Problem sa Task Tenager...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:57 PM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\KuBaNaCc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\DOCUME~1\KuBaNaCc\LOCALS~1\Temp\systray.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft - {37566535-A634-5164-5467-5A56453BD4FA} - C:\WINDOWS\promo_freesoft.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [SoundMax] C:\Documents and Settings\KuBaNaCc\Local Settings\startup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Splash screen for Avast!] C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\KuBaNaCc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Update.lnk = C:\Program Files\Common Files\AdobeUpdate.exe
O4 - Global Startup: AdobeUpdate.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.69,85.255.112.167
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\17.04.2009\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe

--
End of file - 6621 bytes
*************************************************************
Znaci ne radi mi Task Menager tj. admin mi je zabranio da ga karistim,kao i Regedit u Runu.
Kako mogu da ga vratim???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Zašto nemaš instaliran antivirus?






Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 02 Maj 2009 14:44

Imam instaliran eset smart security 3.0.669.0.Malo pre sam ga instalirao...
Sada cu da skeniram ovo sa ComboFix pa cu da okacim ovde...

Dopuna: 02 Maj 2009 14:55

ComboFix 09-05-02.4 - KuBaNaCc 05/02/2009 14:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.178 [GMT 2:00]
Running from: c:\documents and settings\KuBaNaCc\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autoply.exe
C:\Autorun.inf
c:\program files\XPCode\Games.lnk
c:\program files\XPCode\SexGame.exe
c:\program files\XPCode\SexGameList.pif
c:\program files\XPCode\SexScreenSaver.scr
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
C:\resycled
c:\resycled\boot.com
c:\windows\system32\AVSredirect.dll
c:\windows\system32\drivers\msqpdxpibmrudo.sys
c:\windows\system32\drivers\msqpdxsyfwbxrm.sys
c:\windows\system32\msqpdxsbfoeppj.dll
D:\autoply.exe
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 11:16 . 2009-05-02 11:16 -------- d-----w c:\program files\Trend Micro
2009-05-01 11:46 . 2009-05-01 11:46 -------- d-----w c:\documents and settings\MIX\Local Settings\Application Data\Ahead
2009-05-01 09:56 . 2009-05-01 09:56 -------- d-----w c:\windows\Sun
2009-05-01 07:58 . 2009-05-01 07:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-01 07:57 . 2009-05-01 07:57 -------- d-----w c:\program files\Java
2009-04-30 18:51 . 2009-04-30 18:51 -------- d-----w c:\documents and settings\MIX\Application Data\BSplayer
2009-04-30 16:45 . 2008-05-18 23:29 155648 ----a-w c:\documents and settings\MIX\Application Data\usrinit.exe
2009-04-25 17:12 . 2009-05-02 12:48 -------- d-----w c:\program files\XPCode
2009-04-25 17:11 . 2008-05-18 23:29 155648 ----a-w c:\program files\Common Files\AdobeUpdate.exe
2009-04-25 17:11 . 2008-05-18 23:29 155648 ----a-w c:\documents and settings\KuBaNaCc\Application Data\usrinit.exe
2009-04-23 12:00 . 2008-12-16 11:12 40072 ----a-w c:\windows\system32\drivers\maploml.sys
2009-04-23 12:00 . 2008-12-16 11:13 38536 ----a-w c:\windows\system32\drivers\maplom.sys
2009-04-23 12:00 . 2009-04-23 12:00 -------- d-----w c:\program files\SlySoft
2009-04-23 09:01 . 2006-03-31 01:39 368640 ----a-w c:\windows\system32\ReWire.dll
2009-04-23 08:45 . 2004-08-18 03:14 442368 ----a-r c:\windows\system32\vp6vfw.dll
2009-04-22 10:02 . 2009-04-22 10:02 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-22 10:02 . 2009-04-22 10:02 -------- d-----w c:\program files\Google
2009-04-22 09:55 . 2009-04-22 09:56 -------- d-----w c:\windows\system32\NtmsData
2009-04-21 09:32 . 2009-04-21 09:32 -------- d-----w c:\documents and settings\All Users\Application Data\00037750
2009-04-20 14:53 . 2009-04-20 14:53 -------- d-----w c:\documents and settings\All Users\Application Data\94295776
2009-04-20 14:51 . 2009-04-20 14:53 -------- d-----w c:\documents and settings\All Users\Application Data\07428578
2009-04-18 13:57 . 2009-04-18 13:57 -------- d-----w c:\documents and settings\MIX\Application Data\Winamp
2009-04-17 17:53 . 2009-04-17 18:04 57833 ----a-w c:\windows\War3Unin.dat
2009-04-17 17:53 . 2009-04-17 17:59 2829 ----a-w c:\windows\War3Unin.pif
2009-04-17 17:53 . 2009-04-17 17:59 139264 ----a-w c:\windows\War3Unin.exe
2009-04-17 12:57 . 2009-04-17 12:57 -------- d-----w c:\program files\BS.Player ControlBar
2009-04-17 12:57 . 2009-04-17 12:57 -------- d-----w c:\documents and settings\KuBaNaCc\Application Data\BSplayer Pro
2009-04-17 12:57 . 2009-04-17 12:57 -------- d-----w c:\documents and settings\KuBaNaCc\Application Data\BSplayer
2009-04-17 12:57 . 2009-04-17 12:57 -------- d-----w c:\program files\Webteh
2009-04-17 12:49 . 2007-05-17 15:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-04-17 12:49 . 2004-02-22 08:11 719872 ----a-w c:\windows\system32\devil.dll
2009-04-17 12:49 . 2004-01-24 22:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-04-17 12:49 . 2009-04-17 12:49 -------- d-----w c:\program files\AviSynth 2.5
2009-04-17 11:51 . 2009-04-17 11:52 -------- d-----w c:\documents and settings\KuBaNaCc\Application Data\Any Video Converter
2009-04-17 11:44 . 2009-04-17 11:44 -------- d-----w c:\windows\Logs
2009-04-16 17:35 . 2001-08-23 12:00 15872 -c--a-w c:\windows\system32\dllcache\smierrsm.dll
2009-04-16 17:34 . 2001-08-23 12:00 10129408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll
2009-04-16 17:33 . 2003-03-24 14:52 16437 -c--a-w c:\windows\system32\dllcache\shtml.exe
2009-04-16 17:20 . 2001-08-23 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-04-16 17:20 . 2001-08-23 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-04-16 17:20 . 2001-08-23 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-04-16 17:20 . 2001-08-23 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-04-16 13:55 . 2009-04-17 11:46 -------- d-----w c:\documents and settings\KuBaNaCc\Application Data\Winamp
2009-04-16 13:46 . 2009-04-16 13:46 -------- d-----w c:\documents and settings\KuBaNaCc\Application Data\Ashampoo
2009-04-16 13:45 . 2009-04-16 13:45 -------- d-----w c:\documents and settings\KuBaNaCc\Local Settings\Application Data\ashampoo
2009-04-09 17:18 . 2009-04-09 17:18 -------- d-s---w c:\documents and settings\MIX\UserData
2009-04-05 21:29 . 2009-04-05 21:29 -------- d-----w c:\documents and settings\MIX\Application Data\Nero
2009-04-05 21:26 . 2009-04-05 21:26 -------- d-----w c:\documents and settings\MIX\Application Data\Notepad++
2009-04-04 16:00 . 2009-04-04 16:00 -------- d-----w c:\documents and settings\KuBaNaCc\Application Data\HighAndes
2009-04-04 16:00 . 2009-04-04 16:00 -------- d-----w c:\documents and settings\KuBaNaCc\Local Settings\Application Data\HighAndes
2009-04-04 16:00 . 2009-04-04 16:00 -------- d-----w c:\documents and settings\All Users\Application Data\HighAndes
2009-04-04 15:45 . 2009-04-04 15:45 -------- d-----w c:\program files\Framing Studio
2009-04-04 15:42 . 2009-05-01 08:06 -------- d-----w c:\program files\Cool YouTube Downloader
2009-04-02 18:06 . 2009-04-02 18:06 -------- d-----w c:\documents and settings\MIX\Local Settings\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 12:47 . 2008-08-18 10:57 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 12:13 . 2008-08-18 23:08 -------- d-----w c:\program files\ESET
2009-05-02 11:10 . 2009-01-01 17:29 -------- d-----w c:\program files\vanBasco's Karaoke Player
2009-05-02 10:41 . 2009-04-25 17:11 354 ----a-w c:\windows\Tasks\At4.job
2009-05-02 10:41 . 2009-04-25 17:11 354 ----a-w c:\windows\Tasks\At3.job
2009-05-02 10:41 . 2009-04-25 17:11 354 ----a-w c:\windows\Tasks\At2.job
2009-05-02 10:41 . 2009-04-25 17:11 354 ----a-w c:\windows\Tasks\At1.job
2009-05-02 10:06 . 2009-05-01 06:42 938 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1450960922-682003330-1003.job
2009-04-24 16:00 . 2009-03-07 22:57 414 ----a-w c:\windows\Tasks\Norton Security Scan for KuBaNaCc.job
2009-04-17 15:15 . 2008-08-18 23:17 354 ----a-w c:\windows\Tasks\1-Click Maintenance.job
2009-04-17 13:49 . 2008-08-24 17:32 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-17 13:48 . 2008-08-24 17:32 -------- d-----w c:\program files\ACD Systems
2009-04-17 12:50 . 2009-04-17 12:50 0 ----a-w c:\documents and settings\All Users\Application Data\xml5C.tmp
2009-04-17 12:50 . 2009-04-17 12:50 0 ----a-w c:\documents and settings\All Users\Application Data\xml5B.tmp
2009-04-17 12:50 . 2009-04-17 12:50 0 ----a-w c:\documents and settings\All Users\Application Data\xml5A.tmp
2009-04-17 12:50 . 2009-04-17 12:50 0 ----a-w c:\documents and settings\All Users\Application Data\xml59.tmp
2009-04-17 11:47 . 2008-11-02 17:59 -------- d-----w c:\program files\Winamp
2009-04-17 11:45 . 2009-04-17 11:45 0 ----a-w c:\documents and settings\All Users\Application Data\xml42.tmp
2009-04-17 11:45 . 2009-04-17 11:45 0 ----a-w c:\documents and settings\All Users\Application Data\xml41.tmp
2009-04-17 11:45 . 2009-04-17 11:45 0 ----a-w c:\documents and settings\All Users\Application Data\xml40.tmp
2009-04-17 11:45 . 2009-04-17 11:45 0 ----a-w c:\documents and settings\All Users\Application Data\xml3F.tmp
2009-04-17 11:42 . 2009-03-07 23:14 -------- d-----w c:\program files\Alwil Software
2009-04-16 17:32 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-16 17:31 . 2008-08-18 10:50 22780 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-16 13:57 . 2008-08-31 12:40 -------- d-----w c:\program files\AIMP2
2009-04-16 13:51 . 2008-08-18 10:58 589848 ----a-w c:\documents and settings\KuBaNaCc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 13:45 . 2009-04-16 13:42 -------- d-----w c:\program files\ALCATech
2009-04-09 18:09 . 2009-02-22 07:35 515304 ----a-w c:\documents and settings\MIX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 17:19 . 2008-10-31 15:36 -------- d-----w c:\program files\ACAD2000
2009-04-04 15:51 . 2008-08-18 18:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 15:50 . 2008-10-18 12:13 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-03-20 16:22 . 2009-02-15 09:36 2320640 ----a-w c:\windows\system32\TUKernel.exe
2009-03-07 23:25 . 2008-08-18 23:36 -------- d-----w c:\program files\DivX
2009-03-07 23:24 . 2009-03-07 23:24 -------- d-----w c:\program files\Yahoo!
2009-03-07 23:20 . 2009-03-07 23:20 -------- d-----w c:\program files\Sony Setup
2009-03-07 22:21 . 2009-03-07 22:21 -------- d-----w c:\program files\Water Clock 3D Screensaver
2009-03-07 16:45 . 2009-03-07 16:45 22 ----a-w c:\windows\system32\winStudio.bin
2009-02-20 17:19 . 2009-02-20 17:19 119 ----a-w C:\tw0001.dat
2009-02-15 13:20 . 2009-02-15 13:20 69632 ----a-w c:\windows\promo_freesoft.dll
2009-02-15 00:06 . 2008-08-18 23:06 250 ----a-w c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2009-01-20 12:19 . 2009-01-20 12:18 86929 ----a-w c:\program files\viewtopic.php.htm
2009-01-20 12:16 . 2009-01-20 12:16 34654 ----a-w c:\program files\umetnost_zavodjenja_n.php.htm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37566535-A634-5164-5467-5A56453BD4FA}]
2009-02-15 13:20 69632 ----a-w c:\windows\promo_freesoft.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-08-16 36352]
"Splash screen for Avast!"="c:\program files\Alwil Software\Avast4\ashAvast.exe" [2009-02-05 274640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-16 2672048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5793816]
"Google Update"="c:\documents and settings\KuBaNaCc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-01 210928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-01 148888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Update.lnk - c:\program files\Common Files\AdobeUpdate.exe [2009-4-25 155648]
AdobeUpdate.exe [2008-5-19 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Uniblue SpeedUpMyPC"=d:\programi\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"BitComet"="d:\programi\BitComet\BitComet.exe" /tray
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
"CubeDesktop"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"Device Detector"=DevDetect.exe -autorun
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"VTTimer"=VTTimer.exe
"SMSERIAL"=sm56hlpr.exe
"SoundMan"=SOUNDMAN.EXE
"VCDPlayer"=c:\progra~1\VIRTUA~1\System\VCDPlay.exe
"nod32kui"="c:\program files\Eset\nod32kui.exe" /WAITSERVICE
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Realtime Audio Engine"=mmrtkrnl.exe
"S3Trayp"=S3trayp.exe
"Ulead AutoDetector v2"=c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
"94295776"=c:\documents and settings\All Users\Application Data\94295776\94295776.exe
"{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}"=c:\documents and settings\All Users\Application Data\94295776\94295776.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Games\\New Folder\\LFS.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"d:\\new folderrr\\Counter Strike Reloaded\\hl.exe"=
"d:\\17.04.2009\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"d:\\17.04.2009\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Games\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\VisualTaskTips\\VisualTaskTips.exe"=
"c:\\Documents and Settings\\KuBaNaCc\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\DllHost.exe"=
"c:\\WINDOWS\\system32\\CF24515.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10096:TCP"= 10096:TCP:BitComet 10096 TCP
"10096:UDP"= 10096:UDP:BitComet 10096 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 abp470n5;abp470n5; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
R3 LUDrv32;LUDrv32; [x]
R3 s3chipid;s3chipid; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\17.04.2009\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 176312]
S1 vcdmpdrv;vcdmpdrv; [x]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
S2 MarxDev1;MarxDev1; [x]
S2 MarxDev2;MarxDev2; [x]
S2 MarxDev3;MarxDev3; [x]
S3 MaplomL;MaplomL; [x]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-02-07 806400]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdcb84d-6d20-11dd-a705-806d6172696f}]
\Shell\AutoPlay\Command - C:\autoply.exe OPEN
\Shell\AutoRun\command - C:\autoply.exe OPEN
\Shell\explore\Command - C:\autoply.exe EXPLORE
\Shell\open\Command - C:\autoply.exe OPEN

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdcb84e-6d20-11dd-a705-806d6172696f}]
\Shell\AutoPlay\Command - D:\autoply.exe OPEN
\Shell\AutoRun\command - D:\autoply.exe OPEN
\Shell\explore\Command - D:\autoply.exe EXPLORE
\Shell\open\Command - D:\autoply.exe OPEN
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- d:\programi\Tune Up 2008\OneClick.exe [2007-12-21 13:17]

2009-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1450960922-682003330-1003.job
- c:\documents and settings\KuBaNaCc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-01 06:42]

2009-02-15 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\programi\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-08-18 13:15]

2008-08-18 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\programi\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-08-18 13:15]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\KuBaNaCc\Application Data\Mozilla\Firefox\Profiles\t0av7i30.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\KuBaNaCc\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\documents and settings\KuBaNaCc\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\games\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-02 14:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1450960922-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{260F64D7-A108-FC8F-C66B-8A630F0D998B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"habagnnhlonmlkfe"=hex:61,61,00,7c
"jabagnnhlonmlkfegbfc"=hex:63,61,6d,6f,63,6d,00,7c
"pajalkafjibaikcambdhkcpdkdaalkmn"=hex:64,61,61,68,6f,6b,64,69,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2e,75,c4,11,8d,9b,a7,c8,66,54,db,12,44,c7,92,20,69,b2,2f,0a,61,
b5,45,46,6f,85,4e,59,e8,16,49,b5,b2,c8,44,78,88,29,dd,b5,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{abd717d8-676c-4d1c-84ce-061db1b27984}]
@Denied: (Full) (Everyone)
"Model"=dword:00000130
"Therad"=dword:00000013
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,b8,1c,f9,99,66,fb,ca,ad,59,8c,4d,96,a3,25,\
.
Completion time: 2009-05-02 14:52
ComboFix-quarantined-files.txt 2009-05-02 12:51

Pre-Run: 4,273,979,392 bytes free
Post-Run: 10,289,790,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /tutag=wow986 /kernel=tukernel.exe

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
323 --- E O F --- 2009-01-05 23:14
*****************************************************************
To je to....

Dopuna: 02 Maj 2009 15:51

Sada mi je komp poceo da koci i blokira,a izasao je i "plavi ekran"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E, ovako... Kompjuter ti je pun malware-a.

Jedna od infekcija je Win32.Sality virus. Verovatnoća da ovo može da se reši bez formatiranja diska je zanemarljivo mala (još nisam video da je to neko doista i uspeo da odradi iz aktivnog Windowsa).

Jedino što mogu da preporučim jeste formatiranje diska (svih particija na HDD-u, takođe i flash drive-ova).


Druga mogućnost bi bila prebacivanje tvog hard diska u drugi kompjuter i skeniranje. No, veoma je upitno da li bi taj Windows nakon toga bio funkcionalan.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Videcu,pitanje je da li mogu da formatiram hard,nesto ece ne secam se sta pise.Videcu da li mogu da ga formatiram,ako ne mogu skeniracu ga i uraditi nov Windows.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada pokreneš instalaciju Windowsa za CD-a, onda ne bi smelo biti problema oko formatiranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 02 Maj 2009 18:12

Da,naravno...

Dopuna: 03 Maj 2009 14:34

Instalirao sam novi Windows,ali se sada na Boot Loaderu imam tri ocije:
Windows
Windows recovery i
jos jedan Windows.
Sta bi je trebalo da uradim da mi ostane samo jedan,ovaj koji koristim?
Stari Windows mi je bio u C:/ ,a sada sam ga slucajno instalirao u D:/ .

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši foldere:

c:\cmdcons
c:\Windows

Start > Run i ukucaj:

msconfig

Na BOOT.INI tabu klikni Check All Boot Paths.
Windows bi trebao da ti prijavi dve nefunkcionalne stavke. Dozvoli mu da ih ukloni (klikom na Yes).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala...