TR/Spy.Agent.sak + TR/Atraps.Gen

Avira mi izbacuje svaki 15 min ova dva trojanca.
Nista ne pomaze ponovo se javljaju.Trazio sam po netu kako bih se rjesio gamadi ali nista pametno nisam nasao.
Gamad se nalazi u c\windows\Temp\.............exe(mjesto ovih tackica svaki put su druga slova i brojevi )
Da vam kazem da je znanje krhko.
Dobro bi mi doslo jedno detaljno uputstvo kako da rjesim svoj problem i ako moze bez reinstalacije (mada mi sve mirise na to)

Spreman sam na dodatna podpitanja.

Ako su samo njih dvojica u pitanju, uobičajena procedura bi trebala da reši problem

Dakle, isključi System restore, isprazni sadržaj oba temp direktorijuma … C:/Windows/temp … a ovom drugom pridji preko Start>Run pa čukni pa Enter.
Posle isprazni Recycle bin pa skeniraj opet.
Oba su prilično matori i nalaze se u bazi Avire

Ako ne, Malwarebytes, SpyBoot S&D ili SuperAntiSpyware ostaju kao rešenje

---

postupio sam po uputstvu,i uspio izbrisati atraps (bar mislim ).

nisam uspio skroz obrisati temp folder i nasao sam na netu jedan program mislim da se zove anlocker i sa njim obrisao temp.
e tu sam se zeznuo.
sad nemogu na mrezu javlja mi invalid syntax error.(ovo pisem sa drugog kompa)
mogu li se vratiti na moje trojance oni su mi bili manji problem.

HJT log cu kasnije poslati

pozdrav

Gde ti jacno javlja Syntax Error? Da li mozda kad u Internet Exploreru pokusas da otvoris stranicu? Ili mozda negde drugo dobijes tu poruku?

Kad pokusam da otvorim stranicu u internet.eksp.

Stos je u tome sto doticni malware izmeni, obrise, ili ukloni vezu do Urlmon.dll u registry bazi, ili to uradi sa nekim od sledecih fajlova: Mshtml.dll, Actxprxy.dll, Oleaut32.dll, Shell32.dll, Shdocvw.dll. Ti si obrisao sam malware, ali nisi uklonio njegove posledice. Da bi to popravio, uradi sledece:

1. Ugasi sve aktivne programe.
2. Klikni na Start, zatim klikni na Run.
3. Kucaj "regsvr32 urlmon.dll" (bez navodnika), i onda klikni na OK.
4. Kada dobijes poruku "DllRegisterServer in urlmon.dll succeeded", klikni na OK.

Ako ovo ne resi problem, pokusaj to isto redom sa svakim od fajlova sa gornjeg spiska (znaci umesto regsvr32 urlmon.dll kucaj regsvr32 mshtml.dll itd.)

Ako ni ovo ne pomogne, proveri da li u registry bazi imas sledece kljuceve i da li imaju bas ovakve vrednosti:

HKLM\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}
Name: (Default)
Value: IDispatch
HKLM\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid
Name: (Default)
Value: {00020420-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
Name: (Default)
Value: {00020420-0000-0000-C000-000000000046}

Ako ne, ispravi sve sto se razlikuje.

Ako ni ovo ne pomogne, reinstaliraj IE, odnosno uradi reinstalaciju Windowsa: za ovo nije potrebno da formatiras disk, nego bootujes racunar sa instalacionog diska za Windows, kada zavrsi podizanje odaberes opciju Setup (obicno je prva na spisku), sacekas da pronadje tvoju instalaciju Windowsa, i onda odaberes opciju Repair (obrati paznju i da u prethodnom koraku imas opciju Repair, ali tebi ne treba taj repair nego upravo ovaj). Windows ce preuzeti originalne fajlove sa CD-a, restartovace se (ovde ako te pita da li zelis da bootujes sa CD-a kazes ne), pustis ga da zavrsi setup, i nakon toga kad se podigne odradi obavezno Windows Update (mozda ces morati da ga ponovis nekoliko puta, zavisi od toga koliko ti je mator instalacioni CD). Na ovaj nacin svi instalirani programi i podesavanja ostaju ti sacuvani, eventualno ces morati neki drajver da ponovo instaliras.

valjane svaka cas,

javljam se sa svog kompa ,bilo je dovoljno da odradim postupak od 1 do 4.
Medjutim kad sam dosao sa posla upalio sam komp i opet su mi se pojavila oba trojanca.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:08 PM, on 3/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.index.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbar...20012&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbar...20012&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/mi...t/wuweb_site.cab?1185109587109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1185110005203
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/...ngerStatsPAClient.cab56907.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E70375-B1CD-4D2C-AA6A-5085E142D874}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote 2009 (Remote_Server_2009) - Unknown owner - C:\Program Files\Rete\Rote.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
O24 - Desktop Component 0: (no name) - http://www.kkrookie.com/wp-con...emes/rookie/images/header3.JPG
O24 - Desktop Component 1: (no name) - http://tbn0.google.com/images?...bums/y103/umo/AllenIverson.jpg
O24 - Desktop Component 2: (no name) - http://s.ytimg.com/yt/img/pixel-vfl73.gif
O24 - Desktop Component 3: (no name) - http://www.google.com/intl/en/images/translate_beta_res.gif

--
End of file - 8633 bytes

Imas ih ti tu vise od dva komada, ili mozda svaki od njih kreira nekoliko procesa:

O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote 2009 (Remote_Server_2009) - Unknown owner - C:\Program Files\Rete\Rote.exe (file missing)
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

Da bi imao sto manje glavobolja kod uklanjanja, predlazem ti da najpre uradis sledece: otvoris Services Manager (npr. iz Control Panela kliknes na Administrative Tools pa u njemu otvoris Services), pronadjes gorenavedenih sest servisa, kliknes na svaki dva puta, u padajucem meniju promenis sa Automatic na Disable, kliknes na Apply, pa na Stop, pa na OK.

Kada to uradis, u HJThis stikliraj ovih sest redova, i klikni na Fix Selected dugme. Nakon toga obrisi tih sest fajlova (imas putanje na kraju svakog reda, jedino cetvrti mozda neces pronaci). Onda pusti Aviru da iskenira sistem, a dotle cu probati da vidim koji alat pouzdano uklanja ove trojance.

PnkBstrA.exe / PnkBstrB.exe je neki anti cheat program za online igranje koji se instalira sa gomilom nekih igrica

Deinstaliraj ga sa http://www.evenbalance.com/downloads/pbsvc/pbsvc.exe


PS
Nego, skini ti Kaspersky Trial, uradi update i počisti ostatak
Naravno, pre toga ukloni Aviru

Usput, skini i http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx pa procesljaj sa njime sistem

---

valjan,sto se tice Services Manager to sam odradio (nisam mogao da nadjem afisicx).
Kad sam pustio HJThis nisam mogao da pronadjem vise nista od gore pomenutog,niti ista od ovog nisam mogao
da nadjem u folderu windows\system32\....

Zorane odradio sam ono sto se tice deinstalacije.
A sto se tice kasperskog u zadnji nekoliko dana promjenio sam i nod32 i avg (jako mi je usporio komp )i sad sam na aviri mozda se odlucim i za tvoj prijedlog.

Momci ponoc je prosla odoh ja u krevet pa se cujemo sutra.

Ako ih nema, onda su ili vec obrisani ili skriveni a ti nisi ukljucio prikaz skrivenih fajlova (dvoklik na My Computer, kliknes na Tools meni, pa na Folder Options, pa na View jezicak, pa odaberes radio dugme "Show hidden files or folders", i odstikliras (ispraznis) ispod ove opcije kucice "Hide extensions for known file types" i "Hide protected operating system files (recommended)" i kliknes na OK onoliko puta koliko te pita). A moguce je da je malware jos uvek aktivan i da namerno sakriva sadrzaj ovog foldera.

Vidi, nisam ti preporučio Kasperskog kao konačno rešenje već samo kao soluciju čime ćeš još jednom pročešljati ceo sistem.
Posle ga možeš kupiti ili skinuti, pa staviti šta hoćeš

A dobio si i preporuku za RootkitRevealer koji služi da otkloni upravo ono što Valjan i pominje, tj. skrivene foldere.

---

Odradio sam u Folder Options kako si predlozio i opet mi HJT nije pronasao nista od navedenog.

Deinstalirao sam Aviru i skinuo KAV 2009 Trial i sa njim skenirao (ne u safe modu ) ,pronasao je 2 malware.

Za sad mi nista ne iskace na monitoru.

Mogao bi cisto sebe radi da skeniras racunar sa nekim od programa koje ti je Zoran naveo - Malwarebytes` Antimalware ili SuperAntiSpyware. Pa nam javi rezultate.

Pozdrav!

Nista mi vise nije jasno oko ovih AV.
Mogu li dva razlicita AV otkriti jedan isti virus,trojan ..



Malwarebytes' Anti-Malware 1.34
Database version: 1866
Windows 5.1.2600 Service Pack 2

3/19/2001 10:01:46 PM
mbam-log-2001-03-19 (22-01-46).txt

Scan type: Quick Scan
Objects scanned: 66260
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Tu postoji par problema - vecina modernih stetocina kreira ime fajla po slucajnom izboru. Druga stvar je sto mnogo proizvodjaca AV softvera ima svoj nacin imenovanja i katalogizacije, pa tako jedan virus moze imati i po desetak razlicitih imena, zavisno od toga kojim AV programom skeniras. Znaci, tebi se po izvestajima AV programa moze ciniti da stalno pronalazis i brises nove viruse, a ono uvek jedan te isti...

Ajde da nekako podvučemo crtu

Isključi System Restore,
Očistiti temp direktorijume C:\WINDOWS\Temp ; C:\Documents and Settings\Tvoj-Account\Local Settings\Temp i C:\Documents and Settings\Tvoj-Account \Local Settings\Temporary Internet Files
Isprazni Recycle Bin

Skeniraj sa MBAM
Skeniraj sa SPyBoot SD
Skeniraj sa Rootkit Revealer
Skeniraj sa Kasperskim
Skeniraj sa MBAM (opet)

Posle svega uradi HJT log pa da vidimo i naravno probaj da konstatuješ neke neuobičajenosti u radu.


PS
Da ne bude zabune, navedeni programi sadrže definicije za malwer koji je detektovan kod tebe i sve bi to trebalo da bude ukonjeno rutinskim skeniranjem

---

Momci ne znam kako da vam zahvalim na ulozenom trudu.

Prije nego sto pocnete analizirati HJT da napomenem da nisam iz Temp foldera uspio izbrisati (neda se )
Perflib-Perfdata-6eOdat fajl.
Skenirao sam sa Rootkit ali nekontam sta da radim kad mi izbaci onih par redova ....(krhko znanje )
MBAM sve uredno

Na kompu za sada sve radi ko nekad .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:45 PM, on 3/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.index.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbar...20012&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbar...20012&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/mi...t/wuweb_site.cab?1185109587109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1185110005203
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/...ngerStatsPAClient.cab56907.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E70375-B1CD-4D2C-AA6A-5085E142D874}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - http://www.kkrookie.com/wp-con...emes/rookie/images/header3.JPG
O24 - Desktop Component 1: (no name) - http://tbn0.google.com/images?...bums/y103/umo/AllenIverson.jpg
O24 - Desktop Component 2: (no name) - http://s.ytimg.com/yt/img/pixel-vfl73.gif
O24 - Desktop Component 3: (no name) - http://www.google.com/intl/en/images/translate_beta_res.gif

--
End of file - 8558 bytes

Perflib Perfdata fajlove ni neces moci obrisati jer ih kreira sam Windows, tj. System Monitor u njegovom sklopu. Postoje dve alatke u okviru Windowsa pod nazivom System Monitor i Performance Logs and Alerts pomocu kojih mozes da sakupis i analiziras podatke o racunaru (procesor, memorija, diskovi, mreza) i prikazes ih u vidu grafikona, kao i da podesis Windows da te obavestava kada neki resurs ode ispod ili iznad zadatog nivoa (recimo hoces da ti na neki nacin signalizira kada zauzetost procesora predje 65%). Dakle, ne moras da brines sto ne mozes da ih obrises, to ni vecina korisnika ne moze.

Ajde da privedemo kraju ovaj zadatak.
Problem je rjesen uz vasu veliku pomoc.
Neke stvari sam naucio.
Posto sam instalirao trial Kaspersk AV 2009,odlucio sam da nakon isteka ovih 25 dana kupim KIS 2009.
Jos jednom hvala puno.