Quote:
Moby Master kaže:
Je... ali daj kompletni log od njega!
|
evo:
Logfile of HijackThis v1.97.7
Scan saved at 18:16:48, on 26.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\programi\Advanced Call Center\acc.exe
D:\programi\internet DL\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\totalcmd\totalcmd.exe
D:\programi\hijack\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\Program Files\febooti ieZoom\ieZoom.dll
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Advanced Call Center.lnk = D:\programi\Advanced Call Center\acc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Download with USDownloader - D:\programi\internet DL\rapidshare\USDownloader\Ext\downloadie.html
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\emil\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: IE7Pro Preferences (HKLM)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O15 - Trusted Zone: *.deviantart.com
O15 - Trusted Zone: *.divx-titlovi.com
O15 - Trusted Zone: *.elitesecurity.org
O15 - Trusted Zone: *.eoncentar.info
O15 - Trusted Zone: *.forum.hr
O15 - Trusted Zone: *.fullcontactzone.com
O15 - Trusted Zone: *.gallery.hr
O15 - Trusted Zone: *.google.hr
O15 - Trusted Zone: *.hpb.hr
O15 - Trusted Zone: *.hrphotocontest.com
O15 - Trusted Zone: *.kerman.hr
O15 - Trusted Zone: *.livada
O15 - Trusted Zone: *.mediaking.hr
O15 - Trusted Zone: *.medioteka.com
O15 - Trusted Zone: *.merlins-portal.net
O15 - Trusted Zone: *.metronet.hr
O15 - Trusted Zone: *.najnovije.net
O15 - Trusted Zone: livada.pondi.hr
O15 - Trusted Zone: *.prijevodi-online.org
O15 - Trusted Zone: *.pticica.com
O15 - Trusted Zone: *.strategije.com
O15 - Trusted Zone: *.sytes.net
O15 - Trusted Zone: *.tang-soo-do.us
O15 - Trusted Zone: *.torrentbytes.net
O15 - Trusted Zone: *.torrenthr.org
O15 - Trusted Zone: *.warezhr.org
O15 - Trusted Zone: *.zamunda.net
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BC1C3F-D923-47D3-B2FD-7AA63ABE8C2A}: NameServer = 193.198.184.130,193.198.184.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A7A9D80-B480-46D4-B57E-540609914172}: NameServer = 193.198.184.140 193.198.184.130
malo mi cudna ta putanja gdje prnalazim trojana . To nije klasicni temporary od IE. nego u taj drugi folder i sad sam malo testiro ipa kse ne pali zbog qtorenta nego mozda zbog IE.