usporio racunar

usporio racunar

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:05 PM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Admin.PAL\Desktop\TR3.exe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = cg.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS.0\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 10427 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav

Arrow Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Iskopiraj sadržaj tog izveštaja u iduću poruku.

Arrow Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Napisano: 25 Jul 2009 9:08

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/25 08:52
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS.0\System32\Drivers\dump_atapi.sys
Address: 0xF3FA0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS.0\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS.0\system32\drivers\rootrepeal.sys
Address: 0xB9C32000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\admin.pal\application data\opera\opera\profile\global.dat
Status: Size mismatch (API: 168745, Raw: 168553)

Path: c:\documents and settings\admin.pal\application data\opera\opera\profile\sessions\autosave.win
Status: Size mismatch (API: 3885, Raw: 5234)

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\4FEZXP4R\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=9220272289[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\4FEZXP4R\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=9699499296[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\4FEZXP4R\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=7048862583[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\4FEZXP4R\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=3649901111[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\4FEZXP4R\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=5568414753[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_1062;sz=450x60;plid=AARqkhwwA5gEm8iL;kl=N;!c=1062;k2=717;k2=745;klg=en;kvid=zCcdU55w15M;kpu=3DGAMEMAN;kr=H;khd=1;kt=K;ko=y;kpid=1062;kga=-1;u=zCcdU55w15M_1062;kgg=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_1062;sz=300x250;plid=AARqkj3TzToahE-G;kl=N;!c=1062;k2=717;klg=en;kvid=5EqEHVsnqLk;kpu=3DGAMEMAN;kr=F;khd=0;kt=K;ko=y;kpid=1062;kga=-1;u=5EqEHVsnqLk_1062;kgg=-1;kcr[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_1062;sz=450x60;plid=AARqkh7l51N0DrD2;kl=N;!c=1062;k2=717;klg=en;kvid=5EqEHVsnqLk;kpu=3DGAMEMAN;kr=F;khd=0;kt=K;ko=y;kpid=1062;kga=-1;u=5EqEHVsnqLk_1062;kgg=-1;kcr=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_1062;sz=480x70;plid=AARqkj4xAUfgOWGX;kl=N;!c=1062;k2=717;k2=745;klg=en;kvid=zCcdU55w15M;kpu=3DGAMEMAN;kr=H;khd=1;kt=K;ko=y;kpid=1062;kga=-1;u=zCcdU55w15M_1062;kgg=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_14;sz=450x60;plid=AARqkj8WpM868rJb;kl=N;!c=14;klg=en;kvid=79KHiHfPxas;kpu=dman8138;khd=0;kt=K;ko=c;kpid=14;afc=1;kga=-1;kr=H;kp=1;u=79KHiHfPxas_14;kgg=-1;kcr=us;cu[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_2802;sz=300x250;plid=AARqki2woUCefkYa;kl=N;!c=2802;k2=717;k2=741;klg=en;kvid=cIOtyCoU3Zo;kpu=PCWizKid;kr=H;khd=1;kt=K;ko=y;kpid=2802;kga=-1;u=cIOtyCoU3Zo_2802;kgg=[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\main_2802;sz=480x70;plid=AARqki2woUCefkYa;kl=N;!c=2802;k2=717;k2=741;klg=en;kvid=cIOtyCoU3Zo;kpu=PCWizKid;kr=H;khd=1;kt=K;ko=y;kpid=2802;kga=-1;u=cIOtyCoU3Zo_2802;kgg=-[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=1860677185[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=5511039493[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\6VGJ0FWJ\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;kga=-1;kr=F;kw=di+maria;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=5062877476349059[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\A8I4J4WU\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=2688832008[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\A8I4J4WU\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=766745854[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\A8I4J4WU\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=9680739112[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\A8I4J4WU\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=2430521229[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\F9AB4HHQ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=4115154838[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\F9AB4HHQ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=674255773[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\F9AB4HHQ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=8422823605[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\F9AB4HHQ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=8439736092[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\F9AB4HHQ\Virtua%2BTennis%2B2009%2B%26terms%3Dany%26topic_icon%3D0%26author%3D%26sc%3D1%26sf%3Dtitleonly%26sk%3Dt%26sd%3Dd%26sr%3Dtopics%26st%3D0%26ch%3D300%26t%3D0%26submit%3DSearch&r=0
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\main_1062;sz=300x250;plid=AARqkh7l51N0DrD2;kl=N;!c=1062;k2=717;klg=en;kvid=5EqEHVsnqLk;kpu=3DGAMEMAN;kr=F;khd=0;kt=K;ko=y;kpid=1062;kga=-1;u=5EqEHVsnqLk_1062;kgg=-1;kcr[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=5264449858[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=7557779957[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\main_1062;sz=300x250;plid=AARqkhwwA5gEm8iL;kl=N;!c=1062;k2=717;k2=745;klg=en;kvid=zCcdU55w15M;kpu=3DGAMEMAN;kr=H;khd=1;kt=K;ko=y;kpid=1062;kga=-1;u=zCcdU55w15M_1062;kgg[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;kga=-1;kr=F;kw=di+maria+benfica;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=7216202117224[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\main_1062;sz=480x70;plid=AARqkj3TzToahE-G;kl=N;!c=1062;k2=717;klg=en;kvid=5EqEHVsnqLk;kpu=3DGAMEMAN;kr=F;khd=0;kt=K;ko=y;kpid=1062;kga=-1;u=5EqEHVsnqLk_1062;kgg=-1;kcr=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\main_14;sz=480x70;plid=AARqkj8WpM868rJb;kl=N;!c=14;klg=en;kvid=79KHiHfPxas;kpu=dman8138;khd=0;kt=K;ko=c;kpid=14;afc=1;kga=-1;kr=H;kp=1;u=79KHiHfPxas_14;kgg=-1;kcr=us;cu[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\H7BOI7OH\main_2802;sz=450x60;plid=AARqki2woUCefkYa;kl=N;!c=2802;k2=717;k2=741;klg=en;kvid=cIOtyCoU3Zo;kpu=PCWizKid;kr=H;khd=1;kt=K;ko=y;kpid=2802;kga=-1;u=cIOtyCoU3Zo_2802;kgg=-[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\OV63E3AF\main_1062;sz=300x250;plid=AARqkj4xAUfgOWGX;kl=N;!c=1062;k2=717;k2=745;klg=en;kvid=zCcdU55w15M;kpu=3DGAMEMAN;kr=H;khd=1;kt=K;ko=y;kpid=1062;kga=-1;u=zCcdU55w15M_1062;kgg[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\OV63E3AF\main_1062;sz=450x60;plid=AARqkj3TzToahE-G;kl=N;!c=1062;k2=717;klg=en;kvid=5EqEHVsnqLk;kpu=3DGAMEMAN;kr=F;khd=0;kt=K;ko=y;kpid=1062;kga=-1;u=5EqEHVsnqLk_1062;kgg=-1;kcr=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\OV63E3AF\main_1062;sz=450x60;plid=AARqkj4xAUfgOWGX;kl=N;!c=1062;k2=717;k2=745;klg=en;kvid=zCcdU55w15M;kpu=3DGAMEMAN;kr=H;khd=1;kt=K;ko=y;kpid=1062;kga=-1;u=zCcdU55w15M_1062;kgg=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\OV63E3AF\main_14;sz=300x250;plid=AARqkj8WpM868rJb;kl=N;!c=14;klg=en;kvid=79KHiHfPxas;kpu=dman8138;khd=0;kt=K;ko=c;kpid=14;afc=1;kga=-1;kr=H;kp=1;u=79KHiHfPxas_14;kgg=-1;kcr=us;c[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\OV63E3AF\main_1062;sz=480x70;plid=AARqkhwwA5gEm8iL;kl=N;!c=1062;k2=717;k2=745;klg=en;kvid=zCcdU55w15M;kpu=3DGAMEMAN;kr=H;khd=1;kt=K;ko=y;kpid=1062;kga=-1;u=zCcdU55w15M_1062;kgg=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\OV63E3AF\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;kga=-1;kr=F;kw=di+maria+benfica;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=375596409710385[2].5
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\QZOB6NOF\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=8534527658[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\QZOB6NOF\main_1062;sz=480x70;plid=AARqkh7l51N0DrD2;kl=N;!c=1062;k2=717;klg=en;kvid=5EqEHVsnqLk;kpu=3DGAMEMAN;kr=F;khd=0;kt=K;ko=y;kpid=1062;kga=-1;u=5EqEHVsnqLk_1062;kgg=-1;kcr=[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\QZOB6NOF\religionspirituality_religion;sz=300x250;kl=N;klg=en;kt=K;kga=-1;kr=F;kw=di+maria+benfica;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=274083890148759[2].5
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\temp\Temporary Internet Files\Content.IE5\VPO0WDYQ\games;affiliate=gamingaccess;subaffiliate=gamingaccess;channel=games;subchannel=games;category=tic;pt=content;pez=tic;dcopt=ist;;sz=728x90;tile=1;ord=1266577110[2]
Status: Locked to the Windows API!

Path: c:\documents and settings\admin.pal\local settings\application data\opera\opera\profile\vps\0006\md.dat
Status: Size mismatch (API: 212992, Raw: 65536)

Path: c:\documents and settings\admin.pal\local settings\application data\opera\opera\profile\vps\0006\w.ax
Status: Size mismatch (API: 488960, Raw: 161280)

Path: c:\documents and settings\admin.pal\local settings\application data\opera\opera\profile\vps\0006\wb.vx
Status: Size mismatch (API: 2635264, Raw: 806912)

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\adoc.bx-g
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\adoc.bx-j
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\md.dat-j
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\url.ax-g
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\url.ax-j
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\w.ax-g
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\w.ax-j
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Opera\Opera\profile\vps\0006\wb.vx-j
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Microsoft\Messenger\s.share@live.com\SharingMetadata\marinkot@live.com\DFSR\Staging\CS{E9AED28E-136C-7114-3138-C675815A42EB}\01\10-{E9AED28E-136C-7114-3138-C675815A42EB}-v1-{965B6344-67DA-409B-BC31-D4BECC4BEE46}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Microsoft\Messenger\zeko-peko@hotmail.com\SharingMetadata\devilbullet@hotmail.com\DFSR\Staging\CS{7F22FC23-9679-56D2-1E5F-4107DF138DE6}\01\15-{7F22FC23-9679-56D2-1E5F-4107DF138DE6}-v1-{63EE982E-8280-4F4A-9136-EC54E3D8787A}-v15-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Microsoft\Messenger\zeko-peko@hotmail.com\SharingMetadata\devilbullet@hotmail.com\DFSR\Staging\CS{7F22FC23-9679-56D2-1E5F-4107DF138DE6}\79\16-{AF88270C-AE51-417C-AFC7-26BA98666315}-v79-{63EE982E-8280-4F4A-9136-EC54E3D8787A}-v16-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Microsoft\Messenger\zeko-peko@hotmail.com\SharingMetadata\kaja_czv@msn.com\DFSR\Staging\CS{DF991B27-222F-D748-296F-35A14F2F8CE5}\01\10-{DF991B27-222F-D748-296F-35A14F2F8CE5}-v1-{63EE982E-8280-4F4A-9136-EC54E3D8787A}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Admin.PAL\Local Settings\Application Data\Microsoft\Messenger\zeko-peko@hotmail.com\SharingMetadata\zloconi_djavolcic@yahoo.com\DFSR\Staging\CS{C03AB5F5-9437-9D99-9563-2BD8547212B7}\01\17-{C03AB5F5-9437-9D99-9563-2BD8547212B7}-v1-{63EE982E-8280-4F4A-9136-EC54E3D8787A}-v17-Downloaded.frx
Status: Locked to the Windows API!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf4082df0

==EOF==


Malwarebytes' Anti-Malware 1.39
Database version: 2498
Windows 5.1.2600 Service Pack 2

7/25/2009 9:08:04 AM
mbam-log-2009-07-25 (09-08-04).txt

Scan type: Quick Scan
Objects scanned: 88698
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS.0\system32\reboot.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Dopuna: 25 Jul 2009 9:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:00 AM, on 7/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Admin.PAL\Desktop\TR3.exe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = cg.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS.0\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 10351 bytes

Dopuna: 27 Jul 2009 8:51

ima li pomoci ?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Nekako mi je promakla ova tema kada sam gledao ambulantu..izvinjenje

Probaj nesto od ovoga..logovi deluju cisto

http://www.mycity.rs/Zastita/Usporen-Racunar-ili-Browser-Osnovni-Saveti.html

Ko je trenutno na forumu
 

Ukupno su 1075 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 1030 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Ben Roj, bokisha253, Brana01, brundo65, Dorcolac, DPera, Frunze, GORDI, goxin, havoc995, HrcAk47, Insan, jukeboxer, kunktator, kybonacci, lord sir giga, MB120mm, mean_machine, Metanoja, mikrimaus, milenko crazy north, milos.cbr, nikoladim, novator, Panter, pein, predragc, Primus17, procesor, Romibrat, sevenino, ShurikSST, Skywhaler, Stoilkovic, User98, Vatreni Zmaj, virked, voja64, wizzardone, zixmix