Sta je ovo, i otkud ovo?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ima neko ideju odakle ova cuda? Nisam nista novo skidao ili instalirao... Samo mi se pojavilo nakon sto je bio ugasen.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Trebaće nam HijackThis log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:24 PM, on 5/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files (x86)\RivaTuner v2.24\Tools\RTSS\RTSS.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\FlashGet\flashget.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Fireslasher\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24\Tools\RTSS\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [Five Stop] "C:\ProgramData\Heck Default Default.m93md"
O4 - HKLM\..\Run: [Long Internet Team Stupid] "C:\ProgramData\Byte Blue Locks.83lgi6"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9880 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Lop S&D na Desktop.
Dvoklikom pokreni LopSD.exe
Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK
Odaberi opciju 1 - Search kucajući 1 i Enter
Sačekaj nekoliko minuta da program završi skeniranje
Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u
Iskopiraj dobijeni log u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1
x64-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : BIOS Date: 11/15/07 11:41:05 Ver: 08.00.12
USER : Fireslasher ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.357 (Activated)
Firewall : Kaspersky Internet Security 8.0.0.357 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:79 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:385 Go (Free:65 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 05/23/2009|20:35 )

[ UAC => 0 ]

--------------------\\ Listing folders in Local

[05/09/2009|11:54] C:\Users\FIRESL~1\AppData\Local\<DIR> ABBYY
[05/01/2009|07:34] C:\Users\FIRESL~1\AppData\Local\<DIR> Adobe
[05/03/2009|03:09] C:\Users\FIRESL~1\AppData\Local\<DIR> Ahead
[05/01/2009|09:23] C:\Users\FIRESL~1\AppData\Local\<JUNCTION> Application Data
[05/03/2009|06:21] C:\Users\FIRESL~1\AppData\Local\<DIR> Atari
[05/01/2009|06:43] C:\Users\FIRESL~1\AppData\Local\732 d3d9caps64.dat
[05/22/2009|09:36] C:\Users\FIRESL~1\AppData\Local\27,648 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/01/2009|08:20] C:\Users\FIRESL~1\AppData\Local\<DIR> DFX
[05/03/2009|03:09] C:\Users\FIRESL~1\AppData\Local\99,880 GDIPFONTCACHEV1.DAT
[05/01/2009|09:23] C:\Users\FIRESL~1\AppData\Local\<JUNCTION> History
[05/23/2009|08:30] C:\Users\FIRESL~1\AppData\Local\2,716,937 IconCache.db
[05/09/2009|12:00] C:\Users\FIRESL~1\AppData\Local\<DIR> Microsoft
[05/13/2009|01:49] C:\Users\FIRESL~1\AppData\Local\<DIR> Microsoft Games
[05/02/2009|12:34] C:\Users\FIRESL~1\AppData\Local\<DIR> Microsoft Help
[05/01/2009|06:40] C:\Users\FIRESL~1\AppData\Local\<DIR> Opera
[05/23/2009|08:35] C:\Users\FIRESL~1\AppData\Local\<DIR> Temp
[05/01/2009|09:23] C:\Users\FIRESL~1\AppData\Local\<JUNCTION> Temporary Internet Files
[05/01/2009|07:32] C:\Users\FIRESL~1\AppData\Local\<DIR> VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[05/23/2009 08:21 PM][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{A381FE27-0923-49FA-B622-F70B947F4E7C}.job
[05/23/2009 08:31 PM][--a------] C:\Windows\tasks\1-Click Maintenance.job
[05/23/2009 08:31 PM][--ah-----] C:\Windows\tasks\SA.DAT
[05/23/2009 08:30 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[05/01/2009|07:39] C:\ProgramData\<DIR> {55A29068-F2CE-456C-9148-C869879E2357}
[05/09/2009|11:54] C:\ProgramData\<DIR> ABBYY
[05/01/2009|07:24] C:\ProgramData\<DIR> Acronis
[05/01/2009|07:31] C:\ProgramData\<DIR> Adobe
[05/01/2009|07:33] C:\ProgramData\<DIR> Adobe Systems
[11/02/2006|05:41] C:\ProgramData\<JUNCTION> Application Data
[05/19/2009|08:11] C:\ProgramData\262,160 Byte Blue Locks.83lgi6
[05/19/2009|09:16] C:\ProgramData\<DIR> comp two long internet
[05/01/2009|08:34] C:\ProgramData\<DIR> DAEMON Tools Pro
[11/02/2006|05:41] C:\ProgramData\<JUNCTION> Desktop
[05/01/2009|08:20] C:\ProgramData\<DIR> DFX
[11/02/2006|05:41] C:\ProgramData\<JUNCTION> Documents
[11/02/2006|05:41] C:\ProgramData\<JUNCTION> Favorites
[05/19/2009|08:10] C:\ProgramData\61,456 Heck Default Default.ci15fi0
[05/19/2009|08:33] C:\ProgramData\331,792 Heck Default Default.fxoo458
[05/19/2009|08:10] C:\ProgramData\294,928 Heck Default Default.gk43zi
[05/19/2009|09:16] C:\ProgramData\65,552 Heck Default Default.m93md
[05/19/2009|08:54] C:\ProgramData\237,584 Heck Default Default.qjiyu
[05/23/2009|08:31] C:\ProgramData\<DIR> Kaspersky Lab
[05/01/2009|08:01] C:\ProgramData\<DIR> Kaspersky Lab Setup Files
[05/10/2009|11:02] C:\ProgramData\<DIR> Malwarebytes
[05/03/2009|06:00] C:\ProgramData\<DIR> Media Center Programs
[05/08/2009|09:36] C:\ProgramData\<DIR> Microsoft
[05/07/2009|12:32] C:\ProgramData\<DIR> Microsoft Help
[05/01/2009|07:42] C:\ProgramData\<DIR> Nero
[05/01/2009|06:59] C:\ProgramData\<DIR> NVIDIA
[05/01/2009|06:57] C:\ProgramData\<DIR> SonicFocus
[11/02/2006|05:41] C:\ProgramData\<JUNCTION> Start Menu
[05/19/2009|09:19] C:\ProgramData\<DIR> Start Rect
[05/03/2009|06:21] C:\ProgramData\<DIR> Tages
[05/23/2009|08:31] C:\ProgramData\<DIR> TEMP
[11/02/2006|05:41] C:\ProgramData\<JUNCTION> Templates
[05/01/2009|07:40] C:\ProgramData\<DIR> TuneUp Software

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O4 - HKLM\..\Run: [Five Stop] "C:\ProgramData\Heck Default Default.m93md"
O4 - HKLM\..\Run: [Long Internet Team Stupid] "C:\ProgramData\Byte Blue Locks.83lgi6"


Klikni Fix checked.



Aktiviraj prikaz skrivenih file-ova i foldera: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html



Obriši sledeće file-ove:

C:\ProgramData\Byte Blue Locks.83lgi6
C:\ProgramData\Heck Default Default.ci15fi0
C:\ProgramData\Heck Default Default.fxoo458
C:\ProgramData\Heck Default Default.gk43zi
C:\ProgramData\Heck Default Default.m93md
C:\ProgramData\Heck Default Default.qjiyu



Obriši sledeće foldere (jedan ili oba od poslednja dva možda ne postoje):

C:\ProgramData\comp two long internet
C:\ProgramData\Start Rect
C:\Program Files (x86)\comp two long internet
C:\Program Files (x86)\Start Rect


Restartuj PC.

Stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije izbacio nista, jeeee .

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isključi i zatim ponovo uključi System Restore:

http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


I to bi bilo to.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesam, hvala .