Sinoc sam, prateci tvoj odgovor Katarini jer se i meni desava isto sa Explorerom, startovao Malwarebytes' Anti-Malware u dva puta ( brzo pa detaljno ) i evo rezultata:
Malwarebytes' Anti-Malware 1.29
Verzija baze podataka: 1286
Windows 5.1.2600 Service Pack 2
2008-10-18 23:01:40
mbam-log-2008-10-18 (23-01-40).txt
Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 61761
Proteklo vreme: 3 minute(s), 5 second(s)
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 20
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 3
Inficirane datoteke: 9
Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani ključevi u registru:
HKEY_CLASSES_ROOT\activationmanager.activationmanager (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\activationmanager.activationmanager.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)
Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)
Inficirane fascikle:
C:\Program Files\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
C:\Program Files\ADSTechnology (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology (Trojan.BHO) -> Quarantined and deleted successfully.
Inficirane datoteke:
C:\Program Files\ADSTechnology\ADSTechnology.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ActivationManager\Uninstall.exe (Trojan.MultiDefender) -> Quarantined and deleted successfully.
C:\Program Files\ADSTechnology\ADSTechnology.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ADSTechnology\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07680a6c.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07680a6c.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.29
Verzija baze podataka: 1286
Windows 5.1.2600 Service Pack 2
2008-10-19 07:34:11
mbam-log-2008-10-19 (07-34-11).txt
Tip skeniranja: Kompletno Skeniranje (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Skeniranih objekata: 477728
Proteklo vreme: 2 hour(s), 57 minute(s), 9 second(s)
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 6
Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani ključevi u registru:
(Maliciozne stavke nisu detektovane)
Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)
Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)
Inficirane fascikle:
(Maliciozne stavke nisu detektovane)
Inficirane datoteke:
D:\PROGRAMI\DOWNLOAD\Auslogics Visual Styler v3.0.10.131\keygen.exe (Spyware.OnlineGames) -> Quarantined and
deleted successfully.
D:\PROGRAMI\DOWNLOAD\DOWNLOADS - NOVO\Adobe Acrobat Professional 8.10\Keygen.exe (Backdoor.Bot) ->
Quarantined and deleted successfully.
D:\PROGRAMI\DOWNLOAD\WinRar 3.60b3\Patch\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\PROGRAMI\DOWNLOAD MANAGERI\Flashget 1.60 Final\fgf160.exe (Adware.Cydoor) -> Quarantined and deleted
successfully.
D:\PROGRAMI\DULE SOFTVER\SISTEMSKI 2004\Windows XP ReActivator v1.0\XPKey.exe (Trojan.Downloader) ->
Quarantined and deleted successfully.
D:\PROGRAMI\DULE SOFTVER\WINDOWS XP PROGRAMI\Muzicki programi\SOUNDFORGE V7\KEYGEN.EXE
(Trojan.Downloader) -> Quarantined and deleted successfully.
Jutros sam odradio sa Hijack-om i evo log-fajla:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:42, on 2008-10-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\nMtsk.exe
C:\Program Files\UpsPilot\Winpower.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\UpsPilot\monitor.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\UpsPilot\wpRMI.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\MiIan\Desktop\Systav.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe
O23 - Service: Nod 32 - Unknown owner - C:\WINDOWS\system32\serhost.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe
--
End of file - 8043 bytes
Za sada se NOD ne javlja, videcemo dalje.
Hvala na savetu..
Win32/Exploit.MSWord.Smtag trojan
