Smit Fraud problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imam smit fraud od skora i skenirao sam komp Smithfraud programom, ali nista. Ako moze pomoc.
Evo loga:

Logfile of HijackThis v1.99.1
Scan saved at 21:18:24, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ILIJA\Desktop\Nova fascikla\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsu7.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: XTN Monitor - {D7A1D78A-8423-4660-AE43-01F15E11AD7E} - C:\WINDOWS\dnqdlpmmwv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: The epxonwo - {BFAA078B-58E2-4E6C-BD54-BA2A5C6DA153} - C:\WINDOWS\epxonwo.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Messenger] C:\Program Files\Messenger\msmsgs.exe
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: asvdnmo - {4E3D5AC0-7CCC-4270-BE26-ED297AEC0382} - C:\WINDOWS\asvdnmo.dll
O21 - SSODL: bgntlvo - {684B9113-3015-4AFD-ADE8-A460B48F7878} - C:\WINDOWS\bgntlvo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibguard.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibserver.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Za sada nema vise onih upozorenja videcemo kasnije.
Evo loga:

ComboFix 08-01-14.1 - ILIJA 2008-01-13 22:49:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\ILIJA\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\FANDJO\Application Data\addon.dat
C:\Documents and Settings\FANDJO\Favorites\Error Cleaner.url
C:\Documents and Settings\FANDJO\Favorites\Privacy Protector.url
C:\Documents and Settings\FANDJO\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\ILIJA\Favorites\Error Cleaner.url
C:\Documents and Settings\ILIJA\Favorites\Privacy Protector.url
C:\Documents and Settings\ILIJA\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Velkovic\Desktop\Error Cleaner.url
C:\Documents and Settings\Velkovic\Desktop\Privacy Protector.url
C:\Documents and Settings\Velkovic\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Velkovic\Favorites\Error Cleaner.url
C:\Documents and Settings\Velkovic\Favorites\Privacy Protector.url
C:\Documents and Settings\Velkovic\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\asvdnmo.dll
C:\WINDOWS\bgntlvo.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\dnqdlpmmwv.dll
C:\WINDOWS\epxonwo.dll
C:\WINDOWS\fqwmwdn.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\nsl24.dll
C:\WINDOWS\system32\nsu7.dll
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\tmpwin.exe
C:\WINDOWS\system32\system\win.dat
C:\WINDOWS\xpupdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 22:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:46 . 2008-01-13 20:46 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Talkback
2008-01-13 20:44 . 2008-01-13 20:44 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\TuneUp Software
2008-01-13 20:29 . 2004-12-21 22:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\CyberLink
2008-01-13 20:29 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Ahead
2008-01-13 20:29 . 2004-12-21 22:54 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\AdobeUM
2008-01-13 20:29 . 2004-12-21 22:55 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\ACD Systems
2008-01-13 16:31 . 2008-01-13 16:31 <DIR> d-------- C:\Program Files\AdwareRemover2007
2008-01-12 17:31 . 2008-01-12 17:31 1,630 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-10 14:51 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-10 14:51 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-06 09:34 . 2008-01-06 09:34 594 --a------ C:\WINDOWS\eReg.dat
2007-12-30 19:40 . 2007-12-30 19:40 <DIR> d-------- C:\Documents and Settings\FANDJO\Application Data\bang
2007-12-27 20:30 . 2007-12-27 20:30 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-12-27 20:30 . 2007-12-27 20:30 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2007-12-23 11:09 . 2007-12-23 11:09 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-23 11:06 . 2007-12-23 11:07 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 18:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-11 22:08 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\LimeWire
2008-01-10 14:10 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BearShare
2008-01-09 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 11:13 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\uTorrent
2007-12-28 07:53 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BitTorrent
2007-12-25 21:13 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-23 13:09 --------- d-----w C:\Program Files\Opera
2007-12-23 13:09 --------- d-----w C:\Program Files\Netscape
2007-12-23 10:10 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-18 13:06 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\LimeWire
2007-12-13 09:21 --------- d-----w C:\Program Files\BearFlix
2007-12-12 19:23 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\UseNeXT
2007-12-12 19:19 --------- d-----w C:\Program Files\UseNeXT
2007-12-11 11:40 --------- d-----w C:\Program Files\BitTorrent
2007-12-11 09:05 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-11 08:59 --------- d-----w C:\Program Files\uTorrent
2007-12-10 21:29 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Uniblue
2007-12-10 19:18 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Netscape
2007-12-09 20:53 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:04 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Azureus
2007-12-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-07 23:25 --------- d-----w C:\Program Files\LimeWire
2007-12-07 12:14 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-07 11:02 --------- d-----w C:\Program Files\Webteh
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer Pro
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer
2007-12-06 13:55 --------- d-----w C:\Program Files\CCleaner
2007-12-06 13:03 --------- d-----w C:\Program Files\URUSoft
2007-12-04 22:05 --------- d-----w C:\Program Files\Windows Defender
2007-12-04 22:05 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-04 22:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-04 17:56 --------- d-----w C:\Program Files\Real
2007-12-04 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-12-01 19:56 --------- d-----w C:\Program Files\SuperMarioPac
2007-12-01 19:52 --------- d-----w C:\Program Files\Super Mario Epic
2007-11-30 22:05 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DMCache
2007-11-30 21:52 --------- d-----w C:\Program Files\Motherplanet
2007-11-30 11:29 --------- d-----w C:\Program Files\JLC's Software
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-30 11:03 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\JLC's Software
2007-11-28 20:11 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\ESET
2007-11-28 11:50 --------- d-----w C:\Program Files\MT882
2007-11-28 10:50 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}
2007-11-28 09:33 --------- d-----w C:\Program Files\BearShare Applications
2007-11-28 09:24 --------- d-----w C:\Program Files\DivX
2007-11-27 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 21:22 --------- d-----w C:\Program Files\Lavasoft
2007-11-27 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 21:19 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\ESET
2007-11-27 21:11 --------- d-----w C:\Program Files\BitLord
2007-11-27 20:54 --------- d-----w C:\Program Files\OneStepSearch
2007-11-27 20:53 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)
2007-11-27 20:53 --------- d-----w C:\Program Files\Labtec
2007-11-27 20:53 --------- d-----w C:\Program Files\Futuremark
2007-11-27 20:53 --------- d-----w C:\Program Files\FreshDevices
2007-11-27 20:53 --------- d-----w C:\Program Files\Alwil Software
2007-11-27 20:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy(2)
2007-11-27 20:52 --------- d-----w C:\Program Files\Save(2)
2007-11-27 09:47 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DivX
2007-11-21 15:10 --------- d-----w C:\Program Files\Google
2007-11-15 22:31 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Thunderbird
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 17:42 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-30 12:22 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

C:\Documents and Settings\Velkovic\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 15:26:25]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= [Link mogu videti samo ulogovani korisnici]\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-28 11:43 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
"SoundMan"=SOUNDMAN.EXE
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\moffice.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"MDNS"=C:\WINDOWS\system32\service.exe
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" /pause
"NI.UGDC_0001_N122M1912"="C:\Documents and Settings\FANDJO\Desktop\installer_en.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:07]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe []
S3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-13 21:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 01:12:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-14 22:54:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2649]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2008-01-14 22:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 21:58:22

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda puno bolje.
Samo ćemo malo da počistimo...


Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program Files\AdwareRemover2007
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}
C:\Program Files\OneStepSearch
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)
C:\Program Files\Save(2)

Registry::
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MDNS"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Srecna ti srpska nova godina i sve najbolje.
Evo loga:

ComboFix 08-01-14.1 - ILIJA 2008-01-15 0:28:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.170 [GMT 1:00]
Running from: C:\Documents and Settings\ILIJA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ILIJA\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\instance.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\mia.lib
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\SkinStudio.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\SkinStudio.par
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}(2)\SkinStudio.res
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\instance.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\mia.lib
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.dat
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.exe
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.msi
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.par
C:\Documents and Settings\All Users\Application Data\{85D61740-23AD-4D14-A3AA-3C1702FA8DDD}\SkinStudio.res
C:\Program Files\AdwareRemover2007
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.lic
C:\Program Files\AdwareRemover2007\AdwareRemover20070.ar
C:\Program Files\AdwareRemover2007\AdwareRemover20070.dll
C:\Program Files\AdwareRemover2007\AdwareRemover20071.ar
C:\Program Files\AdwareRemover2007\AdwareRemover20071.dll
C:\Program Files\AdwareRemover2007\AdwareRemover20073.dll
C:\Program Files\AdwareRemover2007\Uninstall.exe
C:\Program Files\OneStepSearch
C:\Program Files\OneStepSearch\onestep(2).dll
C:\Program Files\OneStepSearch\readme.html
C:\Program Files\Save(2)
C:\Program Files\Save(2)\save.db

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 23:57 . 2008-01-14 23:57 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Thunderbird
2008-01-13 22:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:46 . 2008-01-13 20:46 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Talkback
2008-01-13 20:44 . 2008-01-13 20:44 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\TuneUp Software
2008-01-13 20:29 . 2004-12-21 22:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\CyberLink
2008-01-13 20:29 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\Ahead
2008-01-13 20:29 . 2004-12-21 22:54 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\AdobeUM
2008-01-13 20:29 . 2004-12-21 22:55 <DIR> d-------- C:\Documents and Settings\ILIJA\Application Data\ACD Systems
2008-01-12 17:31 . 2008-01-12 17:31 1,630 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-10 14:51 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-10 14:51 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-10 14:51 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-06 09:34 . 2008-01-06 09:34 594 --a------ C:\WINDOWS\eReg.dat
2007-12-30 19:40 . 2007-12-30 19:40 <DIR> d-------- C:\Documents and Settings\FANDJO\Application Data\bang
2007-12-27 20:30 . 2007-12-27 20:30 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-12-27 20:30 . 2007-12-27 20:30 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2007-12-23 11:09 . 2007-12-23 11:09 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-23 11:06 . 2007-12-23 11:07 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 22:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-11 22:08 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\LimeWire
2008-01-10 14:10 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BearShare
2008-01-09 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 11:13 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\uTorrent
2007-12-28 07:53 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BitTorrent
2007-12-25 21:13 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-23 13:09 --------- d-----w C:\Program Files\Opera
2007-12-23 13:09 --------- d-----w C:\Program Files\Netscape
2007-12-23 10:10 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-18 16:29 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-18 13:06 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\LimeWire
2007-12-13 09:21 --------- d-----w C:\Program Files\BearFlix
2007-12-12 19:23 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\UseNeXT
2007-12-12 19:19 --------- d-----w C:\Program Files\UseNeXT
2007-12-11 11:40 --------- d-----w C:\Program Files\BitTorrent
2007-12-11 09:05 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-11 08:59 --------- d-----w C:\Program Files\uTorrent
2007-12-10 21:29 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Uniblue
2007-12-10 19:18 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Netscape
2007-12-09 20:53 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:04 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Azureus
2007-12-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-07 23:25 --------- d-----w C:\Program Files\LimeWire
2007-12-07 12:14 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-07 11:02 --------- d-----w C:\Program Files\Webteh
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer Pro
2007-12-07 11:02 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\BSplayer
2007-12-06 13:55 --------- d-----w C:\Program Files\CCleaner
2007-12-06 13:03 --------- d-----w C:\Program Files\URUSoft
2007-12-04 22:05 --------- d-----w C:\Program Files\Windows Defender
2007-12-04 22:05 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-04 22:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-04 17:56 --------- d-----w C:\Program Files\Real
2007-12-04 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-12-01 19:56 --------- d-----w C:\Program Files\SuperMarioPac
2007-12-01 19:52 172,032 ----a-w C:\WINDOWS\system32\cncs32.dll
2007-12-01 19:52 --------- d-----w C:\Program Files\Super Mario Epic
2007-11-30 22:05 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DMCache
2007-11-30 21:52 --------- d-----w C:\Program Files\Motherplanet
2007-11-30 11:29 --------- d-----w C:\Program Files\JLC's Software
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-30 11:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-30 11:22 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-30 11:03 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\JLC's Software
2007-11-28 20:11 --------- d-----w C:\Documents and Settings\Velkovic\Application Data\ESET
2007-11-28 11:50 --------- d-----w C:\Program Files\MT882
2007-11-28 09:33 --------- d-----w C:\Program Files\BearShare Applications
2007-11-28 09:24 --------- d-----w C:\Program Files\DivX
2007-11-27 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 21:22 --------- d-----w C:\Program Files\Lavasoft
2007-11-27 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 21:19 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\ESET
2007-11-27 21:11 --------- d-----w C:\Program Files\BitLord
2007-11-27 20:53 --------- d-----w C:\Program Files\Labtec
2007-11-27 20:53 --------- d-----w C:\Program Files\Futuremark
2007-11-27 20:53 --------- d-----w C:\Program Files\FreshDevices
2007-11-27 20:53 --------- d-----w C:\Program Files\Alwil Software
2007-11-27 20:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy(2)
2007-11-27 09:47 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\DivX
2007-11-21 15:10 --------- d-----w C:\Program Files\Google
2007-11-19 14:41 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-15 22:31 --------- d-----w C:\Documents and Settings\FANDJO\Application Data\Thunderbird
2007-11-01 16:23 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 21:48:53 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 23:27:44 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 21:48:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 23:27:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 21:48:53 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 23:27:44 1,388,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 21:48:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 23:27:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 21:48:53 2,494,464 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 23:27:44 2,523,136 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 21:48:53 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:27:44 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:27:45 4,411,392 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\ntuser.dat
+ 2008-01-14 23:27:45 7,356,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 17:42 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-30 12:22 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

C:\Documents and Settings\Velkovic\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 15:26:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-28 11:43 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"DataLayer"=C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
"SoundMan"=SOUNDMAN.EXE
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\moffice.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" /pause
"NI.UGDC_0001_N122M1912"="C:\Documents and Settings\FANDJO\Desktop\installer_en.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:07]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe []
S3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-14 23:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 01:12:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-15 00:30:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 0:31:26
ComboFix-quarantined-files.txt 2008-01-14 23:31:11
ComboFix2.txt 2008-01-14 21:58:25

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uhh... Napravio sam grešku.
Obrisan je folder koji pripada programu SkinStudio.
Možeš li reinstalirati program ili da koristimo System Restore?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ma reinstaliracu cu ga.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To je to. Hvala ti puno i opusteno za onaj folder. Jos jednom srecna nova.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala... Sve najbolje...