[ chupo17 @ 06.09.2007. 18:45 ] @
Empty.pif i windows.pif ne mogu da uklonim iz StartUp-a

HiJack log je u dodatku
Logfile of HijackThis v1.99.1
Scan saved at 11:51:01 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\LifeView TVR\RecSche.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Documents and Settings\Slavoljub\Application Data\explorer.exe
C:\Documents and Settings\Slavoljub\Application Data\explorer.exe
C:\Documents and Settings\Slavoljub\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Slavoljub\Local Settings\Application Data\lsass.exe
C:\Program Files\LifeView TVR\remote.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drvvv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Raketa Krstarice\components\NOWImaging.dll
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O3 - Toolbar: B92 Groowe Navigator - {1F326B8F-CE7F-4C98-96A1-AC7A2B61D742} - C:\WINDOWS\SYSTEM32\GrooweToolbar.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: Raketa Krstarice - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Raketa Krstarice\Toolband.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Remote] C:\Program Files\LifeView TVR\Remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - Startup: windows.pif = ?
O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Empty.pif = ?
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Radar - C:\Program Files\Internet Radar\Radar.html
O8 - Extra context menu item: Sledeci - C:\Program Files\Internet Radar\Sledeci.html
O9 - Extra button: O sajtu - {A33D72F1-0CA3-4522-AF0E-DBCAC81F29C2} - C:\PROGRAM FILES\INTERNET RADAR\INTERNETRADAR.DLL
O9 - Extra button: Radar - {A727176C-7630-49d5-ACC0-EDA518EA0D73} - C:\Program Files\Internet Radar\Radar.html
O9 - Extra button: Sledeci - {A8B4C482-2491-431d-90CC-19590FB1D12E} - C:\Program Files\Internet Radar\Sledeci.html
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1141575899577
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/celebs-nude/Browser_Plugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Pozdrav


[Ovu poruku je menjao chupo17 dana 07.09.2007. u 14:09 GMT+1]
[ wild2waltz @ 10.09.2007. 17:49 ] @
meni je trojan remover posklanjao gamad koju su drugi videli, ali nisu mogli i da uklone
[ Binary Mind @ 17.09.2007. 17:16 ] @
To je Brontok. Evo ti link za alat koji njega otklanja. Procitaj uputstva pazljivo:

http://wirusy.antivirenkit.pl/en/szczepionki/Brontok.html