pomoc oko virusa

windows mi je izbacio nekakvu poruku oko generisanja win32,u tom prozoru sam imao onu opciju send,dont send.... kad sam kliknuo na neku od te dve stavke sledece sto se desava je da kaspersy izbacuje nekakav prozor u kojem se spominje svghost fajl,pokusao sam da slikam taj prozor ali se komp delimicno blokira,ustvari samo dole gde su tabovi tu je prazno tako da nista nisam mogao da otvorim... u tom prozoru je bila opcija da se klikne na nesto tipa intruder ili nesto slicno ali posto je bilo blokirano to mi nije polazilo za rukom,medjutim,posle cekanja od 10 minuta otisao je na ovaj sajt http://www.viruslist.com/en/viruses/encyclopedia/pdm/invader
skenirao sam 2 puta sa kaspersik i sa adaware(koji su redovno azurirani) i oni navodno nisu nista pronasli.
vidim da mi je komp blago poblesavio,kad gledam satelitsku tv preko ss2 kartice izbacuje mi neke poruke o grafovima i filterima.....
evo i log fajl pa ako je neko dobre volje nek pomogne

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:09 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\program files\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Girder\Girder.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O18 - Protocol: bw+0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 19794 bytes

Skini Vundofix sa ovog linka:

http://www.atribune.org/content/view/24/2/

i koristi uputstva sa istog linka da izvrsis sken i posle postuj Vundo log (koliko se secam C:\report.txt) i HJT! log. Takodje skini Superantispyware update-uj ga i skeniraj.

samo da pitam da li je Superantispyware bolji od ostalih programa te namene?

vundofix nije nista pronasao log file nisam znao gde je,nije bila opcija za to....
Superantispyware je nasao 38 stvarcica koje sam obrisao tako da cu videti da li je problem resen

izida (Isis ) postavi novi HiJackThis! log. Superantispyware je dobar program, ali ne i najbolji. Najbolji program za takve stvari zapravo i ne postoji.

opet se javlja isti problem,evo slike


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:58 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\program files\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O18 - Protocol: bw+0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Deinstaliraj Logitec Desktop Messenger. Vidis koliko je registry vrednosti vezano za njega (O18). Posle toga okaci novi HJT! log i javi kako se racunar ponasa. Inace ono "Invader moze biti i false positive od strane programa koji to javlja... Ja ovde ne vidim nista sem svchosta koji baguje, a moze bagovati a da uopste nema virusa.

Da nije ovo neka n-lite-ovana verzija XP-a posto vidim registry vrednosti vezane za nlite.inf?
U slucaju da je nlite-vana verzija odmah mi reci koja je da vidim da li vredi uopste da se trudim dalje...

_{[Ovu poruku je menjao Binary Mind dana 14.02.2008. u 21:44 GMT+1]}

ja kad bi znao sta ti je to nlite-vana verzija odmah bi se ozenio,evo slike,inace ovaj sistem mi radi pola godine

Jeste n-lite verzija zvana 2Fast XP (verzija koju je neko pravio sa programom zvanim n-lite). Kad si instalirao Logitec Desktop Messenger? Obrishi ovo u HJT! (stikliraj vrednosti i nakon toga pritisni "fix checked"):



i deinstaliraj Logitech Destop Messenger, okachi novi HJT! log i javi sta se desava...

_{[Ovu poruku je menjao Binary Mind dana 14.02.2008. u 21:51 GMT+1]}

insatalirao sam ga sa drivera od misa i tastature

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:46 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\program files\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7270 bytes

Ostalo je ovo:



Zaboravi na ovo. Ocigledno da su neki hackovi za taj Windows posto je nlite verzija. Kako sad radi?

koliko vidim opet isto...
sad si me zbunio,jel ovo virus ili ne???

Nije. Prvo sam mislio da jeste ali pogledavsi vrednosti malo bolje dosao sam do zakljucka da nisu virusi nego registy hackovi za tu n-lite verziju Windows-a. Sad ces otvoris HijackThis! i da odes na "config" (dugme je levo), pa na "backups" i da stikliras ono sto smo obrisali i kazes "restore" (dobra fora kod HJT-a ukoliko se napravi greska). Greska je nastala zbog nlite verzije Windows-a koja nije dobro odradjena. Ona radi ali nije to to...

Posle toga ces skinuti Combofix i uraditi sken njime. Ne verujem da ce ista da nadje, ali moze mi log posluziti da nadjem potencijalne napasti. Kad aktiviras Combofix, pratis upite, i dok skenira ne diras komp. Evo linka za Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Posle skena okaci Combofix log... Inace mislim da si nesto zeznuo sa podesavanjem KIS-a i da ti zbog toga baguje svchost.

Sutra cemo nastaviti posto jos malo idem da lalam...

ComboFix 08-02-15.1 - Administrator 2008-02-14 13:06:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 07:58 . 2008-02-14 07:58 <DIR> d-------- C:\Program Files\Defraggler
2008-02-14 04:51 . 2008-02-14 04:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 04:50 . 2008-02-14 04:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 04:50 . 2008-02-14 04:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-14 04:43 . 2008-02-14 04:43 <DIR> d-------- C:\VundoFix Backups
2008-02-13 12:22 . 2008-02-13 12:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 06:35 . 2008-02-11 06:35 <DIR> d-------- C:\Program Files\DivX
2008-02-09 11:01 . 2008-02-14 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-09 11:01 . 2008-02-15 13:16 2,076,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 11:01 . 2008-02-09 11:07 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-09 11:01 . 2008-02-09 11:01 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-09 11:01 . 2008-02-15 13:15 34,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-09 11:01 . 2008-02-14 07:28 29,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 11:01 . 2008-02-14 07:28 4,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-07 09:17 . 2008-02-09 11:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 09:16 . 2008-02-09 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-06 09:38 . 2008-02-06 09:38 <DIR> d-------- C:\Program Files\FireTrust
2008-02-06 09:38 . 2008-02-10 06:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2008-02-02 08:40 . 2002-12-11 17:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-31 08:19 . 2008-01-31 08:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Program Files\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-01-31 07:06 . 2008-01-31 07:06 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 06:45 . 2008-01-31 06:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-31 05:51 . 2008-02-14 07:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 05:51 . 2008-01-31 05:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 07:45 . 2008-01-30 07:45 <DIR> d-------- C:\Program Files\directx
2008-01-30 07:45 . 2008-01-30 07:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-30 07:42 . 2008-01-30 07:42 <DIR> d-------- C:\Program Files\KONAMI
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-30 05:04 . 2008-01-30 05:04 <DIR> d-------- C:\WINDOWS\cache
2008-01-30 02:53 . 2008-01-30 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-01-29 22:58 . 2008-01-29 22:58 118,784 --------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-01-29 22:56 . 2005-05-25 02:40 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-29 22:56 . 2005-05-25 02:40 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-01-29 22:56 . 2005-05-25 02:40 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-01-29 22:56 . 2005-05-25 02:40 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-29 22:56 . 2005-05-20 15:01 68,352 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-01-29 22:56 . 2005-05-20 15:00 54,528 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-01-29 22:56 . 2005-05-20 15:00 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-01-29 21:48 . 2008-01-29 21:48 <DIR> d-------- C:\Program Files\uTorrent
2008-01-29 21:48 . 2008-02-15 13:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\Program Files\Webteh
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
2008-01-29 21:20 . 2008-01-29 21:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer
2008-01-27 22:52 . 2008-01-27 22:52 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Program Files\Live Poker
2008-01-25 19:52 . 2008-01-25 19:52 <DIR> d-------- C:\Program Files\Dream Match Tennis
2008-01-25 19:52 . 2005-10-17 04:05 200,192 --------- C:\WINDOWS\eiunin21.exe
2008-01-25 19:27 . 2008-01-25 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-25 19:27 . 1997-11-11 22:33 317,440 --a------ C:\WINDOWS\IsUninst.exe
2008-01-25 09:25 . 2008-01-25 09:26 <DIR> d-------- C:\Program Files\Girder
2008-01-24 21:55 . 2008-01-24 21:55 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-24 21:52 . 2008-01-24 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-24 21:35 . 2008-01-24 21:52 <DIR> d-------- C:\Program Files\Windows Live
2008-01-24 21:35 . 2008-01-24 21:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 21:35 . 2008-01-24 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-24 21:34 . 2008-01-24 21:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Program Files\QuickTime
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-24 21:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-24 21:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-24 21:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-24 21:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-24 21:13 . 2008-01-24 21:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-24 21:13 . 2008-01-29 22:55 50 --a------ C:\WINDOWS\cdplayer.ini
2008-01-24 21:12 . 2008-01-24 21:13 <DIR> d-------- C:\Program Files\Real
2008-01-24 21:12 . 2008-01-24 21:12 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-24 21:12 . 2008-01-24 21:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-24 21:12 . 2008-01-24 21:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-24 20:49 . 2008-01-24 20:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-24 20:49 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-24 20:03 . 2008-02-14 04:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 20:02 . 2008-01-24 20:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-01-24 20:01 . 2008-01-24 20:01 <DIR> d-------- C:\Program Files\ESET
2008-01-24 20:01 . 2008-01-24 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-24 19:59 . 2008-01-24 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 17:06 . 2008-01-29 21:26 <DIR> d-------- C:\Program Files\Total Video Player
2008-01-23 20:14 . 2008-01-23 20:14 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-01-23 17:50 . 2006-07-17 01:40 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 17:50 . 2006-07-17 01:40 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 17:48 . 2008-02-14 09:01 <DIR> d-------- C:\Program Files\Logitech
2008-01-23 17:48 . 2008-01-29 22:56 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-23 17:48 . 2004-04-14 10:54 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-01-23 17:48 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-01-23 17:48 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-01-23 17:48 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-01-23 17:48 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-01-23 17:38 . 2008-01-23 17:38 <DIR> d-------- C:\Program Files\EA SPORTS
2008-01-23 09:37 . 2008-01-23 09:37 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-23 09:36 . 2008-01-23 09:36 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-23 09:36 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-23 09:34 . 2008-01-23 09:34 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-01-23 09:34 . 2008-01-23 09:34 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-23 09:34 . 2008-01-23 09:34 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-18 08:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 08:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 00:48 68856]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-02 20:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 03:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 02:04 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-24 21:12 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - C:\Program Files\Girder\Girder.exe [2008-01-25 09:25:44 1830912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-23 00:48:42 124400]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 22:56:50 450560]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-01-23 01:11:35 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-13 17:22]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 03:15:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 13:16:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 13:18:10

Log je prilicno cist. Izbrishi rucno:



...jer se radi o mogucoj infekciji a .old fajlovi su inace safe za brisanje. Instlairaj CCleaner ako do sad nisi i redovno brisi djubre pomocu njega.

...i pokazi mi kako si konfigurisao KIS firewall pomocu sceenshot-a ili vise njih ako je potrebno. svchost treba da ima izlaz na net. Ako ne znas da konfigurises firewall-ove za pocetak ce ti biti dovoljan Windows XP ICF (Internet Connection Firewall) plus neki dobar antivirus (Kaspersky Antivirus je sasvim dobar dok je Kaspersky Interent Security mozda i previse za tebe u ovom trenutku) i neki dobar anti spyware kao sto su Spybot, Superantispyware ili AVG Antispyware. Inace vrlo je mala sansa da imas problema sa virusima... Problemi su najverovatnije do podesavanja u Kaspersky Firewall-u...

Preimenuj HiJackThis egzekutabilni fajl u bilo sta drugo osim HiJackThis (primer Bla.exe ) i okaci novi HJT! log...

_{[Ovu poruku je menjao Binary Mind dana 15.02.2008. u 14:40 GMT+1]}

a gde ovo da obrisem,u hjt?pogledaj ovo,to mi je izbacio posle skeniranja sa Combofix-om


evo slika od firewall-a








ovo ne znam kako se radi
a jel mislis da ce problem da nestane ako izbrisem internet security,posto ovaj problem nisam imao sa NOD-om,tek kad sam presao na KIS

Deinstaliraj KIS jer ocigledno on ti iz nekog razloga pravi problem, a C:\WINDOWS\REGLOCS.OLD obrises po putanji (Windows Explorer pa Delete rucno)... Umesto Kaspersky Internet Security bice ti dovoljan samo Kaspersky Antivirus kao sto sam vec rekao, a ne bih preporucio instalaciju NOD-a (probaj sa najnovijim. Nikako NOD v2.X nego 3.x) jer propusta mnogo dosadnog malware-a i trojanaca. Bolje resenje za manji AV alat su Avast, Avira ili AVG... Koristi Windows-ov ICF firewall, i jos neki dobar Antispyware program od onih koje sam nabrojao... To sto Kaspersky prijavljuje Combofix kao "loseg momka" je cist false negative i to ignorisi.

Zaboravio si da preimenujes HiJackThis exe fajl i da uradis novi sken i okacis taj novi log...

napisao sam ti,verovatno nisi video u poruci da nisam znao to da uradim


onaj instalacioni fajl da mu promenim ime?
ajde molim te i ovo malo detaljnije posto stvarno nemam pojma nasta mislis

Da li si instalirao HiJackThis ili si skinuo fajl koji se sam pokrece. Ako si skinuo fajl koji se sam pokrece samo ga "rename-uj" (desni klik pa "Rename" pa napises bilo sta poput "Bla" ). Nadam se iskreno da sad razumes. Ako si ga instalirao idi u Program Files nadji HiJackThis i opet preimenuj "Rename" HiJackThis egzekutabilni fajl. Posle toga izvrsi sken i okaci log.

Pa dao sam ti putanju (C:\WINDOWS\REGLOCS.OLD) Nadjes taj fajl po datoj putanji pomocu Windows Explorera ili Total Commndera, pa desni klik na njega i "delete" ili F8 u Total Commander-u pa potvrdis brisanje. Da li si razumeo? Ovo su neke osnovne stvari sto se tice baratanja sa fajlovima u Windows-u (Pracenje putanja fajlova i nalazenje istih pomocu njih, Copy, Paste, Cut, Move, Rename, Delete...).

_{[Ovu poruku je menjao Binary Mind dana 15.02.2008. u 20:21 GMT+1]}

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:41 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\program files\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\bla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7510 bytes