W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je reg?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je registri ok?

Log pre dva dana

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:17, on 14.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\nMtsk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mdm.exe
C:\Documents and Settings\Obrad Cvijovic\Desktop\Dr Bora Pack\124.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8946 bytes

Log Danas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:25, on 17.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\nMtsk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\MCUI32.EXE
C:\Documents and Settings\Obrad Cvijovic\Desktop\Dr Bora Pack\124.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9156 bytes

Pa me interesuje ima par stvari kojih su se promenili svshost dva dodata i lsass.exe pa me interesuje da li su ovi virusi naškodili registrima?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

* Klikni desnim tasterom na Norton Antivirus ikonicu () u donjem, desnom uglu ekrana i izaberi Disable Auto Protect.
* Zatim izaberi željeno trajanje (npr. 5 sati) i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

---------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo Combofix loga posto su mi zatvorili temu bio sam odsutan pa me je to sprecilo da posaljem combofix log i interesuje me da mi predlozite dobar program za ciscenje programa kao naprimer your uninstaller,....

ComboFix 09-04-25.01 - Obrad Cvijovic 24.04.2009 21:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.767.186 [GMT 2:00]
Running from: c:\documents and settings\Obrad Cvijovic\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Obrad Cvijovic\Application Data\.#
c:\documents and settings\Obrad Cvijovic\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\mdm.exe
c:\windows\Temp\1.exe
G:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-16 23:34 . 2009-04-16 23:34 -------- d-sh--r C:\Win
2009-04-15 20:40 . 2009-04-15 20:40 -------- d-----r c:\program files\Norton Support
2009-04-15 11:02 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:02 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:02 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 11:02 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:02 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:02 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:02 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:02 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:02 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 10:55 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 07:25 . 2009-04-24 19:45 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MailWasherFree
2009-04-12 23:45 . 2009-04-16 17:21 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\MailWasherFree
2009-04-12 23:45 . 2009-04-12 23:45 -------- d-----w c:\program files\FireTrust
2009-04-10 19:21 . 2009-04-10 19:21 -------- d-----w c:\documents and settings\All Users\Application Data\GARMIN
2009-04-09 21:49 . 2009-04-09 21:49 -------- d-----w c:\documents and settings\Branka Cvijovic\Application Data\GARMIN
2009-04-09 15:16 . 2008-04-13 17:45 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-09 15:16 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-06 07:41 . 2009-04-06 07:48 -------- d-----w c:\program files\Unlocker
2009-04-06 07:26 . 2009-04-06 07:26 -------- d-sh--w c:\windows\ftpcache
2009-04-06 07:22 . 2009-04-06 07:22 -------- d-----w c:\windows\CreationCentre 2007
2009-04-06 06:27 . 2009-04-06 06:27 15 ----a-w c:\windows\system32\dcsd.ini
2009-04-06 06:24 . 2009-04-06 06:32 -------- d-----w C:\Magacioner
2009-04-04 12:03 . 2009-04-04 12:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 SDK
2009-04-04 11:47 . 2009-04-04 11:47 -------- d-----w c:\program files\Pocket Tanks
2009-03-26 23:40 . 2008-04-13 18:54 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys
2009-03-26 23:40 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\drivers\MSIRCOMM.sys
2009-03-26 23:36 . 2001-08-17 12:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys
2009-03-26 23:36 . 2001-08-17 12:51 19584 ----a-w c:\windows\system32\drivers\rasirda.sys
2009-03-26 23:36 . 2008-04-14 00:12 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-03-26 23:36 . 2008-04-14 00:12 8192 ----a-w c:\windows\system32\wshirda.dll
2009-03-26 23:36 . 2008-04-14 00:11 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-03-26 23:36 . 2008-04-14 00:11 28160 ----a-w c:\windows\system32\irmon.dll
2009-03-26 23:36 . 2008-04-14 00:12 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-03-26 23:36 . 2008-04-14 00:12 151552 ----a-w c:\windows\system32\irftp.exe
2009-03-26 23:36 . 2008-04-13 18:54 88192 -c--a-w c:\windows\system32\dllcache\irda.sys
2009-03-26 23:36 . 2008-04-13 18:54 88192 ----a-w c:\windows\system32\drivers\irda.sys
2009-03-26 23:36 . 2001-08-17 12:49 26624 -c--a-w c:\windows\system32\dllcache\irstusb.sys
2009-03-26 23:36 . 2001-08-17 12:49 26624 ----a-w c:\windows\system32\drivers\irstusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 19:51 . 2009-03-09 10:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DNA
2009-04-24 19:51 . 2009-03-09 11:03 -------- d-----w c:\program files\FlashGet
2009-04-24 19:21 . 2009-03-09 10:29 -------- d-----w c:\program files\DNA
2009-04-16 21:33 . 2009-03-10 20:45 89560 ----a-w c:\documents and settings\Djordje Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 13:27 . 2009-04-11 13:25 745 ----a-w C:\uniextract.txt
2009-04-10 19:21 . 2009-03-09 11:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\GARMIN
2009-04-09 19:37 . 2009-03-10 21:03 89560 ----a-w c:\documents and settings\Branka Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 16:56 . 2009-03-10 22:08 89560 ----a-w c:\documents and settings\Miso Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 07:50 . 2009-03-09 10:27 89560 ----a-w c:\documents and settings\Obrad Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 17:16 . 2009-03-18 13:31 -------- d-----w c:\program files\Java
2009-03-24 19:14 . 2009-03-24 19:08 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\BitTorrent
2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\ReflexiveArcade
2009-03-24 18:52 . 2009-03-24 18:38 -------- d-----w c:\program files\AXIS Communications
2009-03-22 14:31 . 2009-03-09 10:36 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-22 13:55 . 2009-03-11 00:26 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DivX
2009-03-22 11:56 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Nokia
2009-03-22 11:52 . 2009-03-11 11:08 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-21 23:59 . 2009-03-18 13:12 -------- d-----w c:\program files\Warcraft III
2009-03-21 08:14 . 2009-03-21 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-20 20:21 . 2009-03-09 01:32 -------- d-----w c:\program files\Symantec
2009-03-20 20:21 . 2009-03-09 01:32 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-20 20:21 . 2009-03-09 01:32 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 20:21 . 2009-03-09 01:32 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-20 20:21 . 2009-03-09 01:32 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-18 20:07 . 2009-03-18 20:07 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Media Player Classic
2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\program files\Learn2.com
2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Learn2.com
2009-03-18 20:01 . 2009-03-18 20:00 -------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-18 19:59 . 2009-03-09 01:32 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-18 19:52 . 2009-03-18 19:52 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-18 19:47 . 2009-03-10 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 14:24 . 2009-03-18 14:24 -------- d-----w c:\program files\Xvid
2009-03-18 14:09 . 2009-03-11 11:38 -------- d-----w c:\program files\Igre
2009-03-18 14:05 . 2009-03-18 13:32 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\LimeWire
2009-03-18 13:48 . 2009-03-18 13:16 77298 ----a-w c:\windows\War3Unin.dat
2009-03-18 13:32 . 2009-03-18 13:16 2829 ----a-w c:\windows\War3Unin.pif
2009-03-18 13:32 . 2009-03-18 13:16 139264 ----a-w c:\windows\War3Unin.exe
2009-03-18 13:32 . 2009-03-18 13:29 -------- d-----w c:\program files\LimeWire
2009-03-18 13:20 . 2009-03-18 13:20 -------- d-----w c:\program files\Gabest
2009-03-17 16:42 . 2009-03-17 16:41 -------- d-----w c:\program files\KONAMI
2009-03-16 15:06 . 2009-03-09 10:37 -------- d-----w c:\program files\Magic Video Converter
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\TechSmith
2009-03-12 11:58 . 2009-03-12 11:58 -------- d-----w c:\program files\Common Files\Apple
2009-03-12 11:50 . 2009-03-12 11:50 -------- d-----w c:\program files\IrfanView
2009-03-12 11:35 . 2009-03-12 11:35 -------- d-----w c:\program files\Intracom S.A
2009-03-12 11:15 . 2009-03-09 10:42 -------- d-----w c:\program files\Corel
2009-03-12 11:12 . 2009-03-10 16:40 6578 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-12 00:36 . 2009-03-12 00:36 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sports Interactive
2009-03-12 00:31 . 2009-03-12 00:31 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-12 00:29 . 2009-03-12 00:27 -------- d--h--w c:\program files\Zero G Registry
2009-03-11 21:12 . 2009-03-09 00:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 21:10 . 2009-03-11 21:10 -------- d-----w c:\program files\Sonic
2009-03-11 21:03 . 2009-03-11 21:03 -------- d-----w c:\program files\Sony
2009-03-11 21:02 . 2009-03-11 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\MSBuild
2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\Reference Assemblies
2009-03-11 19:52 . 2009-03-11 19:52 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\AdobeUM
2009-03-11 19:45 . 2009-03-11 19:45 -------- d-----w c:\documents and settings\All Users\Application Data\Cadsoft
2009-03-11 19:44 . 2009-03-11 19:44 -------- d-----w c:\program files\Common Files\Cadsoft
2009-03-11 19:43 . 2009-03-11 19:43 -------- d-----w c:\program files\3D Home Architect
2009-03-11 19:07 . 2009-03-11 19:07 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 18:16 . 2009-03-11 18:16 -------- d-----w c:\program files\Readiris
2009-03-11 18:16 . 2009-03-11 18:07 -------- d-----w c:\program files\Samsung
2009-03-11 11:42 . 2009-03-11 11:42 -------- d-----w c:\program files\CartmansAuthoritah
2009-03-11 11:07 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\Nokia
2009-03-11 11:06 . 2009-03-11 10:48 -------- d-----w c:\program files\Nokia
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\DIFX
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-11 11:04 . 2009-03-11 11:04 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-11 10:28 . 2009-03-11 10:28 -------- d-----w c:\program files\Real Alternative
2009-03-11 10:24 . 2009-03-11 10:23 -------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-03-11 10:22 . 2009-03-11 10:20 -------- d-----w c:\program files\YVD
2009-03-11 10:20 . 2009-03-11 10:18 -------- d-----w c:\program files\Virtual Piano
2009-03-11 10:16 . 2009-03-11 10:16 -------- d-----w c:\program files\uTIPu
2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\program files\Youdagames
2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Youdagames
2009-03-11 10:11 . 2009-03-11 10:11 -------- d-----w c:\program files\PassportPhoto
2009-03-11 10:06 . 2009-03-10 20:11 -------- d-----w c:\program files\Cleaner 5 EZ
2009-03-11 10:05 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-11 10:03 . 2009-03-11 09:49 -------- d-----w c:\program files\DivX
2009-03-11 09:55 . 2009-03-11 09:54 -------- d-----w c:\program files\QuickTime
2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\program files\Apple Software Update
2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-11 09:44 . 2009-03-11 09:42 -------- d-----w c:\program files\Valve
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Windows Search
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\SystemRequirementsLab
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sony Corporation
2009-03-11 00:28 . 2009-03-10 17:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\skypePM
2009-03-11 00:28 . 2009-03-10 17:06 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Skype
2009-03-11 00:28 . 2009-03-11 00:28 -------- d--h--r c:\documents and settings\Obrad Cvijovic\Application Data\SecuROM
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\PC Suite
2009-03-11 00:28 . 2009-03-10 19:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MyPhoneExplorer
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MegauploadToolbar
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Media Player Classic
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Malwarebytes
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-22 342848]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"run32"="c:\win\lsass.exe" [2001-12-31 551669]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-9 839680]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-3-9 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Pocket Tanks\\pockettanks.exe"=

R2 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-03-10 280833]
R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]
R3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [2002-09-25 99904]
R3 netModUSBlfService;netMod USB Lower Filter Service;c:\windows\system32\drivers\nMUSBlf.sys [2004-01-20 20716]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2006-10-02 59260]
R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-20 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-02-06 276344]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-08 101936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed2cda8e-0e7f-11de-ab99-4d6564696130}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe


.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: {0C1F73EC-70D0-49DF-B390-C56E9355B6D9} = 194.247.192.1 194.247.192.33
FF - ProfilePath - c:\documents and settings\Obrad Cvijovic\Application Data\Mozilla\Firefox\Profiles\f9yh552d.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-04-24 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(832)
c:\program files\FlashGet\fgmgr.dll
.
Completion time: 2009-04-24 21:59
ComboFix-quarantined-files.txt 2009-04-24 19:59

Pre-Run: 80.352.321.536 bytes free
Post-Run: 81.100.349.440 bytes free

285 --- E O F --- 2009-04-24 19:42

Pojavio mi se hidden folder Win u C: