Evo i log-a:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:56, on 8/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Milan\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugin-container.exe
C:\Program Files\TC UP\totalcmd.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Milan\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Milan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Milan\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Milan\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A86D9A7-19C0-4F51-9C32-688D027BE138}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A86D9A7-19C0-4F51-9C32-688D027BE138}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A86D9A7-19C0-4F51-9C32-688D027BE138}: NameServer = 212.200.191.166,212.200.190.166
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 12190 bytes

Pokreni antivirus pre windowsa.

Probao sam ali nece! Idem na SAFE MODE, pokrenem ESET i izbaci mi poruku da nesto nije u redu!

Ajd uozbilji se malo.

Skini Avira rescue CD, nareži, bootuj sa njega i očisti viruse.
Safe mode nije isto što i "pre windowsa".

Ima li taj čuveni svemogući ESET boot time scan?
Pokreni ga ako baš nećeš freeware rešenja da probaš.

Eset nema boot scan...mislim da ce Avira Rescue Disk resiti sve, @toci, uradi kako ti je covek rekao da ne ponavljam isto...

Da, uradio sam kako je covek rekao i veliko NISTA!!! Skinuo sam Avira Rescue System LiveCD, pokrenuo ga, updat-ovao, pustio ga da radi, radio je dobrih 3:40min, pronasao neke viruse i probleme, ispravio ih i kada sam ponovo upalio WIN7, opet mi ESET prijavljuje isti proble, tj. virus, i kada pokrenem ESET opet ide restart!!!!

Sta sada?

Ako je Avira rescue CD sredio problem, ESET se ne bi bunio. Avira ako ne može da očisti samo preimenuje zaražene fajlove (doda im .xxx ekstenziju) te se kao takvi ne mogu pokretati. Ne briše ih.

Da li si siguran da je Avira Rescue CD bio namešten da ako ne može da očisti virus da ga preimenuje?

Nisam siguran kako je bilo podeseno, jer nisam nista dirao u opcijama od Avire, samo sam je update-ovao!
Pokrenucu ponovo Aviru, neka radi nocas, jer ja ne mogu da cekam 3.45min, pa cu sutra javiti sta se desava!

Pozz!

Podesi u opcijama "Try to repair or rename" pa tek onda skeniraj, tad mora da onesposobi virus...
Malo mi je cudno toliko dugo skeniranje, meni Avira Rescue Disk odradi scan za svega pola sata...

Podesio sam u opcijama da preimenuje ako nadje virus, pustio Aviru koja je zavrsila za oko 1h, ali....................... i dalje NISTA NOVO! :(
Znaci, kada pokrenem ESET i kada hocu da skeniram PC, ako obelezim particiju D: ili externi HDD odmah, nakon 5s, ide reset!!!!



_{[Ovu poruku je menjao toci dana 11.08.2010. u 07:46 GMT+1]}

Ajmo da probamo ovako.
Zaražen ti je boot sector na disku broj 2 i 3.
Skini Hiren's boot, nareži ga na cd i bootuj sa njega.
Učitaj Partiton table doctor i probaj da uradiš fixmbr, a potom restart.
Ako ti i posle toga opet javlja boot virus na disku.
Prebaci podatke ili ih nareži.
Zatim bootuj Hirens i obriši particiju na disku sa nekom od alatki iz Partitioning Tools sekcije i zatim je formatiraj.
Zatim vrati podatke.

Takođe , da li se koristio neki program za particionisanje diskova iz Windowsa ili neki program za multibutovanje operativnih sistema?
NOD32 ima tu manu što ponekad detektuje takve izmene kao nepoznati TSR.BOOT virus..

Koji hard disk imas, koji proizvodjac? Najbolje resenje bi bilo da spasic podatke i odradis Low Level Format...tako ces biti siguran da ce nakon sledece reinstalacije sistema sve biti ok...

Imam WD od 500GB, odradio sam format C: particije kada sam instalirao novi Win7 pre par dana, ali D: particiju nisam dirao, a ona i externi WD Passport500GB mi prave problem tj. oni su zarazeni! Mogu da podatke sa D: particije prebacim na externi i formatiram D: , ali sta posle sa podacima sa externog HDD-a, gde njih da prebacim kada imam preko 450GB posataka!? :(

Probacu sada sa Hiren's boot!
Nisam koristio ni jedan program sa particionisanje diskova iz Win-a!
Ne znam sta radi NOD32, ali ovo mi se nikada ranije nije desavalo!!!

Probaj sledece:
1. skini sa neta najnoviji avast free
2. deinstaliraj NOD
3. instaliraj i apdejtuj avast
4. pronadji boot time scan i ukljuci ga
5. restartuj racunar


Srecno!!

Skini Kaspersky Rescue CD (.iso image) odavde http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/ , narezi ga na CD i boot-uj Windows pomocu njega, odradi scan i ocisti sve sto pronadje...ovo mora da resi problem!

Momci, polako...

Pogledajte detekciju NOD-a... Virus je u Master Boot Record sectoru hard diska (MBR). Ne znam sta ste zapeli sa tim Live AV resenjima.

Skinuo sam ovaj Kaspersky Rescue Disk ver. 10.0.23.19 narezao ga na CD, krenuo da boot-ujem sa njega i NECE!!!!

Ukoliko imas Windows 7 instalacioni disk, pokusaj na sledeci nacin...
http://support.microsoft.com/kb/927392

Fokusiraj se prvo da popraviš Master Boot Record ako možeš. Probaj sa Fixmbr stavkom u partiton table doktoru

Skinuo sam Hiren's Boot 10.6 i kada ga pokrenem tamo nigde nema PARTITION TABLE DOCTOR!!! Postoji mnostvo programa koji se odnose na MBRFIX ali ja ne znam sta treba da kucam u liniji tj. da zadam komandu, jer se bojim da nesto ne zaje... jer imam puno vaznih podataka na D: particiji a nisam ih sacuvao!!!

restuj virus

Skini Bootkit Remover i raspakuj na desktop.
Pokreni remover.exe i kopiraj ovdje izvještaj.

Sad sam video da je Itaki skinuo tu alatku sa Hirensa

Idi na MBRFix 1.3 i kucaj

MBRFix /drive 1 fixmbr /yes

pretpostavljam da ti je drive 1 drugi disk

(sistemski treba da ti vidi kao drive 0)

Javljam se cim se budem vratio sa puta, posto trenutno nisam pored racunara!

Pozz!
Izvinite sto sam malo bio odsutan, ali situacija je sledeca"
1. Resio sam se nekog "opasnog" malware-a, ali problem sa resetom i dalje postoji!!!!
2. Primetio sam da do reseta uglavnom dolazi kada krenem da unzip-ujem neku igricu koja u sebi sadrzi CRACK!!!
3. To mi se do sada nikada nije desavalo! Da napomenem da nikakva podesavanja u ESET-u nisam dirao niti namestao!

Vise ne znam sta da radim zbog ovog reseta! Cak sam prekjuceo ceo dan presedeo pored racunara i skenirao korak po korak sa ESET-om svaki direktorijum na D: particiji i externom HDD-u jer ovaj problem se samo kod njih ispoljava! Na C: particiji sve funkcionise normalno!

Jedino sta mi preostaje da formatiram i D: particiju u externi HDD, pa da vidim onda sta ce biti, ali gde staviti 700GB podataka?

Sto se tice podataka, stvarno ne znam sta ces da radis sa njima, snadji se...moras da odradis Low Level Format hard diska, to ce obrisati sve moguce podatke sa njega, pa zatim da ponovo instaliras Windows, to je jedina sigurna opcija...ko zna sta se sve desava sa sistemom, svaki naredni korak bi bio suvisan i bezveze bi se mucio...
Pogledaj na sajtu WD-a, mora da postoji alat koji sam naveo...