Tema za korisnike koji imaju zaražen računar

cvrlebg · 04.11.2010. u 17:21

Postoji dobar tutorijal za tumacenje HJThis log fajla, nalazi se na ovoj adresi: http://forums.majorgeeks.com/showthread.php?t=38752

cvetko_a · 11.01.2011. u 14:11

Naravno prvo ccleaner pa promeni ime hjthis u recimo stavi tvoje ime obavezno.
Nekad sam radio sa time pre 3-godine i uradili smo kompletan prevod na srpskom ali se sajt zatvorio i ........

irizanin · 20.01.2011. u 05:48

Komp mi se malo problematično ponaša u zadnjih 2 do 3 nedelje pa reših da ga preskeniram Combo Fix-om. Bio bih zahvalan ako bi mi neko ukazao na to da li u sledećem log fajlu ima nečeg sumnjivog i problematičnog i šta mi je činiti???

Unapred hvala.

ComboFix 11-01-19.02 - Vladimir 20.01.2011 5:31.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.7.1033.18.3071.2056 [GMT 1:00]
Running from: d:\users\Vladimir\Desktop\ComboFix.exe
AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\users\Vladimir\AppData\Roaming\chrtmp
d:\windows\AutoRun.ini
d:\windows\system32\system
d:\windows\XSxS

.
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-19 22:32 . 2011-01-19 22:33 -------- d-----w- d:\program files\Common Files\Macromedia
2011-01-19 22:32 . 2011-01-19 22:33 -------- d-----w- d:\program files\Macromedia
2011-01-19 22:32 . 2011-01-19 22:32 180224 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2011-01-19 22:32 . 2011-01-19 22:32 409600 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2011-01-19 22:32 . 2011-01-19 22:32 32768 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2011-01-19 22:32 . 2011-01-19 22:32 266240 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2011-01-19 22:32 . 2011-01-19 22:32 172032 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2011-01-19 22:32 . 2011-01-19 22:32 761856 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2011-01-19 22:32 . 2011-01-19 22:32 540772 ------w- d:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2011-01-18 20:20 . 2011-01-20 03:18 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2011-01-18 20:20 . 2011-01-18 20:23 -------- d-----w- d:\program files\Spybot - Search & Destroy
2011-01-18 19:30 . 2011-01-18 19:30 -------- d-----w- d:\users\Vladimir\AppData\Local\Diagnostics
2011-01-18 19:27 . 2011-01-18 19:27 -------- d-----w- d:\program files\Trend Micro
2011-01-12 17:41 . 2011-01-12 17:41 -------- d-----w- d:\program files\MSXML 4.0
2011-01-12 15:12 . 2010-10-16 04:34 573440 ----a-w- d:\windows\system32\odbc32.dll
2011-01-12 15:12 . 2010-10-16 04:33 372736 ----a-w- d:\program files\Common Files\System\ado\msadox.dll
2011-01-12 15:12 . 2010-10-16 04:33 352256 ----a-w- d:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 15:12 . 2010-10-16 04:33 987136 ----a-w- d:\program files\Common Files\System\ado\msado15.dll
2011-01-12 15:12 . 2010-10-16 04:33 208896 ----a-w- d:\program files\Common Files\System\msadc\msadco.dll
2011-01-07 22:14 . 2011-01-07 22:26 -------- d-----w- d:\program files\GridinSoft Trojan Killer
2010-12-27 20:19 . 2010-12-27 20:19 163232 ----a-w- d:\windows\system32\drivers\afcdp.sys
2010-12-27 20:19 . 2010-12-27 20:19 752128 ----a-w- d:\windows\system32\drivers\tdrpm273.sys
2010-12-27 20:19 . 2010-12-27 20:19 600928 ----a-w- d:\windows\system32\drivers\timntr.sys
2010-12-27 20:19 . 2010-12-27 20:19 170464 ----a-w- d:\windows\system32\drivers\snapman.sys
2010-12-27 20:19 . 2010-12-27 20:19 -------- d-----w- d:\program files\Common Files\Acronis
2010-12-27 20:19 . 2010-12-27 20:19 -------- d-----w- d:\program files\Acronis
2010-12-23 10:41 . 2010-12-23 10:41 11776 ----a-w- d:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-12-23 10:41 . 2010-12-23 10:41 -------- d-----w- d:\program files\Common Files\xing shared
2010-12-23 10:41 . 2010-12-23 10:41 151776 ----a-w- d:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-12-23 10:41 . 2010-12-23 10:41 100352 ----a-w- d:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-12-23 10:41 . 2010-12-23 10:41 -------- d-----w- d:\program files\real
2010-12-22 15:37 . 2011-01-02 16:13 -------- d-----w- d:\program files\JDownloader
2010-12-21 23:34 . 2010-08-21 05:32 316928 ----a-w- d:\windows\system32\spoolsv.exe
2010-12-21 23:33 . 2010-09-01 04:26 164864 ----a-w- d:\program files\Windows Media Player\wmplayer.exe
2010-12-21 23:33 . 2010-09-01 04:23 12625408 ----a-w- d:\windows\system32\wmploc.DLL
2010-12-21 23:33 . 2010-10-20 04:54 34304 ----a-w- d:\windows\system32\atmlib.dll
2010-12-21 23:33 . 2010-10-20 02:58 294400 ----a-w- d:\windows\system32\atmfd.dll
2010-12-21 23:33 . 2010-10-16 04:36 314368 ----a-w- d:\windows\system32\webio.dll
2010-12-21 23:33 . 2010-06-19 06:33 3955080 ----a-w- d:\windows\system32\ntkrnlpa.exe
2010-12-21 23:33 . 2010-06-19 06:33 3899784 ----a-w- d:\windows\system32\ntoskrnl.exe
2010-12-21 23:32 . 2010-08-27 05:46 168448 ----a-w- d:\windows\system32\srvsvc.dll
2010-12-21 23:32 . 2010-08-27 03:31 310784 ----a-w- d:\windows\system32\drivers\srv.sys
2010-12-21 23:32 . 2010-08-27 03:30 308736 ----a-w- d:\windows\system32\drivers\srv2.sys
2010-12-21 23:32 . 2010-08-27 03:30 113664 ----a-w- d:\windows\system32\drivers\srvnet.sys
2010-12-21 23:32 . 2010-05-05 06:46 363520 ----a-w- d:\windows\system32\StructuredQuery.dll
2010-12-21 23:28 . 2010-10-20 03:00 2327552 ----a-w- d:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 23:10 . 2010-12-13 17:26 42664 ----a-w- d:\windows\system32\drivers\fsbts.sys
2010-12-20 17:09 . 2010-04-29 21:30 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-04-29 21:30 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-12-13 17:25 . 2010-12-13 17:25 37832 ----a-w- d:\windows\system32\drivers\fses.sys
2010-12-13 17:25 . 2010-12-13 17:25 72840 ----a-w- d:\windows\system32\drivers\fsdfw.sys
2010-12-13 17:24 . 2010-12-13 17:25 574632 ----a-w- d:\windows\system32\msvcp50.dll
2010-12-12 16:13 . 2010-10-15 23:51 48648 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-11-29 15:40 . 2010-10-29 18:22 48648 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-11-12 17:53 . 2010-04-29 20:58 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-10-27 17:25 . 2010-11-12 22:50 31552 ----a-w- d:\windows\system32\TURegOpt.exe
2010-10-27 17:21 . 2010-11-12 22:50 21312 ----a-w- d:\windows\system32\authuitu.dll
2010-10-27 17:21 . 2010-11-12 22:50 29504 ----a-w- d:\windows\system32\uxtuneup.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

irizanin · 20.01.2011. u 05:50

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Google Update"="d:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-16 136176]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"F-Secure Manager"="d:\program files\F-Secure\Common\FSM32.EXE" [2010-12-13 201384]
"F-Secure TNB"="d:\program files\F-Secure\FSGUI\TNBUtil.exe" [2010-12-13 1655464]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"TkBellExe"="d:\program files\real\realplayer\update\realsched.exe" [2010-12-23 274608]
"SAOB Monitor"="d:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536448]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5458848]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390736]
"Malwarebytes' Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

d:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2010-4-29 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKLM\~\startupfolder\D:^Users^Vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk]
backup=d:\windows\pss\PPS.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 09:50 84464 ----a-w- d:\program files\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-22 23:18 494064 ----a-w- d:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08 443728 ----a-w- d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 15:19 598016 ----a-r- d:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 06:33 240112 ----a-w- d:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 136176]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 FSORSPClient;F-Secure ORSP Client;d:\program files\F-Secure\ORSP Client\fsorsp.exe [2010-12-13 64016]
R3 HTCAND32;HTC Device Driver;d:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R4 F-Secure Filter;F-Secure File System Filter;d:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2010-12-13 41896]
R4 F-Secure Recognizer;F-Secure File System Recognizer;d:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2010-12-13 27304]
R4 RoxMediaDB12;RoxMediaDB12;d:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;d:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R4 TeamViewer4;TeamViewer 4;d:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
S0 fsbts;fsbts;d:\windows\system32\Drivers\fsbts.sys [2010-12-21 42664]
S0 SahdIa32;HDD Filter Driver;d:\windows\System32\Drivers\SahdIa32.sys [2009-06-01 21488]
S0 SaibIa32;Volume Filter Driver;d:\windows\System32\Drivers\SaibIa32.sys [2009-06-01 15856]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);d:\windows\system32\DRIVERS\tdrpm273.sys [2010-12-27 752128]
S1 F-Secure HIPS;F-Secure HIPS Driver;d:\program files\F-Secure\HIPS\drivers\fshs.sys [2010-12-13 72520]
S1 FSES;F-Secure Email Scanning Driver;d:\windows\system32\drivers\fses.sys [2010-12-13 37832]
S1 FSFW;F-Secure Firewall Driver;d:\windows\system32\drivers\fsdfw.sys [2010-12-13 72840]
S1 fsvista;F-Secure Vista Support Driver;d:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-12-13 14504]
S1 SaibVd32;Virtual Disk Driver;d:\windows\system32\Drivers\SaibVd32.sys [2009-06-01 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;d:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 afcdpsrv;Acronis Nonstop Backup service;d:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-27 3975088]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S3 afcdp;afcdp;d:\windows\system32\DRIVERS\afcdp.sys [2010-12-27 163232]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-12-13 130728]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]

irizanin · 20.01.2011. u 05:50

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2011-01-20 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 19:53]

2011-01-20 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 19:53]

2011-01-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1429540957-2892626946-3953681025-1001Core.job
- d:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 23:45]

2011-01-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1429540957-2892626946-3953681025-1001UA.job
- d:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 23:45]

2011-01-20 d:\windows\Tasks\Scheduled scanning task.job
- d:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2010-12-13 17:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Додај у заштиту од реклама
LSP: d:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
FF - ProfilePath - d:\users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjmnbxne.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - d:\program files\Mozilla Firefox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - d:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-TkBellExe - d:\program files\Common Files\Real\Update_OB\realsched.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,0a,7d,d8,5e,0a,97,44,bd,b1,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,0a,7d,d8,5e,0a,97,44,bd,b1,69,\

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-20 05:38:01
ComboFix-quarantined-files.txt 2011-01-20 04:38

Pre-Run: 21.073.375.232 bytes free
Post-Run: 20.689.403.904 bytes free

- - End Of File - - 154F4812E88A5AF14C0F338AA1F22EDE

toske1 · 20.01.2011. u 08:39

Raspakij ovaj fajl na desktop i prevuci skriptu na Combofix. Prethodno obavezno ugasi Abtivirus,
Prikaci log uz poruku.

http://www.speedyshare.com/files/26370706/CFScript.zip

irizanin · 20.01.2011. u 13:35

Odradio sam i evo ga log ponovo:

http://www.speedyshare.com/files/26373424/ComboFix.txt

toske1 · 20.01.2011. u 16:11

Dobro, sada bi trebalo da je sve ok. Imas li problema?

Ukoliko nemas odradi sledece:

Start > Search - kopiraj ovo Combofix /Uninstall enter i potvrdi sa ok.

Skini Puran defrag http://download.cnet.com/Puran-Defr...15626.html?part=dl-6298149&subj=dl&tag=button

Za prvu voznju preporucujem ovu opciju

irizanin · 20.01.2011. u 18:47

Čini mi se da je stanje sada bolje. Dolazilo je do zamrzavanja nekih aplikacija pri radu, to se sada koliko vidim više ne dešava.

Odradio sam ipreporuku sa Puranom.

Da li je postojalo nešto problematično u log-u?

toske1 · 20.01.2011. u 20:10

Odradio je on u prvom pustanju, ja sam samo otkljucao neke zabrane koje je malware uradio.

krauterbox · 06.02.2011. u 11:22

Imam problem.

Žena ima tošibin netbuk sa Windowsom 7 (koristi avast, CCleaner i SUPERAntiSpyware /ova dva su bila naravno isključena/ ... i mislio sam da ima i Sygate, ali izgleda da nema) - uglavnom ide na sajtove za druženje, sajtove za npr. tarot, ženske sajtove itd. Na jednom od njih (gdje već danima gleda neku seriju) otvorila je jedan link i nakon toga više se nije mogla na njega ulogovati.

Ali to naravno nije najveći problem - na taskbaru pojavile su se neke tri male ikone, jedna od njih je bila agava (koja je izgleda povezana sa avastom) i na koja je kada se otvori upozoravala kako avast ističe za 14 dana (one druge dvije su nestale nakon deinstalacije sa CCleanerom).

Ali nestao je i avast i žena se sada više nigdje ne može ulogovati.

Pokušao sam skinuti avast sa neta, ali kada god ga to pokušam cijela se strana minimalizira i više je ne mogu raširiti, to se naravno dešava i kada sam avast pokušao skinuti sa krste, a takođe se dešava i kada sam pokušao skinuti kasperski, s tim što se kasperski npr. skinuo, ali kada sam pokušao pokrenuti instalaciju opet se sve minimaliziralo.

Skenirao sam komp sa SUPERAntiSpyware - ništa nije pokazao, a kasnije sam ga skenirao i sa Vindous defenderom i nije pronašao ništa, a onda sam iskoristio i Hijack (njega je sa stika ženin kompjuter primio i dozvolio je i skeniranje) i evo šta je on otkrio:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:07, on 06.02.11
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\killwindtitle.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\ThpSrv.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\windows\system32\conhost.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mail.Ru\Agent\magent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\av_soft.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\boris\AppData\Local\Yandex\Updater\praetorian.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Otmicar\Otmicar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: Ndóníce@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=explorer.exe, "C:\windows\killwindtitle.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Árd çíreîennâ 2 (Browser Helper Objects) - {52CFF9E4-5FCD-460E-B476-7953788CA004} - C:\Users\boris\AppData\Roaming\Mamba\mambabar2\ie\mambabar2_ie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Âcçórëüíul Çreëräec - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files\Yandex\YandexBarIE\fastdial.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Árd çíreîennâ 2 - {52CFF9E4-5FCD-460E-B476-7953788CA004} - C:\Users\boris\AppData\Roaming\Mamba\mambabar2\ie\mambabar2_ie.dll
O3 - Toolbar: Ndóníce@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: ??????.??? - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

krauterbox · 06.02.2011. u 11:24

nastavak:

O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\windows\l1rezerv.exe"
O4 - HKLM\..\Run: [killwindtitle.exe] C:\windows\killwindtitle.exe
O4 - HKLM\..\Run: [av_soft.exe] "C:\Windows\av_soft.exe" 7 0
O4 - HKLM\..\Run: [tray_ico] cmd /c "C:\windows\tray_tmp.exe" tray
O4 - HKLM\..\Run: [27570821.exe] "C:\Users\boris\AppData\Local\Temp\27570821.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [8214168.exe] "C:\windows\TEMP\8214168.exe"
O4 - HKLM\..\Run: [systemup] "C:\windows\systemup.exe" stand
O4 - HKLM\..\Run: [delzipdrivers] "C:\windows\TEMP\1618032.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [YandexOnline] "C:\Program Files\Yandex\Online\online.exe" -AutoStart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Praetorian] C:\Users\boris\AppData\Local\Yandex\Updater\praetorian.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ???????? ??????, ??????? ?? ?????? ?????? ???????? - {DAC5944B-F843-4b90-B605-09DE3360CDE6} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
O23 - Service: ?????? Google Update (gupdate1cac39d29088bc3) (gupdate1cac39d29088bc3) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: srviecheck - Unknown owner - C:\windows\iecheck.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Mislim da ne moram ni da naglašavam da ja od ovoga gore ne razumijem ama baš ništa ... ebga.

Hvala unaprijed!

niceboy · 06.02.2011. u 13:24

C:\windows\killwindtitle.exe
C:\Windows\av_soft.exe
C:\Users\boris\AppData\Local\Yandex\Updater\praeto rian.exe
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=explorer.exe, "C:\windows\killwindtitle.exe"
O2 - BHO: Árd çíreîennâ 2 (Browser Helper Objects) - {52CFF9E4-5FCD-460E-B476-7953788CA004} - C:\Users\boris\AppData\Roaming\Mamba\mambabar2\ie\ mambabar2_ie.dll
O2 - BHO: Âcçórëüíul Çreëräec - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files\Yandex\YandexBarIE\fastdial.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Árd çíreîennâ 2 - {52CFF9E4-5FCD-460E-B476-7953788CA004} - C:\Users\boris\AppData\Roaming\Mamba\mambabar2\ie\ mambabar2_ie.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: ??????.??? - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\windows\l1rezerv.exe"
O4 - HKLM\..\Run: [killwindtitle.exe] C:\windows\killwindtitle.exe
O4 - HKLM\..\Run: [av_soft.exe] "C:\Windows\av_soft.exe" 7 0
O4 - HKLM\..\Run: [tray_ico] cmd /c "C:\windows\tray_tmp.exe" tray
O4 - HKLM\..\Run: [27570821.exe] "C:\Users\boris\AppData\Local\Temp\27570821.ex e"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [8214168.exe] "C:\windows\TEMP\8214168.exe"
O4 - HKLM\..\Run: [systemup] "C:\windows\systemup.exe" stand
O4 - HKLM\..\Run: [delzipdrivers] "C:\windows\TEMP\1618032.exe"
O4 - HKCU\..\Run: [YandexOnline] "C:\Program Files\Yandex\Online\online.exe" -AutoStart
O4 - HKCU\..\Run: [Praetorian] C:\Users\boris\AppData\Local\Yandex\Updater\praeto rian.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ?????? Google Update (gupdate1cac39d29088bc3) (gupdate1cac39d29088bc3) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Ovo bi trebalo da oznacis i kliknes na fix.Isto tako ako ne koristis nesto vezano za mail.ru,onda oznaci i sve redove vezane za ovo koji se pojavljuju u logu.

krauterbox · 06.02.2011. u 14:36

Ebga izvini što ću tražiti dodatna objašnjenja ... jasno mi je naravno da ovo što si izdvojio moram čekirati, ali mi ovo drugo

Isto tako ako ne koristis nesto vezano za mail.ru,onda oznaci i sve redove vezane za ovo koji se pojavljuju u logu.

nije baš najjasnije.

Kako misliš ako ne koristim? Žena ga inače koristi

I je l' su to striktno oni redovi u kojima se mail.ru pominje (onako ovlaš ocjenio sam da ih je 10-tak)?

I šta će biti ako ih čekiram i pritisnem zatim fix?

p.s. puno ti hvala i za ovo dosad.

krauterbox · 06.02.2011. u 15:10

Čekirao sam i fiksirao ono što si naveo (bez mail.ru) i nije da nema promjena (evo instaliram joj avast), ali ona ne može i dalje npr. da otvori poruke koje je dobila na mail.ru (vidi da su došle ali nisu linkovane), ne može takođe ni da se uloguje (ne otvara joj se poslije logovanja) sajt v kontaktu na kojoj je gledala onu seriju i tako je sa još nekim sajtovima.

niceboy · 06.02.2011. u 15:17

Stavi ovde novi log.Ne moze,nazalost,HJT sve da obrise.
Za mail.ru nisam siguran,pa sam zato pitao da li koristis,a i na nekim mestima sam video da ga opisuju kao nepozeljan,recimo ovde.

krauterbox · 06.02.2011. u 15:55

Ebga sada je sve blokirano, nakon restarta poslije instalacije avasta više ništa ne mogu da pokrenem ... ni HJT ... ma apsolutno ništa.

niceboy · 06.02.2011. u 16:01

A u safe modu?Restart,pa kad krene da se butuje udri F8 i odaberi safe mode.

krauterbox · 06.02.2011. u 18:45

Imao sam problema sa strujom u stanu - evo novog loga

Logfile of HijackThis v1.99.1
Scan saved at 18:19:18, on 06.02.11
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
D:\Otmicar\Otmicar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Ndóníce@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ndóníce@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

krauterbox · 06.02.2011. u 18:46

Imao sam problema sa strujom u stanu - evo novog loga

Logfile of HijackThis v1.99.1
Scan saved at 18:19:18, on 06.02.11
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
D:\Otmicar\Otmicar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://webalta.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/poisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webalta.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/poisk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Ndóníce@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ndóníce@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

krauterbox · 06.02.2011. u 18:47

nastavak

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ???????? ??????, ??????? ?? ?????? ?????? ???????? - {DAC5944B-F843-4b90-B605-09DE3360CDE6} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
O23 - Service: ?????? Google Update (gupdate1cac39d29088bc3) (gupdate1cac39d29088bc3) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: srviecheck - Unknown owner - C:\windows\iecheck.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

niceboy · 06.02.2011. u 18:52

Ovaj log je u safe modu?

krauterbox · 06.02.2011. u 20:11

Jeste

(s tim što sam jedan post greškom poduplao).

niceboy · 06.02.2011. u 22:28

Nemoj quote-ovati,ubise ova kosa slova. z:)

Nego,jesi li u medjuvremenu uspeo normalno pokrenuti komp,odnosno programe?U ovom logu trebalo bi jedino fixati ova dva reda
O23 - Service: srviecheck - Unknown owner - C:\windows\iecheck.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe ili ih obrisi rucno samo pre toga ukljuci skrivene i sistemske fajlove,a isto bi mogao sve one putanje iz prethodnog loga proveriti rucno i ako nadjes nesto brisi.
Isto tako idi run-msconfig i pod karticom startup decekiraj sve sto ti nije poznato(ostavi antivirus i sve sto znas sta radi,a ostalo decekiraj).
Ako si instalirao uspesno avast pusti ga da skenira i vidi sta ce naci.

Qurajber · 07.02.2011. u 08:29

niceboy:
Nemoj quote-ovati,ubise ova kosa slova.

Nego,jesi li u medjuvremenu uspeo normalno pokrenuti komp,odnosno programe?U ovom logu trebalo bi jedino fixati ova dva reda
O23 - Service: srviecheck - Unknown owner - C:\windows\iecheck.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe ili ih obrisi rucno samo pre toga ukljuci skrivene i sistemske fajlove,a isto bi mogao sve one putanje iz prethodnog loga proveriti rucno i ako nadjes nesto brisi.
Isto tako idi run-msconfig i pod karticom startup decekiraj sve sto ti nije poznato(ostavi antivirus i sve sto znas sta radi,a ostalo decekiraj).
Ako si instalirao uspesno avast pusti ga da skenira i vidi sta ce naci.

I, šta ćeš riješiti sa ovim logovima, misliš li da ćeš mu riješiti problem?? Pa ovaj HJT više niko ne koristi za te stvari jer on odavno više ne vidi ono za šta je namijenjen....Misliš li da je dovoljno log prekopirati na http://www.hijackthis.de/
fixirati i gotovo....

Tema za korisnike koji imaju zaražen računar

Aktivan član

Primećen član

Početnik

Početnik

Početnik

Zainteresovan član

Početnik

Zainteresovan član

Početnik

Zainteresovan član

Iskusan

Iskusan

Elita

Iskusan

Iskusan

Elita

Iskusan

Elita

Iskusan

Iskusan

Iskusan

Elita

Iskusan

Elita

Veoma poznat

Slične teme