Spyware

[pecko88]

Downlodiraj process explorer i prema ime fajla koji ti je superantispyware identifikovao kao virus u prcoess exploreru daj im prvo Suspend.
Jer ako ih je njih vise mozno je da se jedno drugo stite.
Posle daj im kill process i obrisi sa harda.

 

[neo_81]

stari josh uvijek mi nisi posla izvjeshtaj hijackthisa i ne vidim da si prosha combofixom.... hebga stari nemosh na pola prestat .... gamad morash tuch do kraja ;DDDD a shto se tiche noda skini onu verziju shto ti napisah u zadnjoj PM

 

[Kurblaj Kan]

MA poslo bi aj tebi ali kažem ti ne mogu otvoriti stranice te dvije kad uletim do lege nekog onda ću si to kod njega poskidat i kuć donijet

 

[neo_81]

haha )) aj pomalo zhivio )

 

[pecko88]

Sve, sve, ali ne znam zasto se toliko nadate da ce neki antivirus resiti problem.
Ima gamada virusa, crva, rootkita... koji nikada nece doci na red za definicije, jer su manje rasireni ili su bili nekome specificno namenjeni.

Daj unesite malo kreativnosti...
Ja sam cak jednom koristi i NetLimiter kako bi uhvatio virusa u momentu kada proba da se kaci na neki j***ni sajt.

 

[neo_81]

stari ne pokushavamo mi to sa antivirusom rijeshit ako si pratio malo kroz spike al bi naravno bilo lijepo kad bi antivirus radio kako treba.... i ima lijeka za sve )))

 

[pecko88]

Primetio sam da postate nesto o hijackthisa i combofixom, ali tu su i mnoge PM-e koje ne mogu procitati...

Pozdrav.....:ludaci_lol:
Edit. Cak sam sada video tvoj prvi post u ovoj temi....ccc....sorry..:eyebrows:

 

[neo_81]

ne ne na PMovima su samo linkovi za download upratio si sve )) u 90% sluchajeva je greshka da ljudi ne preuzmu prava od system volume information foldera ili ne iskljuche system restore prilikom chishchenja kompa a ovi spywareovi koji su IN mogu se rijeshit sa par alaticha i nemoj zezat hijackthis i combo su prilichno lijepi alatichi )))

 

[Kurblaj Kan]

Evo nakon milion godina sam napravio sve ovo što si mi predložio
Prvo sam bio s onim microsoft scanerom prošao i on je našao ali nije riješio problemn nod nije rješio problem i ne radi mi jer se neda updateat s neta ova 3.0. verzija što si mi dao
Danas sam combofixom prošao po kompu i nije pomoglo i evo i report od hijackthisa pa pomagaj ako možeš

Logfile of HijackThis v1.99.1
Scan saved at 12:43:13, on 28.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programi\Mozilla Firefox\firefox.exe
D:\Programi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [0079e99f] rundll32.exe "C:\WINDOWS\system32\mywrtyxp.dll",b
O4 - HKLM\..\Run: [egui] "D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BM034ada03] Rundll32.exe "C:\WINDOWS\system32\vesmdmww.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Programi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[Kurblaj Kan]

Evo i od combofixa report ako ti to pomaže da mi pomogneš

ComboFix 08-09-27.01 - Shaman Shandor 2008-09-28 12:33:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT 2:00]
Running from: C:\Documents and Settings\Shaman Shandor\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM034ada03.txt
C:\WINDOWS\BM034ada03.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-25 15:35 . 2008-09-25 15:35 268 --ah----- C:\sqmdata01.sqm
2008-09-25 15:35 . 2008-09-25 15:35 244 --ah----- C:\sqmnoopt01.sqm
2008-09-11 13:44 . 2008-09-11 13:44 268 --ah----- C:\sqmdata00.sqm
2008-09-11 13:44 . 2008-09-11 13:44 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 09:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 16:04 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\Corel
2008-08-31 17:35 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\DNA
2008-08-31 15:59 --------- d-----w C:\Program Files\DNA
2008-08-16 14:48 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\SUPERAntiSpyware.com
2008-08-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-16 14:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 13:16 379,266 --sha-w C:\WINDOWS\system32\KkTwaGgh.ini2
2008-08-16 12:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-16 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-16 08:30 84,480 ----a-w C:\WINDOWS\system32\mywrtyxp.dll
2008-08-16 08:28 92,672 ----a-w C:\WINDOWS\system32\vesmdmww.dll
2008-08-15 08:00 93,184 ----a-w C:\WINDOWS\system32\tuxwibso.dll
2008-08-14 02:14 94,208 ----a-w C:\WINDOWS\system32\crbswttl.dll
2008-08-10 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 04:41 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\BitTorrent
2008-07-29 16:10 --------- d-----w C:\Program Files\Common Files\Adobe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="D:\Programi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="D:\Programi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"0079e99f"="C:\WINDOWS\system32\mywrtyxp.dll" [2008-08-16 84480]
"egui"="D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"BM034ada03"="C:\WINDOWS\system32\vesmdmww.dll" [2008-08-16 92672]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Programi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"E:\\Programi\\BitTorrent\\bittorrent.exe"=
"D:\\Programi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Programi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
.
- - - - ORPHANS REMOVED - - - -

BHO-{85C1FED7-BA66-43ED-9A84-CC9F204A71F3} - C:\WINDOWS\system32\hgGawTkK.dll
Notify-vtUnolKd - vtUnolKd.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Shaman Shandor\Application Data\Mozilla\Firefox\Profiles\rs9jf8lb.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - d:\Programi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\Programi\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - d:\Programi\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\NPOFFICE.DLL
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 12:36:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\pxytrwym.tmp 8450048 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Programi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 12:38:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 10:38:03

Pre-Run: 12.337.795.072 bytes free
Post-Run: 13,849,956,352 bytes free

134 --- E O F --- 2008-07-19 11:00:56

 

[neo_81]

prvo hijackom makni ovo:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [0079e99f] rundll32.exe "C:\WINDOWS\system32\mywrtyxp.dll",b
O4 - HKLM\..\Run: [BM034ada03] Rundll32.exe "C:\WINDOWS\system32\vesmdmww.dll",s
O11 - Options group: [INTERNATIONAL] International*

josh prodji sa smitfraudfix-om:

http://siri.geekstogo.com/SmitfraudFix.php

u safe modu (prilikom paljenja stishchi F8) kad to napravish josh jednom combo pa molim te obavjesti me o simptome....

ako zhelish i mislish da mi mozhesh vjerovat mozhemo se dogovorit preko PMa oko daljinske kontrole ako imash adsl...

ako imash problema sa mrezhom downloadaj winsockfix ovdje:

http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

 

[neo_81]

eh da...radechi keyevi za nod:

www.nod32keys.com

svaki dan novi...

 

[Kurblaj Kan]

E izrazito se mnogo zahvaljujem jer se čini da sam popravio sve
O4 - HKLM\..\Run: [BM034ada03] Rundll32.exe "C:\WINDOWS\system32\vesmdmww.dll",s
Ovo se nije moglo izbrisati normalno u windowsima ali moglo je u safe modu i sad mi se čini da mi net normalno radi
Mnogo mnogo zahvaljuem produžio si mi život za par godina jer ću se mnogo manje nervirati ovako

 

[neo_81]

...zhivio )))

 

[Kurblaj Kan]

E neradi sajt s ključevima za nod a ističe mi uskoro ovaj koji sam upisao

 

[Kurblaj Kan]

E ona enabler što si mi poslo je za 2.8 verziju pa ono pomozi dalje ak ti nije problem:crash:

 

[neo_81]

ne ne )) to ti je verzija enablera )) samo ti to skini i instaliraj...on bi trebao dalje trazhit licencu i podesit...

 

[Kurblaj Kan]

Evo opet sam zaražen spywareom pa bi zamolio nekoga stručnog da mi kaže koje da ubijem od ovih procesa(izvještaj od hijackthisa)

Logfile of HijackThis v1.99.1
Scan saved at 14:49:54, on 16.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Shaman Shandor\Application Data\cogad\cogad.exe
D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Programi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Akejuregadagakus] rundll32.exe "C:\WINDOWS\Ykayexizodulipo.dll",e
O4 - HKLM\..\Run: [0079e99f] rundll32.exe "C:\WINDOWS\system32\gvqtktvc.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Shaman Shandor\Application Data\cogad\cogad.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe