Pozdrav delija_sever031,
Zamolio sam kolegu Milana da prebaci tvoju temu u forum Zastita da pogledamo da li je mozda uzrok tvog problema malware. Ako ustanovimo da nije vraticemo je u forum Browseri.

************

Za pocetak skini program HijackThis.

Kada ga preuzmes preimenuj fajl u bilo sta npr. blabla.exe. Pokreni ga i klikni na "Do a system scan and save a logfile". Taj log fajl iskopiraj ovde da vidimo.

Napomena:Ako ti upustvo nije najjasnije pogledaj ovaj link.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:16 PM, on 4/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{398BF8D1-36E1-4147-AA55-DB694B8294A7}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C3702EC-432D-4F2F-9258-49594E53EA9F}: NameServer = 85.255.112.148;85.255.112.215
O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7102 bytes

Idi na Start — Run — pa ukucaj sledece:



I pritisni Enter. Iskopiraj sadrzaj txt fajla iz Notepada koji ce se pojaviti posle kucanja navedene komande u sledecu poruku.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Privremeno iskljuci Avast - desni klik na Avasti ikonicu u donjem desnom uglu i odaberi Stop On-Access Protection.

Skini ComboFix na Desktop. Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva koja ti program zadaje. Kada se zavrsi proces skeniranja pojavice se izvestaj koji ces ovde iskopirati. Ako slucajno ugasis izvestaj on se nalazi na C:\ComboFix.txt.

Napomena: Ukoliko ti upustvo nije najjasnije pogledaj ovaj link.

ComboFix 09-04-15.08 - Tesa 04/16/2009 0:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.604 [GMT 2:00]
Running from: c:\documents and settings\Tesa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090415-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\windows\system32\winjvd32.dll
c:\windows\system32\winmxw32.dll
D:\Desktop.exe
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 08:37 . 2009-04-14 08:37 -------- d-----w C:\novi sajt zenskog centra
2009-04-11 20:20 . 2009-04-11 20:20 -------- d-----w c:\documents and settings\Tesa\Application Data\scriptocean
2009-04-10 08:43 . 2009-04-10 09:34 -------- d-----w c:\documents and settings\Tesa\Application Data\ICQ
2009-04-09 08:51 . 2009-04-09 08:51 250 ----a-w c:\windows\gmer.ini
2009-03-28 13:43 . 2009-04-15 21:33 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-28 13:43 . 2009-03-28 13:43 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 22:09 . 2009-01-08 09:59 -------- d-----w c:\program files\DNA
2009-04-15 22:09 . 2009-01-08 09:59 -------- d-----w c:\documents and settings\Tesa\Application Data\DNA
2009-04-11 21:47 . 2009-04-11 20:20 -------- d-----w c:\program files\Scriptocean
2009-04-11 17:19 . 2009-01-08 09:58 -------- d-----w c:\program files\BitComet
2009-04-11 17:00 . 2008-11-26 23:08 -------- d-----w c:\program files\CCleaner
2009-04-10 09:34 . 2009-04-10 09:04 -------- d-----w c:\program files\ICQ6.5
2009-04-10 09:14 . 2008-11-26 22:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 11:31 . 2008-11-29 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-04-08 11:30 . 2008-11-29 08:38 -------- d-----w c:\program files\Windows Live
2009-04-03 07:04 . 2009-02-12 16:52 -------- d-----w c:\program files\Java
2009-03-29 14:07 . 2008-11-29 08:50 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-09 03:19 . 2009-02-12 16:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-28 14:06 . 2009-02-28 14:06 -------- d-----w c:\program files\GameSpy Arcade
2009-02-28 14:06 . 2009-02-28 14:06 -------- d-----w c:\program files\MSXML 4.0
2009-02-28 14:04 . 2009-02-28 14:04 -------- d-----w c:\program files\Microsoft Games
2009-02-28 13:29 . 2009-02-28 13:29 -------- d-----w c:\program files\dm
2009-02-22 16:08 . 2009-02-22 16:08 -------- d-----w c:\documents and settings\Tesa\Application Data\Smart PC Solutions
2009-02-22 16:08 . 2009-02-22 16:08 -------- d-----w c:\program files\Smart PC Solutions
2009-02-10 12:39 . 2008-11-26 22:35 43336 ----a-w c:\documents and settings\Tesa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2232 ----a-w c:\windows\java\Packages\Data\FJ75JLBL.DAT
2009-01-20 09:49 . 2009-01-20 09:49 155995 ----a-w c:\windows\java\Packages\7HVBTVN7.ZIP
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\TVL3HV93.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\3VZNLJL3.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\NHJTN139.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\KWLZT3HJ.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\9F9ZJF3X.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-08 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-01 185872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-10 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 --sh--w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ------w c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"SharedAccess"=2 (0x2)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"SamSs"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"Browser"=2 (0x2)
"WmiApSrv"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-09-06 22752]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-30 27904]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{795df2d5-bc0c-11dd-8c46-001d9206c1b2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad915bd6-0bd0-11de-8cfd-00180274bcaa}]
\Shell\AutoRun\command - xswhzu.exe
\Shell\explore\Command - xswhzu.exe
\Shell\open\Command - xswhzu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20a493e-027c-11de-8cec-00180274bcaa}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tesa\Application Data\Mozilla\Firefox\Profiles\3u3k3w41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.yu
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 00:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-04-15 0:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 22:11

Pre-Run: 4,540,735,488 bytes free
Post-Run: 4,653,608,960 bytes free

183

Opet iskljuci svu zastitu koju imas. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Javi kakvo je novo stanje.

ComboFix 09-04-16.02 - Tesa 04/16/2009 10:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.619 [GMT 2:00]
Running from: c:\documents and settings\Tesa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tesa\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090415-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-14 08:37 . 2009-04-14 08:37 -------- d-----w C:\novi sajt zenskog centra
2009-04-11 20:20 . 2009-04-11 20:20 -------- d-----w c:\documents and settings\Tesa\Application Data\scriptocean
2009-04-10 08:43 . 2009-04-10 09:34 -------- d-----w c:\documents and settings\Tesa\Application Data\ICQ
2009-04-09 08:51 . 2009-04-09 08:51 250 ----a-w c:\windows\gmer.ini
2009-03-28 13:43 . 2009-04-15 21:33 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-28 13:43 . 2009-03-28 13:43 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 08:28 . 2009-01-08 09:59 -------- d-----w c:\documents and settings\Tesa\Application Data\DNA
2009-04-16 07:28 . 2009-01-08 09:59 -------- d-----w c:\program files\DNA
2009-04-11 21:47 . 2009-04-11 20:20 -------- d-----w c:\program files\Scriptocean
2009-04-11 17:19 . 2009-01-08 09:58 -------- d-----w c:\program files\BitComet
2009-04-11 17:00 . 2008-11-26 23:08 -------- d-----w c:\program files\CCleaner
2009-04-10 09:34 . 2009-04-10 09:04 -------- d-----w c:\program files\ICQ6.5
2009-04-10 09:14 . 2008-11-26 22:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 11:31 . 2008-11-29 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-04-08 11:30 . 2008-11-29 08:38 -------- d-----w c:\program files\Windows Live
2009-04-03 07:04 . 2009-02-12 16:52 -------- d-----w c:\program files\Java
2009-03-29 14:07 . 2008-11-29 08:50 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-09 03:19 . 2009-02-12 16:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-28 14:06 . 2009-02-28 14:06 -------- d-----w c:\program files\GameSpy Arcade
2009-02-28 14:06 . 2009-02-28 14:06 -------- d-----w c:\program files\MSXML 4.0
2009-02-28 14:04 . 2009-02-28 14:04 -------- d-----w c:\program files\Microsoft Games
2009-02-28 13:29 . 2009-02-28 13:29 -------- d-----w c:\program files\dm
2009-02-22 16:08 . 2009-02-22 16:08 -------- d-----w c:\documents and settings\Tesa\Application Data\Smart PC Solutions
2009-02-22 16:08 . 2009-02-22 16:08 -------- d-----w c:\program files\Smart PC Solutions
2009-02-10 12:39 . 2008-11-26 22:35 43336 ----a-w c:\documents and settings\Tesa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2232 ----a-w c:\windows\java\Packages\Data\FJ75JLBL.DAT
2009-01-20 09:49 . 2009-01-20 09:49 155995 ----a-w c:\windows\java\Packages\7HVBTVN7.ZIP
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\TVL3HV93.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\3VZNLJL3.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\NHJTN139.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\KWLZT3HJ.DAT
2009-01-20 09:49 . 2009-01-20 09:49 2678 ----a-w c:\windows\java\Packages\Data\9F9ZJF3X.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_22.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 07:28 . 2009-04-16 07:28 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
+ 2009-04-16 07:28 . 2009-04-16 07:28 16384 c:\windows\Temp\Perflib_Perfdata_19c.dat
+ 2004-08-04 01:07 . 2009-04-16 07:32 59440 c:\windows\system32\perfc009.dat
- 2004-08-04 01:07 . 2009-04-15 06:58 59440 c:\windows\system32\perfc009.dat
+ 2004-08-04 01:07 . 2009-04-16 07:32 395200 c:\windows\system32\perfh009.dat
- 2004-08-04 01:07 . 2009-04-15 06:58 395200 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-08 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-01 185872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-10 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 --sh--w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ------w c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"SharedAccess"=2 (0x2)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"SamSs"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"Browser"=2 (0x2)
"WmiApSrv"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-09-06 22752]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-30 27904]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tesa\Application Data\Mozilla\Firefox\Profiles\3u3k3w41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.yu
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 10:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(720)
c:\windows\system32\msi.dll
.
Completion time: 2009-04-16 10:29
ComboFix-quarantined-files.txt 2009-04-16 08:29

Pre-Run: 4,623,122,432 bytes free
Post-Run: 4,621,709,312 bytes free

159

Kakvo je sada stanje?

Radi sve legendo veliko ti hvala!!

Ako nije tesko reci mi sta je bio problem?

Sada je red da uninstaliramo ComboFix:

Otvori Start > Run i ukucaj combofix /u

Program ce se automatski uninstalirati. Nemoj zaboraviti da ukljucis svu zastitu, posto si je gasio zbog rada ovog programa.

Problem su bili virusi sa USB flash-a. Zamolio bih te formatiras sve tvoje flesh-ove. I ako imas vremena uradi sledece:

• Preuzmi i instaliraj program Malwarebytes` Anti-Malware
• Pokreni ga i izvrsi update (Update > Check for Updates) i po zavrsetku potvrdi sa OK
• Posle update-a odaberi Scanner, oznaci Perform full scan i pritisni Scan
• Kada se skeniranje zavrsi pritisni OK, pa Show Results da vidis izvestaj.
• Proveri da li su svi pronadjeni fajlovi stiklirani (ako nisu selektuj ih), pritisni Remove Selected i potvrdi sa OK
• Program ce te upitati da restartujes racunar i ti to potvrdi
• Takodje posle ukljanjanje malware-a sa racunara dobices log fajl (izvestaj) koji ces iskopirati ovde

U toku skeniranja avast mi blokirao scan i izbacio sledece

C:\WINDOWS\system32\wineil32.dll
Win32:Trojan-gen {Other}
Virus/Crv

Dostupne akcije

Premesti Obrisi Popravi Premesti u kovceg

Odaberi Premesti u kovceg, a neces pogresiti i ako si ga obrisao. Kada zavrsis sa skeniranjem postavi mi izvestaje Avasta i Malwarebytes` Antimalware-a.

isao sam na brisanje ne volim ove karantin opcije,log stize nesto kasnije

Avast ne daje log,bar ne znam gde se nalazi,prijavio jos 2 .dll fajla slicna gore navedenom koja sam stavio u karantin

C:\WINDOWS\system32\winjks32.dll
autorun.inf.vir (autorun-e worm)

Ok. Reci mi samo da li si uninstalirao ComboFix? Jel si pustao MBAM?

ComboFix obrisan a evo i ovog drugog loga,3 fajla prijavljena i obrisana




Malwarebytes' Anti-Malware 1.36
Database version: 1989
Windows 5.1.2600 Service Pack 2

4/16/2009 7:42:57 PM
mbam-log-2009-04-16 (19-42-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 243799
Time elapsed: 41 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ok. Hajde samo za kraj postavi novi HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:20 PM, on 4/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7323 bytes

Ok. Izvestaj je sada cist. Da li zelis da vrsimo jos neke provere ili da "zatvaramo" slucaj?

Za sad se ne zalim na nista drugo a veliko hvala na pomoci!!

Nema problema. Ostavicu temu otkljucanu, pa ako bude opet nekih problema ti javi.

Srdacan pozdrav!