@edisdinko

Kako si ovo postavio log, ovo ne moze da se gleda. Pre instalacije HijackThisa, promeni mu ime recimo 123.exe da ga virus ne prepozna, pa klikni na "Do a system scan and save a logfile" i kad ti izbaci log u notepadu ikopiraj i postavi u code tag.

edit: Ok sad je dobro.

Jel mozes malo da opises problem.

skinuo sam neku musku sa net i racunar mi je posle toga spor skroz
a kasperki mi izbacuje ovo
zlib Denial of Service Vulnerability
Microsoft Excel Multiple Code Execution Vulnerabilities
Microsoft Publisher Object Handler Validation Vulnerability
Microsoft Outlook "mailto:" URI Handling Vulnerability
Microsoft Word Two Code Execution Vulnerabilities
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:56, on 6.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Windowsmixer.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesDynDNS UpdaterDynTray.exe
C:Windowssystem32conime.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesInternet ExplorerIEUser.exe
C:PROGRA~1MICROS~2Office12Groove.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Windowssystem32MacromedFlashFlashUtil9f.exe
C:Users3072008DesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ba/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:Program FilesDynDNS UpdaterDynTray.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:Program FilesBonjourExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edge...ickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w...sources/VistaMSNPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{F9DD598C-FC2D-4741-9AE9-75857C6C93A0}: NameServer = 77.74.231.115
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O20 - AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: DynDNS Updater - Unknown owner - C:Program FilesDynDNS UpdaterDynUpSvc.exe

--
End of file - 5761 bytes

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ba/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:Program FilesDynDNS UpdaterDynTray.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:Program FilesBonjourExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edge...ickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w...sources/VistaMSNPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{F9DD598C-FC2D-4741-9AE9-75857C6C93A0}: NameServer = 77.74.231.115
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O20 - AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: DynDNS Updater - Unknown owner - C:Program FilesDynDNS UpdaterDynUpSvc.exe

--
End of file - 5761 bytes

Baci pogled na ovu temu odradi isto pa javi sta su uradio. http://www.elitesecurity.org/t329124-0#1995410

Malwarebytes' Anti-Malware 1.19
Database version: 928
Windows 6.0.6000

23:19:52 6.7.2008
mbam-log-7-6-2008 (23-19-44).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 103561
Time elapsed: 34 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\03072008\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SHCONAU\ccsetup209[1].exe (Rogue.Installer) -> No action taken.
C:\Users\03072008\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWJFLGGQ\ccsetup209[1].exe (Rogue.Installer) -> No action taken.

Ako ima neko da mi pomogne da uklonim ovu gamad zahvaljujem unaprijed.
1
Trojan.generic
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2
Microsoft Publisher Object Handler Validation Vulnerability
Description:
A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the object handler when parsing object header data. This can be exploited to corrupt memory via a specially crafted Publisher file.

Successful exploitation may allow execution of arbitrary code
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

3
Microsoft Excel Multiple Code Execution Vulnerabilities
Description:
Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

1) An error in the handling of macros can be exploited via a specially crafted Excel file to execute arbitrary code.

NOTE: According to Microsoft, this vulnerability is currently being actively exploited.

2) An error when processing data validation (DVAL) records can be exploited to corrupt memory via a specially crafted Excel file.

3) An error when importing files into Excel can be exploited via a specially crafted .slk file.

4) An error in the handling of style records can be exploited to corrupt memory via a specially crafted Excel file.

5) An error in the parsing of formulas can be exploited to corrupt memory via a specially crafted Excel file.

6) An error in the handling of rich text values can be exploited via a specially crafted Excel file.

7) An error in the handling of conditional formatting values can be exploited via a specially crafted Excel file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code
---------------------------------------------------------------------------------------------------------------
4
Microsoft Word Two Code Execution Vulnerabilities
Description
Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

1) An error when parsing objects in rich text format (.rtf) files can be exploited to cause a heap-based buffer overflow e.g. when a user opens a specially crafted .rtf file containing malformed strings with Word or previews a specially crafted e-mail containing malformed strings as rich text or HTML.

2) An error exists in the processing of cascading style sheets (CSS) values and can be exploited to corrupt memory when a specially crafted HTML file is opened using Word.

Successful exploitation may allow execution of arbitrary code.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
5
Microsoft Outlook "mailto:" URI Handling Vulnerability
Description

A vulnerability has been reported in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when handling a specially crafted "mailto:" URI passed from a web browser. This can be exploited to pass extra command line switches to Outlook.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
6
zlib Denial of Service Vulnerability
Description
Markus Oberhumer has reported a vulnerability in zlib, which can be exploited by malicious people to cause a DoS (Denial of Service) against a vulnerable application.

The vulnerability is caused due to the insufficient size of the code table declared in inflate.h, and can be exploited to cause an application using the zlib library to crash via a specially crafted input file.

The vulnerability has been reported in version 1.2.2. Prior versions may also be affected
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ako moze neko