Tema za korisnike koji imaju zaražen računar

Drale1:
Imam problem sa kompjuterom neprestalno od kad sam ga kupio izbacuje me iz igrica koje instaliram npr. menadzer07 nba07 ne mogu nikako da otkrijem u cemu je problem ima li neko ko mozda zna u cemu je stvar :confused:
Kliknite za proširenje...

imao sam isti problem i rijesio sam ga se nakon sto sam instalirao AntiCrash. procitao sam negdje da taj program rijesava velik procenat padova i plavih ekrana...instaliram ga i odmah nakon sto me je prvi put izdacio prepoznao je kvar, procesuirao nesto i od tad mi se to vise ne desava.
 
Da ne otvaram novu temu, pošto sam imao sličan problem. Na računari imam dva OS instalirana, oba su win XP, s tim da je jedan konfigurisan za više korisnika. Taj sa više korisnika (djeca) je prvi instaliran i nisam ga koristio, već svježe instaliranu verziju pošto je komp trebao da služi za kucanje faktura i sl., iako sam tada kad sam instalirao win odabrao opciju da obriše sve (igrice i sl., činilo se kao da će formatirati disk) to se nije desilo. Kasnije sam ručno nešto skidao, a završilo se odnošenjem u neki pc servis gdje je koliko-toliko rješen problem (ostalo je nešto od neželjenih programa tačnije neki dijelovi, ali komp je dobro radio) E, sad nakon što sam pokupio neke trojance i crve (komp je radio pod "novijom" instalacijom) nisam mogao startovat kasperskog jer je tražio novi ključ, nešto sam petljao sa avastom i sl. međutim mršavo. Komp se zakucavao itd. E sad kad sam pokrenuo onu prvobitno instaliranu ver xp-a komp radi normalno, pokrenuo sam KAV koji važi do 10.2007. uradio update, skenirao i ponovo je našao par virusa, ali radi dobro. Osim što neće da pokrene jednu igricu koja je doduše radila čini mi se pod win 98.
Pitanje je sljedeće: da li da reinstaliram potpuno sistem i eventualno instaliram win98 - kompjuter je skroman: 450=MHz, 128MB, graf int., 10GB
Treba mi za kuckanje i eventualno surfovanje.
mogu li deinstalirati samo onaj OS pod kojim loše radi?
 
Onaj imbecil od 23 godine se ponovo dokopo racunara i posecivao ***** sajtove, i sada po 100 ljubilarni put imam gomilu virusa, ne mogu nista da otvorim, sve zivo mi je sjebano. Jedva sam usao i na internet.

Koje anti viruse i ostalo da stavim da mi preciste racunar.

Samo ako je moguce da izbegnem ponovno formatiranje diska, backup i slicno posto cu u tom slucaju nekome verovatno da polomim kosti.
 
Hvala na pomoci

Evo loga



Logfile of HijackThis v1.99.1
Scan saved at 2:43:41 PM, on 12/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\svchctrl.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Aca\LOCALS~1\Temp\Rar$EX08.703\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\Documents and Settings\Aca\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe c:\windows\system32\netupdate.exe
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\netupdate.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt93.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchostw.exe /s
O4 - HKLM\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\System\regserv.exe /s
O4 - HKLM\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKCU\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKCU\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\System32\rrtcany.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
previše procesa je runovano ovde :
Running processes:

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
Kreneš start dugme > run > ukucaš "msconfig" , kartica "startup" i sve što nađeš da nije od windowsovih procesa ili antivirusa , decekiraš polja ispred njih i aply i OK i restartuješ računar , posle restarta ti se pojavi jedno upozorenje i ako malo bolje pogledaš na njoj ima jedno mesto jedna kockica koja se obeleži i posle se klikne na ok i posle toga opet uradi Hijjack This scan , ovo je samo za početak
 
snejks:
previše procesa je runovano ovde :
Running processes:

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
Kreneš start dugme > run > ukucaš "msconfig" , kartica "startup" i sve što nađeš da nije od windowsovih procesa ili antivirusa , decekiraš polja ispred njih i aply i OK i restartuješ računar , posle restarta ti se pojavi jedno upozorenje i ako malo bolje pogledaš na njoj ima jedno mesto jedna kockica koja se obeleži i posle se klikne na ok i posle toga opet uradi Hijjack This scan , ovo je samo za početak
Kliknite za proširenje...

Hvala , evo i log fajla posle ovoga sto si rekao da uradim

Logfile of HijackThis v1.99.1
Scan saved at 4:25:44 PM, on 12/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\netupdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Aca\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe c:\windows\system32\netupdate.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\netupdate.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt93.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - HKCU\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\System32\rrtcany.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
 
Imam par tipova na sumnjivce ali bih ja ipak sačekao GZ da da svoje mišljenje o svemu ovome, u međuvremenu mogao bi da instaliraš neki od antivirusa i da pokupiš update za njega moje sve preporuke idu za Avast http://www.avast.com/eng/download-avast-home.html imaš i na srpskom , i za njegov Avast Virus Cleaner http://www.avast.com/eng/down_cleaner.html .
takođe topla preporuka ide i za AdAwere Se http://www.download.com/Ad-Aware-SE-Personal-Edition/3003-8022_4-10399602.html , kao i za program spyboat search and destroy http://www.download.com/3000-8022-10122137.html , kreni jedan po jedan skidaj i instaliraj na kompjuter i skeniraj sa njima. Zasada je najbolje da koliko toliko zaštitiš kompjuter. Vidim da ti uključen Automatic Update od Windowsa , pa ako nije najlegalnija verzija baš onda ti savetujem da je isključiš da ne bi zaradio MSKicks (ako već nisi) . Što se tiče ponovne instalacije ona ti je prporučljiva u smislu što vidimo da koristiš servis pack 1 (SP1) a trebalo bi da pređeš na korišćenje SP2, iskustva sa instalacijama ovoga servis packa nam pokazuju da je njega najbolje raditi na čist i novoinstaliran Windows ili uzeti neki u koji je već integrisan . Zasada toliko čekamo da vidimo šta će GZ reći .
 
AcaBg82:
Hvala na pomoci

Evo loga



Logfile of HijackThis v1.99.1
Scan saved at 2:43:41 PM, on 12/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\svchctrl.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\inetinfo.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Aca\LOCALS~1\Temp\Rar$EX08.703\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\Documents and Settings\Aca\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe c:\windows\system32\netupdate.exe
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\netupdate.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt93.dll?????????????????
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchostw.exe /s
O4 - HKLM\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\System\regserv.exe /s
O4 - HKLM\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKCU\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKCU\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
Kod: 
Uh.. Ne vjerujem da sam sve obiljezio.. Ali ovo je gadno zarazeno..

Prije svega, zao mi je sto kasnim..

Dakle u logu kojeg imas ovde na ovom postu sumnjivi fajlovi koji su oznaceni sa BOLD i crvenom bojom su maliciozni fajlovi, adware, tojan, spyware i sl..

Kako i sta??

Prije svega, ne znamo jos sta koristis od AV alata, ali koji god da koristis uradi sledece:

Uradi UPDATE svog AV programa...
Skini obavezno:

SpyBot S&D v.1.4 i uradi UPDATE
Evido ili AVG antispyware, isti je program i uradi UPDATE...

Zatim u SAFE MODE windowsa, skeniraj i brisi sa sa ovim alatima koje sam nabrojao..

nakon toga, HijakThis koji si ovde napravio log preimenuj u recimo HJ1 i ponovo napravi log i postuj ovde da vidimo sta je ostalo..

Cekamo...
Kliknite za proširenje...
 
@nikodim

HijakThis je jako dobra alatka za otkrivanje gamadi na racunaru.. Process Explorer jeste dobra alatka ali ne i dovoljna za ovakve i slicne stvari...

Dakle, ProcessExplorer moze da pomogne ali ne i u potpunosti da odradi posao kao HijakThis...

HijakThis je i jako opasna alatka ako se ne koristi kako treba.. Sa njim ako brises sve sto izlista mozes da oboris sistem u potezu... Ako si gledao logove koji su postavljeni na ovoj temi, mogao si da vidis dosta stavki vezane za drajvere grafike, pa samim uklanjanjem ovih stavki na primjer, Windows se ne bi podigao ponovo..

Ali, analizom Loga HijakThisa se moze da dobro i decidno odredi vrsta, ime i pozicija napasti..

Sa njim je uvijek bilo... ne brisati nista prije analize..

Kad se samo sjetim svoje prve upotrebe ovog programa prije nekoliko godina, ka sam upravo uradio ono sto sam gore napisao.. Oborio Win jer sam uklanjanjem svih stavki uklonio i sve drajvere za grafiku..

Da rjesavamo dalje problem, ako se nas Aca javi opet...

Pozzzz...zzzzz
 
Prijavite se ili registrujte da biste poslali poruku.

Slične teme

M
Preporuke za igre na slabijim računarima?
Odgovora
4
Pregleda
312
Meklaud
Meklaud
DarkMoon
  • Zatvorena
Red eye reductor online koji radi?
Odgovora
1
Pregleda
245
DarkMoon
DarkMoon
T
Програм који испише ноте док 2слуша" музику
Odgovora
4
Pregleda
232
Trandaiflko
T

Back
Top