Otvori
C:\Windows\Temp
C:\Users\Dimitrije\AppData\Local\Temp\

I obriši sve što je u ta dva foldera.
Preporuka je da koristiš Total Commander i da uključiš opciju Show Hidden Files ...
Posle toga isprazni Recycle Bin

Pokreni Malwarebytes, skeniraj ... i ako traži restart, odradi i to.
Posle njega skeniraj sa tim Nod-om što ga imaš, pa kad sve to prođe, okači opet HJT log i malwarebytes log sa prvog skeniranja.

Koliko vidim imas u kompu keylogger i jos poprilican broj zanimljivog malware sadrzaja.Uradi ovo sto ti je zoran rekao, mada bih ti ja preporucio skeniranje dr.webom umesto nodom.Dr.Web je free antivirus i pokrece se bez instalacije.


I da, ovu temu treba prebaciti u zastitu.

Obrisao sam sve iz oba foldera (kotistio TC)i ispraznio kantu, kada je malwarebytes skenirao nashao je dosta :D

Malwarebytes' Anti-Malware 1.44
Database version: 3654
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

29.1.2010 9:38:08
mbam-log-2010-01-29 (09-37-46).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 563082
Time elapsed: 3 hour(s), 46 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WinButler (Adware.WinButler) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sytiem (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\28463 (Keylogger.Ardamax) -> No action taken.

Files Infected:
C:\Windows\System32\28463\GDJD.007 (PUP.ArdamaxKeyLogger) -> No action taken.
C:\Windows\System32\28463\WMBO.007 (PUP.ArdamaxKeyLogger) -> No action taken.
E:\programi\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent) -> No action taken.
E:\programi\Wireless_WEP_Key_Password_Spy_1.1\wireless1.1\WKey.exe (HackTool.Agent) -> No action taken.
C:\Windows\System32\28463\akv.cfg (Keylogger.Ardamax) -> No action taken.
C:\Windows\System32\28463\GDJD.001 (Keylogger.Ardamax) -> No action taken.
C:\Windows\System32\28463\GDJD.002 (Keylogger.Ardamax) -> No action taken.
C:\Windows\System32\28463\GDJD.005 (Keylogger.Ardamax) -> No action taken.
C:\Windows\System32\28463\GDJD.006 (Keylogger.Ardamax) -> No action taken.
C:\Win\names.txt (Worm.AutoIT) -> No action taken.

onda sam rekao da obrishe sve to shto je nashao i trazio mi restart (uradio sam ga)

Malwarebytes' Anti-Malware 1.44
Database version: 3654
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

29.1.2010 9:38:54
mbam-log-2010-01-29 (09-38-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 563082
Time elapsed: 3 hour(s), 46 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WinButler (Adware.WinButler) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sytiem (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\28463 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\28463\GDJD.007 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\WMBO.007 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.
E:\programi\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\programi\Wireless_WEP_Key_Password_Spy_1.1\wireless1.1\WKey.exe (HackTool.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\akv.cfg (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\GDJD.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\GDJD.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\GDJD.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Windows\System32\28463\GDJD.006 (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Win\names.txt (Worm.AutoIT) -> Quarantined and deleted successfully.

pa sam skenirao sa nodom a nod kao nishta nije nashao :D (ako moze link za DR WEB pa da probam i to nije na odmet)
pa sam uradio opet hijackthis i dobio log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:53:09, on 29.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.017.088.198:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [WMBO Agent] C:\Windows\system32\28463\WMBO.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dimitrije\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [systemlog] C:\Windows\system32\systemlog.exe
O4 - HKCU\..\Run: [svvhost2] C:\Windows\system32\svvhost2.exe
O4 - HKCU\..\Run: [java2] C:\Windows\system32\java2.exe
O4 - HKCU\..\Run: [swinlogin] C:\Windows\system32\swinlogin.exe
O4 - HKCU\..\Run: [winlogin2] C:\Windows\system32\winlogin2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: winmpa.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/o...hibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ?????? Google Update (gupdate1ca13412be727d7) (gupdate1ca13412be727d7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webcamera Plus Service - Ateksoft Company Ltd. - C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12068 bytes

Skini CF na desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ugasi Nod
Pokreni Cf sa desktopa (obavezno)
Klikni yes ili ok za sve sto te pita.
Kad zavrsi skeniranje izbacice ti log koji ces mi iskopirati ovde.

Evo linka do dr.weba koji si trazio http://www.freedrweb.com/ s tim sto ti je kristi sa combofixom podjednako efikasan kao i antivirus. :)
Dr.web mozes pokrenuti kasnije cisto da budes siguran da nije ostalo nekog nezeljenog djubreta.

skinuo sam CF i on je u sebi vec imao tri neka cuda
i dobio sam posle da je cist
Malwarebytes' Anti-Malware 1.44
Database version: 3707
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

9.2.2010 12:44:39
mbam-log-2010-02-09 (12-44-39).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 564310
Time elapsed: 3 hour(s), 43 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

posle toga sam skinuo doktor web
i nista nije nahsao
hvala vam

Ako moze provjera ovog loga da ne otvaram novu temu. Komp se jako cudno ponasa. Spor je i ne moze da apdetuje win - greska je 0x8024d007 - ma sta to bilo. Pokusao sam i sa reinstal win, al situacija je ista.
Unaprijed hvala. Pozzz.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:53, on 13.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tamara\Desktop\bla bla\HiJackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [remotecontrol9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [pdvd9languageshortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [nerofiltercheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ltmoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [bdregion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1262983395781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1262984910078
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ?????? Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6409 bytes

Postoje određene restrikcije vezane za IE. Ukoliko ih nisi sam podesio ili neki od tvojih programa, pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

a zatim klikni Fix Checked.

@kristi1 - odradio kako si rekao. Ali isto se ponasa. Ako ima potrebe za combofix - reci. Ako smatras da je log cist, opet dobro. U svakom slucaju veliko hvala. I stvarno bih volio da ne radim format c:. Ako je moguce. Pozz.

Iz ovog HJT loga ja ne mogu da zakljucim da je racunar zarazen. HJT je pevazidjen program, pa i nije neko merilo.

http://free.antivirus.com/hijackthis/

Ovde imas najnoviju 2.03 beta verziju, pa probaj i nju. Ja sam je sad skinuo i prijavila je neku gresku, rekao bih da je problem do zastarelosti programa.

Zamolila bih za tumačenje Hijack loga. Unapred vam hvala!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:22, on 23.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Browser Defender\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Opera 10.50 Beta\opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Update ESET's licence.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi...t/muweb_site.cab?1222547679421
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Browser Defender\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Windows Live Porodična bezbednost (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7987 bytes

>

--0016e652f5822004ad04804c4d16
Content-Type: text/html; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Hm... Ne znam da li sam ba� skontala na koje dve linije mislite :-)<br><br><div class="gmail_quote">On Tue, Feb 23, 2010 at 11:32 PM, BBiljana <span dir="ltr">&lt;<a href="mailto:[email protected]">[email protected]</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Zamolila bih za tuma�enje Hijack loga. Unapred vam hvala!<br>
<br>
<br>
Logfile of Trend Micro HijackThis v2.0.2<br>
Scan saved at 23:14:22, on 23.02.2010<br>
Platform: Windows XP SP2 (WinNT 5.01.2600)<br>
MSIE: Internet Explorer v8.00 (8.00.6001.18702)<br>
Boot mode: Normal<br>
<br>
Running processes:<br>
C:WINDOWSSystem32smss.exe<br>
C:WINDOWSsystem32winlogon.exe<br>
C:WINDOWSsystem32services.exe<br>
C:WINDOWSsystem32lsass.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:Program FilesWindows DefenderMsMpEng.exe<br>
C:WINDOWSSystem32svchost.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:WINDOWSExplorer.EXE<br>
C:WINDOWSsystem32spoolsv.exe<br>
C:Program FilesBonjourmDNSResponder.exe<br>
C:Program FilesBrowser DefenderBDTUpdateService.exe<br>
C:Program FilesESETESET Smart Securityekrn.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe<br>
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:WINDOWSsystem32SearchIndexer.exe<br>
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe<br>
C:Program FilesESETESET Smart Securityegui.exe<br>
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe<br>
C:WINDOWSsystem32ctfmon.exe<br>
C:WINDOWSsystem32msiexec.exe<br>
C:WINDOWSsystem32NOTEPAD.EXE<br>
C:Program FilesGoogleGoogle Talkgoogletalk.exe<br>
C:Program FilesOpera 10.50 Betaopera.exe<br>
C:WINDOWSsystem32SearchProtocolHost.exe<br>
C:Program FilesTrend MicroHijackThisHijackThis.exe<br>
<br>
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = (<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> )<br>

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = (<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a> )<br>

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = (<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> )<br>

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = (<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> )<br>

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = (<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a> )<br>

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll<br>
O2 - BHO: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll<br>
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:Program FilesBrowser DefenderPCTBrowserDefender.dll<br>
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL<br>
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMSNToolbar3.0.1203.0msneshellx.dll<br>
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll<br>
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)<br>
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll<br>
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:Program FilesBrowser DefenderPCTBrowserDefender.dll<br>
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program FilesMSNToolbar3.0.1203.0msneshellx.dll<br>
O4 - HKLM..Run: [egui] &quot;C:Program FilesESETESET Smart Securityegui.exe&quot; /hide /waitservice<br>
O4 - HKLM..Run: [GrooveMonitor] &quot;C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe&quot;<br>
O4 - HKLM..Run: [QuickTime Task] &quot;C:Program FilesQuickTimeQTTask.exe&quot; -atboottime<br>
O4 - HKLM..Run: [Adobe Reader Speed Launcher] &quot;C:Program FilesAdobeReader 8.0ReaderReader_sl.exe&quot;<br>
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe<br>
O4 - Global Startup: Update ESET&#39;s licence.lnk = C:Program FilesESETMiNODLoginMiNODLogin.exe<br>
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present<br>
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present<br>
O8 - Extra context menu item: Add to Google Photos Screensa&amp;ver - res://C:WINDOWSsystem32GPhotos.scr/200<br>
O8 - Extra context menu item: E&amp;xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000<br>
O8 - Extra context menu item: Prevedi sa Di recnikom - C:Program FilesDi recnikdiie.htm<br>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binnpjpi160_07.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binnpjpi160_07.dll<br>
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: &amp;Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: S&amp;end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll<br>
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL<br>
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: Spybot - Search &amp; Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: Quick Login (<a href="http://www.yu-mp3.com" target="_blank">www.yu-mp3.com</a>: <a href="http://www.yu-mp3.com" target="_blank">http://www.yu-mp3.com</a> ) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:WINDOWSsystem32shdocvw.dll<br>

O9 - Extra &#39;Tools&#39; menuitem: &amp;Quick Login (<a href="http://www.yu-mp3.com" target="_blank">www.yu-mp3.com</a>: <a href="http://www.yu-mp3.com" target="_blank">http://www.yu-mp3.com</a> ) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:WINDOWSsystem32shdocvw.dll<br>

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe<br>
O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe<br>
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll<br>
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - (<a href="http://update.microsoft.com/mi...t/muweb_site.cab?1222547679421" target="_blank">http://update.microsoft.com/mi...e.cab?1222547679421</a>: <a href="http://update.microsoft.com/mi...t/muweb_site.cab?1222547679421" target="_blank">http://update.microsoft.com/mi...te.cab?1222547679421</a> )<br>

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL<br>
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)<br>
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe<br>
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe<br>
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:Program FilesBrowser DefenderBDTUpdateService.exe<br>
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET Smart SecurityEHttpSrv.exe<br>
O23 - Service: ESET Service (ekrn) - ESET - C:Program FilesESETESET Smart Securityekrn.exe<br>
O23 - Service: Windows Live Porodi�na bezbednost (fsssvc) - Unknown owner - C:Program FilesWindows LiveFamily Safetyfsssvc.exe (file missing)<br>
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe<br>
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe<br>
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe<br>
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe<br>
<br>
--<br>
End of file - 7987 bytes<br>
<font color="#888888"><br>
--<br>
<a href="http://www.elitesecurity.org/p2530687" target="_blank">http://www.elitesecurity.org/p2530687</a><br>
<br>
Prijave/odjave: <a href="http://www.elitesecurity.org/pracenje#389455" target="_blank">http://www.elitesecurity.org/pracenje#389455</a><br>
<br>
Ne menjajte sledece dve linije ukoliko odgovarate putem emaila!<br>
esauth:389455:c4ffad0d1c68c4d5c8c16c971fb22ca7<br>

>>
>
>

--0016e65c8d94beaf1f04804c5a03
Content-Type: text/html; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

<div>Pretpostavljam da se radi o ove dve linije koje ste mi vi sada poslali :-)</div><div>(Moram vam naglasiti da sam potpuni amater u svemu ovome :-) )</div><br><div class="gmail_quote">2010/2/23 Biljana Bodro�ki <span dir="ltr">&lt;<a href="mailto:[email protected]">[email protected]</a>&gt;</span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hm... Ne znam da li sam ba� skontala na koje dve linije mislite :-)<div><div class="h5"><br><br><div class="gmail_quote">
On Tue, Feb 23, 2010 at 11:32 PM, BBiljana <span dir="ltr">&lt;<a href="mailto:[email protected]" target="_blank">[email protected]</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Zamolila bih za tuma�enje Hijack loga. Unapred vam hvala!<br>
<br>
<br>
Logfile of Trend Micro HijackThis v2.0.2<br>
Scan saved at 23:14:22, on 23.02.2010<br>
Platform: Windows XP SP2 (WinNT 5.01.2600)<br>
MSIE: Internet Explorer v8.00 (8.00.6001.18702)<br>
Boot mode: Normal<br>
<br>
Running processes:<br>
C:WINDOWSSystem32smss.exe<br>
C:WINDOWSsystem32winlogon.exe<br>
C:WINDOWSsystem32services.exe<br>
C:WINDOWSsystem32lsass.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:Program FilesWindows DefenderMsMpEng.exe<br>
C:WINDOWSSystem32svchost.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:WINDOWSExplorer.EXE<br>
C:WINDOWSsystem32spoolsv.exe<br>
C:Program FilesBonjourmDNSResponder.exe<br>
C:Program FilesBrowser DefenderBDTUpdateService.exe<br>
C:Program FilesESETESET Smart Securityekrn.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe<br>
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe<br>
C:WINDOWSsystem32svchost.exe<br>
C:WINDOWSsystem32SearchIndexer.exe<br>
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe<br>
C:Program FilesESETESET Smart Securityegui.exe<br>
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe<br>
C:WINDOWSsystem32ctfmon.exe<br>
C:WINDOWSsystem32msiexec.exe<br>
C:WINDOWSsystem32NOTEPAD.EXE<br>
C:Program FilesGoogleGoogle Talkgoogletalk.exe<br>
C:Program FilesOpera 10.50 Betaopera.exe<br>
C:WINDOWSsystem32SearchProtocolHost.exe<br>
C:Program FilesTrend MicroHijackThisHijackThis.exe<br>
<br>
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = (<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> )<br>


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = (<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a> )<br>


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = (<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> )<br>


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = (<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> )<br>


R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = (<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>: <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a> )<br>


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll<br>
O2 - BHO: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll<br>
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:Program FilesBrowser DefenderPCTBrowserDefender.dll<br>
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL<br>
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMSNToolbar3.0.1203.0msneshellx.dll<br>
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll<br>
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)<br>
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll<br>
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:Program FilesBrowser DefenderPCTBrowserDefender.dll<br>
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program FilesMSNToolbar3.0.1203.0msneshellx.dll<br>
O4 - HKLM..Run: [egui] &quot;C:Program FilesESETESET Smart Securityegui.exe&quot; /hide /waitservice<br>
O4 - HKLM..Run: [GrooveMonitor] &quot;C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe&quot;<br>
O4 - HKLM..Run: [QuickTime Task] &quot;C:Program FilesQuickTimeQTTask.exe&quot; -atboottime<br>
O4 - HKLM..Run: [Adobe Reader Speed Launcher] &quot;C:Program FilesAdobeReader 8.0ReaderReader_sl.exe&quot;<br>
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe<br>
O4 - Global Startup: Update ESET&#39;s licence.lnk = C:Program FilesESETMiNODLoginMiNODLogin.exe<br>
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present<br>
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present<br>
O8 - Extra context menu item: Add to Google Photos Screensa&amp;ver - res://C:WINDOWSsystem32GPhotos.scr/200<br>
O8 - Extra context menu item: E&amp;xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000<br>
O8 - Extra context menu item: Prevedi sa Di recnikom - C:Program FilesDi recnikdiie.htm<br>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binnpjpi160_07.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binnpjpi160_07.dll<br>
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: &amp;Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: S&amp;end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll<br>
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL<br>
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra &#39;Tools&#39; menuitem: Spybot - Search &amp; Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:WINDOWSsystem32shdocvw.dll<br>
O9 - Extra button: Quick Login (<a href="http://www.yu-mp3.com" target="_blank">www.yu-mp3.com</a>: <a href="http://www.yu-mp3.com" target="_blank">http://www.yu-mp3.com</a> ) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:WINDOWSsystem32shdocvw.dll<br>


O9 - Extra &#39;Tools&#39; menuitem: &amp;Quick Login (<a href="http://www.yu-mp3.com" target="_blank">www.yu-mp3.com</a>: <a href="http://www.yu-mp3.com" target="_blank">http://www.yu-mp3.com</a> ) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:WINDOWSsystem32shdocvw.dll<br>


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe<br>
O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe<br>
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll<br>
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - (<a href="http://update.microsoft.com/mi...t/muweb_site.cab?1222547679421" target="_blank">http://update.microsoft.com/mi...e.cab?1222547679421</a>: <a href="http://update.microsoft.com/mi...t/muweb_site.cab?1222547679421" target="_blank">http://update.microsoft.com/mi...te.cab?1222547679421</a> )<br>


O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL<br>
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)<br>
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe<br>
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe<br>
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:Program FilesBrowser DefenderBDTUpdateService.exe<br>
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET Smart SecurityEHttpSrv.exe<br>
O23 - Service: ESET Service (ekrn) - ESET - C:Program FilesESETESET Smart Securityekrn.exe<br>
O23 - Service: Windows Live Porodi�na bezbednost (fsssvc) - Unknown owner - C:Program FilesWindows LiveFamily Safetyfsssvc.exe (file missing)<br>
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe<br>
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:Program FilesCommon FilesPC ToolssMonitorStartManSvc.exe<br>
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe<br>
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe<br>
<br>
--<br>
End of file - 7987 bytes<br>
<font color="#888888"><br>
--<br>
<a href="http://www.elitesecurity.org/p2530687" target="_blank">http://www.elitesecurity.org/p2530687</a><br>
<br>
Prijave/odjave: <a href="http://www.elitesecurity.org/pracenje#389455" target="_blank">http://www.elitesecurity.org/pracenje#389455</a><br>
<br>
Ne menjajte sledece dve linije ukoliko odgovarate putem emaila!<br>
esauth:389455:c4ffad0d1c68c4d5c8c16c971fb22ca7<br>

@BBiljana
otvori novu temu i procitaj Top Temu o nacinu koriscenja HijackThis programa postavi novi log.
Takodje,izlozi nam svoj problem,jel to cisto provere radi ili mislis da ti je racunar inficiran.

_{[Ovu poruku je menjao magna86 dana 24.02.2010. u 13:18 GMT+1]}

da ne otvaram novu temu
komp mi je totalno usporio zadnjih par dana

malwarebytes log

Malwarebytes' Anti-Malware 1.44
Database version: 3917
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.3.2010 23:05:25
mbam-log-2010-03-26 (23-05-25).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 194309
Time elapsed: 39 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:11, on 26.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Cyclone PVR\Remote.exe
C:\Program Files\Cyclone PVR\Schedule.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\nenad\Desktop\ne diraj\aaaa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchqu.com/web?src=ieb&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TvrRemote] "C:\Program Files\Cyclone PVR\Remote.exe"
O4 - HKLM\..\Run: [TvrSchedule] "C:\Program Files\Cyclone PVR\Schedule.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nenad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 6007 bytes

Fixuj ovo:



Ostalo je cisto.

Hvala...

Ako moze pomoc nisam u vest u tumacenju ovih logova

U zadnje vreme mi veoma sporo radi racunar igrice veoma koce i zauzimaju u task manageru od 50-90 % memorije.
Uradjen sken sa Avirom i Malwarerebutes AntyMalware, evo uradjen i pomocu HijackThis pa evo log fajla ako moze neka pomoc da resim ovaj problem...

[QUOTE]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:36:08, on 26.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Megaupload\Mega Manager\MegaManager.exe
D:\Program Files\uTorrent\utorrent .exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mega Manager] D:\Program Files\Megaupload\Mega Manager\MegaManager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDBAD9AD-3C80-4C91-94AB-0832F080C724}: NameServer = 80.93.224.1,80.93.224.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4898 bytes
[/QUOTE]

Log je cist...koristis i dalje XP Service Pack 2 umesto Service Pack 3, kada budes bio u mogucnosti instaliraj SP3 i update-uj sistem, bices bezbedniji...
Kocenje igrica i preterano opterecenje procesora ne moraju da budu vezani za malware, tu je i hardware...
Prati sledece korake:

- Ocisti temp direktorijume C:\WINDOWS\Temp ; C:\Documents and Settings\Vas-Account\Local Settings\Temp i C:\Documents and Settings\Vas-Account \Local Settings\Temporary Internet Files
- Isprazni Recycle bin
- Kada obavis navedeno, odradi kompletan scan pomocu Avire i Malwarebytes'-a (naravno sveze update-ovani da budu), ukloni sve ukoliko bude neceg...

Nakon toga prati sta se desava pa nas obavesti...

Ocistio sam to uradicu veceras te skenove pa javljam ma se nesto zeznuo da kazem da mi i baguje i ovako u mozzili i pomalo kad radim osnovne stvari.CPu usage uglavnom 80-100% npr. mozila cesto uzima po 100 posto procesa kao i drugi programi,kad otvorim vise od 3 taba pocne bas da baguje,ovo mozda menja stvari kakav je sada savet?

Odradi sve to pa javi sta se desava...ako i nakon toga bude isto stanje, proveri u Task Manager-u koji proces uglavnom vuce najvise procenata...na osnovu toga mozemo dosta toga da uradimo...

Skenirao i nema virusa procese uglavnom uzimaju programi koji tada koristim imto napocetku 10 pa onda na 0-20%,,mozda treba defragmentacija da se uradi mada vidim sada malo bolje radi?

Nije to nista kriticno, ukloni sto vise programa pri Startup-u (Start>Run>msconfig>Startup), deinstaliraj razne toolbar-ove i bespotrebne programe i nemoj preterano da eksperimentises sa zastitnim programima, drzi se jedne kombinacije...

Koju konfiguraciju imas?




-------------------------------------------------------------------------
1. Instaliraj Service Pack 3. MS je, izmedju ostalog, prestao sa podrskom za Service Pack 2. A da ne govorim o prednostima u bezbednosti SP3-a.

2.Start -> Run -> msconfig -> kartica StartUp. Okaci Screenshoot.
Dok si u tom prozoru klikni na karticu Services, stikliraj opciju Hide all Microsoft services i okaci Screenshot.

3. Skini program Driver Easy sa sledeceg link-a: http://www.drivereasy.com/index.php
Izvrsi Scan i instaliraj najnovije driver-e koje ti bude ponudio.

4. Skini program CCleaner sa sledeceg link-a: http://www.filehippo.com/download_ccleaner
Njime ocisti junk file-ove i registry bazu.

5. Izvrsi defragmenaticiju HDD-a.