz sljedeće stavke: (ako postoji)

O13 - DefaultPrefix:
O13 - WWW Prefiks:
O13 - Home Prefiks:
O13 - Mozaik Prefiks:
O13 - FTP Prefiks:
O13 - smolastoga Prefiks:

Važno: Zatvori sve prozore osim HijackThis, a zatim kliknite Fix checked.

Izlaz HijackThis.

----------

Preuzimanje CCleaner Slim i spremite je na svoj Desktop .- Alternate download link
Kada je datoteka spremljena, odite na svoj Desktop i dvostrukim klikom na ccsetupxxx_slim.exe
Slijedite upute za instaliranje programa.
Dvaput kliknite na CCleaner prečac na radnoj površini da biste pokrenuli program.

Kliknite na Opcije blok na lijevom, a zatim odaberite Cookies.
Pod Brisanje kolačića, Označite bilo koji cookies želite zadržati trajno

Kliknite strelicu desno > da ih premjestite na Cookieji zadržati prozor.

Idite u Opcije > Advanced Unprovjera Samo izbrišite datoteke i mape u sustavu Windows Temp stariji od 48 sata

Kliknite Čistija zatim na lijevoj strani Trčanje za čistiju na desnoj strani za pokretanje programa.

Važno: Uvjerite se da ALL prozore preglednika prije nego što su zatvorene odabirom Trčanje za čistiju

Oprez: Koristiti samo Registry osobina ako ste upoznati s vrlo registar.
Uvijek kopiju Vašeg registry prije donošenje bilo kakve izmjene.
Izlaz CCleaner nakon što je završio to je proces.

----------

Preuzimanje SUPERAntiSpyware.exe

Alternate download link 1
Alternate download link 2

Dvaput pritisnite ikonu na radnoj površini da biste pokrenuli instalacijski program.
Upitan da Ažurirati program definicije, kliknite Da
Ako naiđete na bilo kakve probleme tijekom preuzimanja ažuriranja, ručno preuzeti i otvoriti rajsfešlus ih iz ovdje
Kliknite na Next Preferences gumb.

Pod Start-up Opcije poništite sljedeće:

Započni SUPERAntiSpyware prilikom pokretanja sustava Windows

Pokazati SUPERAntiSpyware ikonu u programskoj traci

Show uprskati zaslon na pokretanju

Kliknite Skeniranje Control tab.
Pod Scanner Opcije Pobrinite se samo sljedeće se provjeravaju:

Zatvori preglednici prije skeniranja

Scan for tracking cookies

Raskinuti memorije prijetnje prije quarantining

Alternate Scan podataka žanrovi

Molimo ostavite drugima neprovjeren.

Kliknite Zatvoriti gumb za izlaz iz kontrolnog centra ekrana.

Na glavnom ekranu kliknite Skenirajte svoje računalo

Na lijevoj označite okvir za pogon ste skeniranja.

Na pravo odabrati Obavi Cijela Scan

Kliknite Dalje da biste započeli pretraživanje. Budite strpljivi dok skenira vaše računalo.

Nakon skeniranja je kompletan rezime pojavit će se okvir. Kliknite U redu

Provjerite je li sve u bijeloj kutiji ima check pored nje, a zatim kliknite Dalje

Ona će se što je pronađena u karantenu, a ako ga pita ako želite ponovno podizanje sustava, kliknite Da

Da biste preuzeli uklanjanje informacija molimo učinite slijedeće:

Nakon što ponovno podizanje sustava, dvokliknite SUPERAntiSpyware ikone na radnoj površini.

Kliknite Preferences. Kliknite Statistika / Evidencije tab.

Pod Scanner Evidencije, dvokliknite SUPERAntiSpyware Scan Log.

To će otvoriti u zadani tekst editor (Notepad preporučamo).

Spremite notepad datoteku na radnu površinu tako da kliknete (u Notepad) Datoteka > Save As...

Spremi zapisničku negdje možete lako pronaći. (normalno desktop)
Kliknite bliska i opet zatvori za izlaz iz programa.
Copy i Paste se prijaviti u vaš post.