Cisti da proverim dali je sve urdu ,NOD mi nalazi neka dva v

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:44 PM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\MDCOM\Desktop\New Folder (2)\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTDI.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTDI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTDI.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici]
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6829 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Šta NOD detektuje?
Šta uradi sa tim?
Da li se problem ponavlja ili je do detekcija došlo samo jednom?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E ovo na sliku me buni kad god preskeniram komp on mi isto ovo pokazuje .\to se desilo skorije sa Flashke

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-06-03.01 - MDCOM 06/03/2009 22:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2793 [GMT 2:00]
Running from: c:\documents and settings\MDCOM\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-05-30 19:20 . 2009-05-30 19:20 -------- d-----w- c:\documents and settings\MDCOM\Local Settings\Application Data\Real
2009-05-26 21:39 . 2008-04-13 22:09 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2009-05-26 21:39 . 2008-04-13 22:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2009-05-26 15:16 . 2009-05-26 15:16 -------- d-----w- c:\program files\Team6 game studios
2009-05-22 21:09 . 2009-05-22 21:09 -------- d-----w- c:\program files\HD Tune
2009-05-22 17:02 . 2009-06-01 18:10 -------- d-sh--r- C:\Win
2009-05-20 19:04 . 2009-05-20 19:04 -------- d-----w- c:\program files\Simpli Software
2009-05-20 18:57 . 2009-05-20 18:57 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-20 18:57 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-20 18:56 . 2009-05-20 18:56 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-18 21:33 . 2009-05-18 21:33 -------- d-----w- c:\program files\Sega
2009-05-06 21:15 . 2009-05-06 21:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-06 21:15 . 2009-05-06 21:21 -------- d-----w- C:\Fraps
2009-05-04 21:02 . 2009-05-04 21:02 -------- d-----w- c:\documents and settings\MDCOM\Application Data\GRETECH
2009-05-04 21:02 . 2009-05-04 21:02 -------- d-----w- c:\program files\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 16:54 . 2009-02-25 17:47 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2009-06-01 15:59 . 2009-03-12 21:28 117760 ----a-w- c:\documents and settings\MDCOM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-31 06:29 . 2009-02-25 17:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 19:21 . 2009-05-30 19:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:48 . 2009-03-18 21:41 -------- d-----w- c:\program files\TDI
2009-05-25 15:07 . 2009-02-26 23:20 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-24 06:46 . 2009-05-21 09:14 -------- d-----w- c:\documents and settings\MDCOM\Application Data\LimeWire
2009-05-21 08:49 . 2009-02-24 11:52 20384 ----a-w- c:\documents and settings\MDCOM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 21:39 . 2009-05-07 18:54 1884160 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-05-03 11:48 . 2009-05-03 11:47 -------- d-----w- c:\program files\MixMeister Fusion
2009-05-03 11:48 . 2009-05-03 11:48 -------- d-----w- c:\documents and settings\MDCOM\Application Data\MixMeister Technology
2009-05-03 11:47 . 2009-05-03 11:47 766 ----a-r- c:\documents and settings\MDCOM\Application Data\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe
2009-05-03 10:59 . 2009-05-03 10:51 -------- d-----w- c:\program files\3D Dolphins 2.8
2009-04-29 23:34 . 2009-04-29 23:30 -------- d-----w- c:\program files\Realtek
2009-04-29 23:30 . 2009-04-29 23:30 315392 ----a-w- c:\windows\HideWin.exe
2009-04-29 06:00 . 2009-03-12 17:54 -------- d-----w- c:\program files\ASUS
2009-04-24 20:12 . 2009-03-16 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-24 20:11 . 2009-04-22 19:36 -------- d-----w- c:\program files\Common Files\Real
2009-04-24 20:11 . 2009-04-22 19:36 -------- d-----w- c:\program files\Real
2009-04-23 18:11 . 2009-02-25 19:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-23 18:10 . 2009-04-23 18:10 -------- d-----w- c:\program files\Adobe Media Player
2009-04-22 20:04 . 2009-04-22 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-04-22 19:36 . 2008-03-14 03:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-21 16:43 . 2009-04-07 09:30 2514099 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-04-17 19:11 . 2009-04-17 19:12 1772032 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-04-15 23:36 . 2009-04-13 17:59 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-04-15 22:47 . 2009-04-15 22:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-15 17:55 . 2009-04-15 17:56 1756160 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-04-13 19:31 . 2009-04-13 18:01 -------- d-----w- c:\program files\Empire Total War
2009-04-13 18:01 . 2009-04-13 17:57 -------- d-----w- c:\documents and settings\MDCOM\Application Data\DAEMON Tools Lite
2009-04-13 18:00 . 2009-04-13 18:00 -------- d-----w- c:\documents and settings\MDCOM\Application Data\DAEMON Tools Pro
2009-04-13 18:00 . 2009-04-13 18:00 -------- d-----w- c:\documents and settings\MDCOM\Application Data\DAEMON Tools
2009-04-13 17:59 . 2009-04-13 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-13 17:57 . 2009-04-13 17:57 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-11 23:45 . 2009-04-12 08:33 1718784 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-04-11 16:51 . 2009-04-11 16:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-11 16:50 . 2009-04-11 16:50 -------- d-----w- c:\program files\Microsoft.NET
2009-04-09 21:38 . 2009-02-27 19:02 -------- d-----w- c:\program files\Valve
2009-04-05 14:38 . 2009-04-05 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-04-05 14:38 . 2009-04-05 14:38 -------- d-----w- c:\documents and settings\MDCOM\Application Data\BullGuard
2009-04-05 13:21 . 2009-04-03 11:30 -------- d-----w- c:\program files\DkZ Studio
2009-04-02 13:21 . 2009-05-30 19:20 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-04-02 09:10 . 2008-04-14 11:00 6656 ----a-w- c:\windows\system32\lpcio.dll
2009-04-02 00:38 . 2009-04-02 08:56 1631232 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-03-31 16:51 . 2009-03-31 16:51 152576 ----a-w- c:\documents and settings\MDCOM\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-29 09:53 . 2009-03-29 09:54 1567232 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-03-29 09:53 . 2009-03-29 09:54 1323520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-03-27 20:38 . 2009-03-10 23:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-03-26 17:37 . 2009-03-26 17:37 0 ----a-w- c:\windows\nsreg.dat
2009-03-26 00:10 . 2009-03-26 00:10 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-26 00:09 . 2009-03-26 00:10 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-03-25 18:19 . 2009-03-25 18:19 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-25 16:29 . 2009-03-25 16:29 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-03-25 16:29 . 2009-03-25 16:29 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-03-14 19:15 . 2009-03-14 19:15 15240 ----a-w- c:\documents and settings\MDCOM\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-03-09 03:19 . 2009-03-03 23:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 16:00 . 2009-03-08 16:00 0 ----a-w- c:\windows\ativpsrm.bin
.

------- Sigcheck -------

[-] 2009-01-10 07:59 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 20:42 . 2009-06-03 20:42 16384 c:\windows\Temp\Perflib_Perfdata_c8.dat
+ 2008-04-14 11:00 . 2009-06-03 20:46 77316 c:\windows\system32\perfc009.dat
- 2008-04-14 11:00 . 2009-06-01 16:02 77316 c:\windows\system32\perfc009.dat
+ 2008-04-14 11:00 . 2009-06-03 20:46 473296 c:\windows\system32\perfh009.dat
- 2008-04-14 11:00 . 2009-06-01 16:02 473296 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]
2009-03-10 10:47 2079256 ----a-w- c:\program files\TDI\tbTDI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MDCOM^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\MDCOM\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MDCOM^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\MDCOM\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\outpes\\Goalserver2009\\GoalWebServer2009.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\outpes\\Goalserver2009\\stunnel\\stunnel.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 12:43 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 12:43 PM 55024]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [3/11/2009 1:45 AM 464264]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [4/30/2009 1:37 AM 86016]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [10/24/2008 8:51 PM 468224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/20/2009 8:57 PM 604416]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2/26/2009 8:58 PM 5376]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 12:43 PM 7408]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2/26/2009 8:06 PM 238080]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-03 22:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-1715567821-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1488-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-03 22:49
ComboFix-quarantined-files.txt 2009-06-03 20:49
ComboFix2.txt 2009-06-01 18:29

Pre-Run: 46,720,827,392 bytes free
Post-Run: 46,776,389,632 bytes free

213

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

TDI Toolbar - da li ti je ovo poznato?




Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

da poznato mi je za TDI Toolbar ja sam ga instalirao ,zasto ?

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/3/2009 11:30:52 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {8518aa96-026a-11de-91fe-806d6172696f}
C: {8518aa97-026a-11de-91fe-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 8518aa97-026a-11de-91fe-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 8518aa96-026a-11de-91fe-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 6/3/2009 11:31:04 PM

Scanning for connected USB mass storage...
----------------------------------------
K: {5676281f-0436-11de-9797-002215d5e60f}
Added K:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on K:
----------------------------------------
No Autorun.inf files found on K:
No mountpoint found for 5676281f-0436-11de-9797-002215d5e60f
----------------------------------------

No Desktop.ini files found on K:
----------------------------------------

No mimics found on drive K:
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prikaži skrivene file-ove: [Link mogu videti samo ulogovani korisnici]


Obriši folder: C:\Win




U principu, to je sve. Ovde nema aktivnog malware-a. Ako NOD nešto detektuje, trebao bi da može bez ikakvih problema isto i da reši.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi