Zarezen komp preko mp3 player-a

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ubacio sam jedan zarazeni mp3 player u komp i avast je poronalazio na njemu uvek isti virus i ja sam ga pokusavao obristati i kao ga obrise a posle toga ga ponovo nadje.Verujem da mi se komp nakupio svakakvih stvri sa tog mp3 playera, skenirao sam sa avastom, malwarebyte anti malware, i sa spybot search and destroy, avast je navodno ukloni neke koji su bili.I kada se dize sistem pre onoga ocitavanja windowsa mi gore ispise invalid boot.ini from c:\windows\ Neznam sta je to, jel virus ili nesto drugo!???
Jedan proces koji mi se dize sa sistemom se zove UDP Control Center i njega nemogu iskljuciti da se nedize posto spybot search and destroy i mbam nadju da je to Win32 Agent i kao ga obrisu a kada opet skeniram opet ga nadju i opet se stalno dize sa sistemom.U spybot-u pise pored nesto o tom virusu, verujem da znate sta je to pa da mi pomognete da uklnim taj agent( koji ako se nevaram, kada se dize sistem pokusava da se konektuje da net, bar je tako pisalo search and destroy tamo o virusu!Ako mozete pomozite i proverite log da nema zarazenih „gnjida“.Hvala, evo loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:15, on 31.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\windows\System32\TUProgSt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\duca\duca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.rs
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.rs
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED080087-2CB4-4264-8335-3947F88D77BB}: NameServer = 80.74.160.38 80.74.160.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Update Service (gupdate1c991ef4366a442) (gupdate1c991ef4366a442) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slmdmsr.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe

--
End of file - 7811 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.



----------------


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-03-30.02 - PC 2009-03-31 15:45:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.3326.2860 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\My Documents\My Pictures\Girls\Desktop_.ini
c:\windows\system32\pthreadGC2.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-31 15:12 . 2009-03-31 15:12 <DIR> d-------- c:\program files\FeedReader30
2009-03-31 15:12 . 2009-03-31 15:14 <DIR> d-------- c:\documents and settings\PC\Application Data\Feedreader
2009-03-30 23:59 . 2009-03-30 23:59 34,972 --a------ c:\windows\csdf_sdum.dat
2009-03-30 23:53 . 2009-03-30 23:53 <DIR> d-------- c:\documents and settings\PC\Application Data\ComodoGroup
2009-03-30 23:53 . 2009-02-10 10:24 39,440 --a------ c:\windows\system32\drivers\csdf.sys
2009-03-30 23:53 . 2009-02-10 10:28 36,752 --a------ c:\windows\system32\drivers\crpf.sys
2009-03-30 23:53 . 2009-02-10 10:26 7,920 --a------ c:\windows\system32\cnat.exe
2009-03-29 17:11 . 2009-03-29 17:11 <DIR> d-------- c:\program files\DAEMON Tools
2009-03-29 17:11 . 2009-03-29 17:11 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-03-27 21:58 . 2009-03-27 21:58 <DIR> d-------- c:\documents and settings\PC\Application Data\Sierra Entertainment
2009-03-26 17:46 . 2009-03-26 18:02 <DIR> d-------- c:\program files\Common Files\Borland Shared
2009-03-26 17:46 . 2009-03-26 18:07 <DIR> d-------- c:\program files\Borland
2009-03-24 21:27 . 2009-03-24 21:27 <DIR> d-------- c:\windows\Sun
2009-03-23 19:34 . 2009-03-24 14:47 <DIR> d-------- c:\documents and settings\PC\Application Data\uTorrent
2009-03-21 13:53 . 2009-03-21 13:53 <DIR> d-------- c:\documents and settings\PC\Application Data\Ubisoft
2009-03-21 13:51 . 2009-03-21 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2009-03-15 17:54 . 2002-12-29 02:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-03-14 17:48 . 2009-03-14 17:48 257 --a------ c:\windows\game.ini
2009-03-13 19:31 . 2009-03-13 20:01 978 --a------ c:\windows\eReg.dat
2009-03-09 16:42 . 2009-03-09 16:42 <DIR> d-------- c:\program files\Recuva
2009-03-08 14:21 . 2009-03-08 14:21 <DIR> d-------- c:\windows\system32\Adobe
2009-03-08 14:20 . 2009-03-08 14:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SPAMfighter
2009-03-08 14:19 . 2009-03-08 14:19 <DIR> d-------- c:\program files\CDBurnerXP
2009-03-08 14:05 . 2009-03-08 14:05 <DIR> d-------- c:\documents and settings\PC\Application Data\Ashampoo
2009-03-08 14:05 . 2009-03-08 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-03-07 16:36 . 2009-03-16 17:37 103,736 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-07 16:36 . 2009-03-07 16:53 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-07 16:36 . 2009-03-16 17:37 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 15:46 . 2009-03-06 15:59 <DIR> d-------- c:\program files\Elaborate Bytes
2009-03-05 15:59 . 2009-03-05 15:59 25 --a------ c:\windows\cdplayer.ini
2009-03-04 18:12 . 2009-03-04 18:12 21,840 --a------ c:\windows\system32\SIntfNT.dll
2009-03-04 18:12 . 2009-03-04 18:12 17,212 --a------ c:\windows\system32\SIntf32.dll
2009-03-04 18:12 . 2009-03-04 18:12 12,067 --a------ c:\windows\system32\SIntf16.dll
2009-03-04 18:09 . 2009-03-04 18:19 25 --a------ c:\windows\SIERRA.INI
2009-03-03 00:20 . 2009-03-03 00:20 <DIR> d-------- c:\program files\Thoosje
2009-03-02 21:56 . 2009-03-02 21:56 <DIR> d-------- c:\documents and settings\PC\Application Data\Comodo
2009-03-02 21:56 . 2009-03-02 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-03-02 21:56 . 2009-03-02 21:56 143,104 --a------ c:\windows\system32\guard32.dll
2009-03-02 21:56 . 2009-03-02 21:56 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-02 21:56 . 2009-03-02 21:56 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-02 21:43 . 2009-03-02 21:43 <DIR> d-------- c:\program files\LSoft Technologies Inc
2009-03-02 21:42 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 21:41 . 2009-03-30 22:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 21:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d-------- c:\program files\Real
2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d-------- c:\program files\Common Files\Real
2009-03-02 21:36 . 2009-03-02 21:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-02 21:35 . 2009-03-02 21:35 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-02 21:34 . 2009-03-02 21:34 <DIR> d-------- c:\documents and settings\PC\Application Data\Media Player Classic
2009-02-26 19:37 . 2009-03-13 18:17 <DIR> d-------- c:\documents and settings\PC\Application Data\My Battle for Middle-earth(tm) II Files
2009-02-26 17:22 . 2009-02-26 17:22 271,360 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-26 17:22 . 2009-02-26 17:22 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-25 22:48 . 2009-02-25 22:48 <DIR> d-------- c:\program files\Conduit
2009-02-25 16:38 . 2009-02-25 16:38 <DIR> d-------- c:\documents and settings\PC\Application Data\2K Sports
2009-02-22 14:36 . 2008-08-05 21:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-02-22 14:36 . 2006-01-04 16:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-02-22 14:36 . 2008-10-23 18:42 290,816 --a------ c:\windows\vncutil.exe
2009-02-22 14:36 . 2008-06-24 15:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-02-22 14:36 . 2009-02-09 15:34 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-02-18 18:27 . 2009-03-24 18:42 <DIR> d-------- c:\documents and settings\PC\Application Data\skypePM
2009-02-18 18:27 . 2009-02-18 18:27 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-18 18:25 . 2009-02-18 18:25 <DIR> dr------- c:\program files\Skype
2009-02-18 18:25 . 2009-02-18 18:25 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-18 18:25 . 2009-03-24 19:33 <DIR> d-------- c:\documents and settings\PC\Application Data\Skype
2009-02-17 16:22 . 2009-02-17 16:22 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-02-17 16:22 . 2009-03-28 15:06 <DIR> d-------- c:\documents and settings\PC\Application Data\MyPhoneExplorer
2009-02-17 00:12 . 2009-02-26 16:18 <DIR> d-------- c:\program files\Google
2009-02-16 17:13 . 2009-02-16 17:14 <DIR> d-------- c:\program files\CPU-Z 1.50
2009-02-16 15:07 . 2009-02-16 16:53 <DIR> d-------- c:\documents and settings\PC\Application Data\LimeWire
2009-02-15 11:30 . 2009-02-18 18:23 <DIR> d-------- c:\documents and settings\PC\Application Data\Bioshock
2009-02-14 22:00 . 2009-02-14 22:00 <DIR> d-------- c:\program files\TuneXP
2009-02-14 22:00 . 2009-02-14 22:00 720,896 --a------ c:\windows\iun6002.exe
2009-02-14 21:47 . 2009-02-14 21:47 <DIR> d-------- c:\program files\Vistart Live bY Pri2sh
2009-02-14 15:01 . 2009-02-14 15:01 <DIR> d-------- c:\program files\Logitech
2009-02-14 15:01 . 2009-02-14 15:01 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-14 14:59 . 2009-02-14 14:59 <DIR> d-------- c:\documents and settings\PC\Application Data\Malwarebytes
2009-02-14 14:59 . 2009-02-14 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 14:15 . 2009-02-14 14:15 <DIR> dr-h----- C:\MSOCache
2009-02-14 13:41 . 2006-10-26 20:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-14 13:40 . 2009-02-14 13:40 <DIR> d-------- c:\program files\Microsoft Works
2009-02-14 13:39 . 2009-02-14 13:39 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-14 13:37 . 2009-02-14 14:17 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-14 13:36 . 2009-03-21 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-14 11:44 . 2009-02-14 11:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-02-13 23:43 . 2009-02-25 23:41 <DIR> d-------- c:\documents and settings\PC\Application Data\SPORE
2009-02-13 17:14 . 2009-03-03 00:17 24,944 --a------ c:\windows\system32\drivers\GVTDrv.sys
2009-02-09 20:54 . 2009-02-09 20:54 <DIR> d-------- c:\documents and settings\PC\Application Data\PC Tools
2009-02-09 20:48 . 2009-02-14 21:43 <DIR> d-------- c:\documents and settings\PC\Tracing
2009-02-09 19:46 . 2009-02-09 19:46 <DIR> d-------- c:\documents and settings\PC\Application Data\TuneUp Software
2009-02-09 19:46 . 2009-02-09 19:46 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-09 19:46 . 2009-02-09 19:46 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-09 19:46 . 2008-12-11 14:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-09 19:45 . 2009-02-09 19:45 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-09 19:45 . 2009-02-09 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-09 19:45 . 2009-02-09 19:45 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-09 19:43 . 2009-03-08 14:05 <DIR> d-------- c:\program files\Ashampoo
2009-02-09 17:35 . 2009-02-09 17:35 <DIR> d-------- c:\program files\ACD Systems
2009-02-09 17:35 . 2009-02-09 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-09 17:29 . 2009-02-09 17:29 <DIR> d-------- c:\program files\Auslogics
2009-02-09 17:29 . 2009-02-09 17:29 <DIR> d-------- c:\documents and settings\PC\Application Data\Auslogics
2009-02-09 14:18 . 2009-02-18 15:44 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d-------- c:\documents and settings\PC\WINDOWS
2009-02-08 16:12 . 2009-02-08 16:22 47,104 --a------ c:\windows\system32\KMVIDC32.DLL
2009-02-08 16:11 . 2009-02-08 16:11 <DIR> d-------- c:\documents and settings\PC\Application Data\DAEMON Tools Pro
2009-02-08 16:11 . 2009-02-08 16:11 <DIR> d-------- c:\documents and settings\PC\Application Data\DAEMON Tools
2009-02-08 16:11 . 2009-02-08 16:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-08 16:07 . 2009-02-09 19:38 <DIR> d-------- c:\documents and settings\PC\Application Data\DAEMON Tools Lite
2009-02-08 16:06 . 2009-02-13 19:47 <DIR> d-------- c:\program files\Yahoo!
2009-02-08 16:05 . 2009-03-02 21:36 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 15:47 . 2009-02-21 20:49 39 --a------ c:\windows\Irremote.ini
2009-02-07 12:55 . 2008-04-14 06:42 73,832 --a------ c:\windows\system32\slcoinst.dll
2009-02-07 12:55 . 2008-04-14 06:42 73,832 --a--c--- c:\windows\system32\dllcache\slcoinst.dll
2009-02-07 12:55 . 2008-04-14 06:42 32,866 --a--c--- c:\windows\system32\dllcache\slrundll.exe
2009-02-07 12:55 . 2008-04-14 06:42 32,866 --a------ c:\windows\slrundll.exe
2009-02-05 16:55 . 2009-03-24 14:50 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-05 16:55 . 2009-03-31 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-05 15:36 . 2009-02-05 15:36 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-05 15:36 . 2009-02-28 22:37 <DIR> d-------- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2009-02-05 15:36 . 2009-02-05 15:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-05 15:35 . 2009-03-30 22:48 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-04 20:25 . 2009-02-25 23:59 22,328 --a------ c:\documents and settings\PC\Application Data\PnkBstrK.sys
2009-02-04 19:28 . 2009-02-22 14:28 <DIR> d-------- C:\NVIDIA
2009-02-04 18:54 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-04 18:05 . 2009-03-08 13:19 <DIR> dr------- c:\program files\Servis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 13:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 13:31 16,608 ----a-w c:\windows\gdrv.sys
2009-03-31 13:31 --------- d-----w c:\program files\SpeedFan
2009-03-30 21:53 --------- d-----w c:\program files\COMODO
2009-03-30 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 19:36 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-25 16:34 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-23 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-03-15 16:22 --------- d-----w c:\program files\Nero
2009-03-15 16:21 --------- d-----w c:\program files\Alcohol Soft
2009-03-15 15:17 --------- d-----w c:\program files\Common Files\Adobe
2009-03-15 15:11 --------- d-----w c:\program files\Winamp
2009-03-08 15:29 --------- d-----w c:\program files\Futuremark
2009-03-04 16:58 5,045,760 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-04 16:43 --------- d-----w c:\program files\GIGABYTE
2009-03-02 19:33 --------- d-----w c:\documents and settings\PC\Application Data\Winamp
2009-03-02 15:01 17,530,368 ----a-w c:\windows\RTHDCPL.EXE
2009-03-02 10:14 57,344 ----a-w c:\windows\ALCMTR.EXE
2009-02-28 20:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-22 12:31 --------- d-----w c:\program files\NVIDIA Corporation
2009-02-21 18:56 --------- d-----w c:\program files\Common Files\Nero
2009-02-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-18 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-09 18:23 --------- d-----w c:\program files\Simpli Software
2009-02-09 15:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-08 14:07 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-08 14:05 --------- d-----w c:\program files\Java
2009-02-08 13:37 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-03 19:53 586 ----a-w c:\program files\vtp.sif
2009-01-31 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-01-31 17:48 --------- d-----w c:\program files\Common Files\Ahead
2009-01-31 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-31 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Aspyr
2009-01-31 10:42 --------- d-----w c:\documents and settings\PC\Application Data\Codemasters
2009-01-31 10:40 --------- d-----w c:\documents and settings\PC\Application Data\InstallShield
2009-01-31 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-29 19:52 --------- d-----w c:\program files\CPU-Z
2009-01-26 17:46 4,488 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-01-21 14:54 1,206,816 ----a-w c:\windows\RtlUpd.exe
2009-01-14 18:23 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-14 18:23 262,144 ----a-w c:\windows\system32\wrap_oal.dll
2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 08:31 53,248 ----a-w c:\windows\system32\CSVer.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

2008-04-14 06:42 1228288 95df0824b4ccaa2ce637aaddca13ca6d c:\windows\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 06:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 06:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-12-03 2181672]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2008-05-26 2042880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-02 1575680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PC\Start Menu\Programs\Startup\
Shortcut to speedfan.lnk - c:\program files\SpeedFan\speedfan.exe [2/17/2009 10:52:18 AM 3885688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"Windows UDP Control Center"=fxstaller.exe
"COMODO System Cleaner"=c:\program files\COMODO\Registry Cleaner\CT.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Aspyr\\Guitar Hero III\\GH3.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17340:TCP"= 17340:TCP:NortonAV

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [3/30/2009 11:53:48 PM 36752]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [3/30/2009 11:53:48 PM 39440]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/14/2009 8:56:10 PM 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/2/2009 9:56:15 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/2/2009 9:56:15 PM 24208]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2009 8:56:10 PM 20560]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/15/2009 7:05:10 PM 80392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2/9/2009 7:46:04 PM 603904]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 gupdate1c991ef4366a442;Google Update Service (gupdate1c991ef4366a442);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2009 7:35:12 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/22/2009 2:36:33 PM 1684736]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [1/19/2007 1:54:14 PM 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-03-21 c:\windows\Tasks\COMODO Registry Cleaner task.job
- c:\program files\COMODO\Registry Cleaner\CRC.exe []

2009-03-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 19:35]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.google.rs
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {ED080087-2CB4-4264-8335-3947F88D77BB} = 80.74.160.38 80.74.160.12
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\7wgo58m3.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 15:46:49
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1343024091-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,d7,7a,c5,fe,3d,b2,4e,55,f1,78,db,79,ef,38,b4,98,fb,cf,57,0f,fa,09,
7d,69,44,d5,fe,b1,4c,4b,1f,33,47,d1,e2,27,66,25,2b,ec,7c,22,5b,ce,fb,50,f7,\
"??"=hex:1d,6f,c8,83,ec,16,d6,8a,87,77,63,18,7c,f3,16,c8

[HKEY_USERS\S-1-5-21-2052111302-1343024091-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:93,44,08,e9,b6,4d,05,40,d5,c9,5d,a4,6c,02,15,f2,d5,2c,f1,76,a3,
f5,72,da,de,fc,48,1c,a2,5a,ac,47,43,11,d8,ed,54,54,70,a6,c8,85,38,bb,d0,17,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608-)
c:\windows\system32\guard32.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\guard32.dll
.
Completion time: 2009-03-31 15:47:49
ComboFix-quarantined-files.txt 2009-03-31 13:47:47

Pre-Run: 55.466.016.768 bytes free
Post-Run: 55,450,865,664 bytes free

335

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga ovo je samo od jedne memoriske kartice posto je samo ona zarazena.Moja memoriska je pokupila taj virus od onoga mp3 playera sto mi je srug doneo da mi stavim nesto.Pokupio je tako sto je moja kartica bila prikljucena na komp, pa je verovatno preslo sa tog mp3 playera na moju kartice!
Evo loga iz USB no risk



USBNoRisk by bobby

Started at 31.3.2009 16:11:07

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {a5fa7125-e2a0-11dd-b412-806d6172696f}
D: {a5fa7127-e2a0-11dd-b412-806d6172696f}
E: {a5fa7128-e2a0-11dd-b412-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for a5fa7125-e2a0-11dd-b412-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for a5fa7127-e2a0-11dd-b412-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for a5fa7128-e2a0-11dd-b412-806d6172696f
========================================

========================================



New device connected at 31.3.2009 16:12:35

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 31.3.2009 16:12:35

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 31.3.2009 16:12:35

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 31.3.2009 16:12:35

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 31.3.2009 16:13:01

Scanning for connected removable storage...
----------------------------------------
M: {8ad26f29-e2ed-11dd-b5ba-001fd026222b}
Added M:
========================================

Scanning removable storage for files...
----------------------------------------
Autorun.inf on M: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 8ad26f29-e2ed-11dd-b5ba-001fd026222b
========================================

----------------------------------------

Desktop.ini on M: - None
----------------------------------------

========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj:

c:\windows\system32\SIntfNT.dll

http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesam.......

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ugasi zastitu.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Windows\fxstaller.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows UDP Control Center"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17340:TCP"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-03-30.02 - PC 2009-03-31 16:57:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.3326.2721 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\fxstaller.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-31 16:13 . 2009-03-31 16:17 <DIR> d-------- C:\USBNoRisk
2009-03-31 15:12 . 2009-03-31 15:12 <DIR> d-------- c:\program files\FeedReader30
2009-03-31 15:12 . 2009-03-31 15:14 <DIR> d-------- c:\documents and settings\PC\Application Data\Feedreader
2009-03-30 23:59 . 2009-03-30 23:59 34,972 --a------ c:\windows\csdf_sdum.dat
2009-03-30 23:53 . 2009-03-30 23:53 <DIR> d-------- c:\documents and settings\PC\Application Data\ComodoGroup
2009-03-30 23:53 . 2009-02-10 10:24 39,440 --a------ c:\windows\system32\drivers\csdf.sys
2009-03-30 23:53 . 2009-02-10 10:28 36,752 --a------ c:\windows\system32\drivers\crpf.sys
2009-03-30 23:53 . 2009-02-10 10:26 7,920 --a------ c:\windows\system32\cnat.exe
2009-03-29 17:11 . 2009-03-29 17:11 <DIR> d-------- c:\program files\DAEMON Tools
2009-03-29 17:11 . 2009-03-29 17:11 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-03-27 21:58 . 2009-03-27 21:58 <DIR> d-------- c:\documents and settings\PC\Application Data\Sierra Entertainment
2009-03-26 17:46 . 2009-03-26 18:02 <DIR> d-------- c:\program files\Common Files\Borland Shared
2009-03-26 17:46 . 2009-03-26 18:07 <DIR> d-------- c:\program files\Borland
2009-03-24 21:27 . 2009-03-24 21:27 <DIR> d-------- c:\windows\Sun
2009-03-23 19:34 . 2009-03-24 14:47 <DIR> d-------- c:\documents and settings\PC\Application Data\uTorrent
2009-03-21 13:53 . 2009-03-21 13:53 <DIR> d-------- c:\documents and settings\PC\Application Data\Ubisoft
2009-03-21 13:51 . 2009-03-21 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2009-03-15 17:54 . 2002-12-29 02:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-03-14 17:48 . 2009-03-14 17:48 257 --a------ c:\windows\game.ini
2009-03-13 19:31 . 2009-03-13 20:01 978 --a------ c:\windows\eReg.dat
2009-03-09 16:42 . 2009-03-09 16:42 <DIR> d-------- c:\program files\Recuva
2009-03-08 14:21 . 2009-03-08 14:21 <DIR> d-------- c:\windows\system32\Adobe
2009-03-08 14:20 . 2009-03-08 14:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SPAMfighter
2009-03-08 14:19 . 2009-03-08 14:19 <DIR> d-------- c:\program files\CDBurnerXP
2009-03-08 14:05 . 2009-03-08 14:05 <DIR> d-------- c:\documents and settings\PC\Application Data\Ashampoo
2009-03-08 14:05 . 2009-03-08 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-03-07 16:36 . 2009-03-16 17:37 103,736 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-07 16:36 . 2009-03-07 16:53 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-07 16:36 . 2009-03-16 17:37 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 15:46 . 2009-03-06 15:59 <DIR> d-------- c:\program files\Elaborate Bytes
2009-03-05 15:59 . 2009-03-05 15:59 25 --a------ c:\windows\cdplayer.ini
2009-03-04 18:12 . 2009-03-04 18:12 21,840 --a------ c:\windows\system32\SIntfNT.dll
2009-03-04 18:12 . 2009-03-04 18:12 17,212 --a------ c:\windows\system32\SIntf32.dll
2009-03-04 18:12 . 2009-03-04 18:12 12,067 --a------ c:\windows\system32\SIntf16.dll
2009-03-04 18:09 . 2009-03-04 18:19 25 --a------ c:\windows\SIERRA.INI
2009-03-03 00:20 . 2009-03-03 00:20 <DIR> d-------- c:\program files\Thoosje
2009-03-02 21:56 . 2009-03-02 21:56 <DIR> d-------- c:\documents and settings\PC\Application Data\Comodo
2009-03-02 21:56 . 2009-03-02 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-03-02 21:56 . 2009-03-02 21:56 143,104 --a------ c:\windows\system32\guard32.dll
2009-03-02 21:56 . 2009-03-02 21:56 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-02 21:56 . 2009-03-02 21:56 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-02 21:43 . 2009-03-02 21:43 <DIR> d-------- c:\program files\LSoft Technologies Inc
2009-03-02 21:42 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 21:41 . 2009-03-30 22:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 21:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d-------- c:\program files\Real
2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d-------- c:\program files\Common Files\Real
2009-03-02 21:36 . 2009-03-02 21:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-02 21:35 . 2009-03-02 21:35 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-02 21:34 . 2009-03-02 21:34 <DIR> d-------- c:\documents and settings\PC\Application Data\Media Player Classic
2009-02-26 19:37 . 2009-03-13 18:17 <DIR> d-------- c:\documents and settings\PC\Application Data\My Battle for Middle-earth(tm) II Files
2009-02-26 17:22 . 2009-02-26 17:22 271,360 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-26 17:22 . 2009-02-26 17:22 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-25 22:48 . 2009-02-25 22:48 <DIR> d-------- c:\program files\Conduit
2009-02-25 16:38 . 2009-02-25 16:38 <DIR> d-------- c:\documents and settings\PC\Application Data\2K Sports
2009-02-22 14:36 . 2008-08-05 21:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-02-22 14:36 . 2006-01-04 16:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-02-22 14:36 . 2008-10-23 18:42 290,816 --a------ c:\windows\vncutil.exe
2009-02-22 14:36 . 2008-06-24 15:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-02-22 14:36 . 2009-02-09 15:34 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-02-18 18:27 . 2009-03-24 18:42 <DIR> d-------- c:\documents and settings\PC\Application Data\skypePM
2009-02-18 18:27 . 2009-02-18 18:27 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-18 18:25 . 2009-02-18 18:25 <DIR> dr------- c:\program files\Skype
2009-02-18 18:25 . 2009-02-18 18:25 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-18 18:25 . 2009-03-24 19:33 <DIR> d-------- c:\documents and settings\PC\Application Data\Skype
2009-02-17 16:22 . 2009-02-17 16:22 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-02-17 16:22 . 2009-03-28 15:06 <DIR> d-------- c:\documents and settings\PC\Application Data\MyPhoneExplorer
2009-02-17 00:12 . 2009-02-26 16:18 <DIR> d-------- c:\program files\Google
2009-02-16 17:13 . 2009-02-16 17:14 <DIR> d-------- c:\program files\CPU-Z 1.50
2009-02-16 15:07 . 2009-02-16 16:53 <DIR> d-------- c:\documents and settings\PC\Application Data\LimeWire
2009-02-15 11:30 . 2009-02-18 18:23 <DIR> d-------- c:\documents and settings\PC\Application Data\Bioshock
2009-02-14 22:00 . 2009-02-14 22:00 <DIR> d-------- c:\program files\TuneXP
2009-02-14 22:00 . 2009-02-14 22:00 720,896 --a------ c:\windows\iun6002.exe
2009-02-14 21:47 . 2009-02-14 21:47 <DIR> d-------- c:\program files\Vistart Live bY Pri2sh
2009-02-14 15:01 . 2009-02-14 15:01 <DIR> d-------- c:\program files\Logitech
2009-02-14 15:01 . 2009-02-14 15:01 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-14 14:59 . 2009-02-14 14:59 <DIR> d-------- c:\documents and settings\PC\Application Data\Malwarebytes
2009-02-14 14:59 . 2009-02-14 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 14:15 . 2009-02-14 14:15 <DIR> dr-h----- C:\MSOCache
2009-02-14 13:41 . 2006-10-26 20:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-14 13:40 . 2009-02-14 13:40 <DIR> d-------- c:\program files\Microsoft Works
2009-02-14 13:39 . 2009-02-14 13:39 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-14 13:37 . 2009-02-14 14:17 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-14 13:36 . 2009-03-21 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-14 11:44 . 2009-02-14 11:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-02-13 23:43 . 2009-02-25 23:41 <DIR> d-------- c:\documents and settings\PC\Application Data\SPORE
2009-02-13 17:14 . 2009-03-03 00:17 24,944 --a------ c:\windows\system32\drivers\GVTDrv.sys
2009-02-09 20:54 . 2009-02-09 20:54 <DIR> d-------- c:\documents and settings\PC\Application Data\PC Tools
2009-02-09 20:48 . 2009-02-14 21:43 <DIR> d-------- c:\documents and settings\PC\Tracing
2009-02-09 19:46 . 2009-02-09 19:46 <DIR> d-------- c:\documents and settings\PC\Application Data\TuneUp Software
2009-02-09 19:46 . 2009-02-09 19:46 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-09 19:46 . 2009-02-09 19:46 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-09 19:46 . 2008-12-11 14:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-09 19:45 . 2009-02-09 19:45 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-09 19:45 . 2009-02-09 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-09 19:45 . 2009-02-09 19:45 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-09 19:43 . 2009-03-08 14:05 <DIR> d-------- c:\program files\Ashampoo
2009-02-09 17:35 . 2009-02-09 17:35 <DIR> d-------- c:\program files\ACD Systems
2009-02-09 17:35 . 2009-02-09 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-09 17:29 . 2009-02-09 17:29 <DIR> d-------- c:\program files\Auslogics
2009-02-09 17:29 . 2009-02-09 17:29 <DIR> d-------- c:\documents and settings\PC\Application Data\Auslogics
2009-02-09 14:18 . 2009-02-18 15:44 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d-------- c:\documents and settings\PC\WINDOWS
2009-02-08 16:12 . 2009-02-08 16:22 47,104 --a------ c:\windows\system32\KMVIDC32.DLL
2009-02-08 16:11 . 2009-02-08 16:11 <DIR> d-------- c:\documents and settings\PC\Application Data\DAEMON Tools Pro
2009-02-08 16:11 . 2009-02-08 16:11 <DIR> d-------- c:\documents and settings\PC\Application Data\DAEMON Tools
2009-02-08 16:11 . 2009-02-08 16:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-08 16:07 . 2009-02-09 19:38 <DIR> d-------- c:\documents and settings\PC\Application Data\DAEMON Tools Lite
2009-02-08 16:06 . 2009-02-13 19:47 <DIR> d-------- c:\program files\Yahoo!
2009-02-08 16:05 . 2009-03-02 21:36 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 15:47 . 2009-02-21 20:49 39 --a------ c:\windows\Irremote.ini
2009-02-07 12:55 . 2008-04-14 06:42 73,832 --a------ c:\windows\system32\slcoinst.dll
2009-02-07 12:55 . 2008-04-14 06:42 73,832 --a--c--- c:\windows\system32\dllcache\slcoinst.dll
2009-02-07 12:55 . 2008-04-14 06:42 32,866 --a--c--- c:\windows\system32\dllcache\slrundll.exe
2009-02-07 12:55 . 2008-04-14 06:42 32,866 --a------ c:\windows\slrundll.exe
2009-02-05 16:55 . 2009-03-24 14:50 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-05 16:55 . 2009-03-31 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-05 15:36 . 2009-02-05 15:36 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-05 15:36 . 2009-02-28 22:37 <DIR> d-------- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2009-02-05 15:36 . 2009-02-05 15:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-05 15:35 . 2009-03-30 22:48 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-04 20:25 . 2009-02-25 23:59 22,328 --a------ c:\documents and settings\PC\Application Data\PnkBstrK.sys
2009-02-04 19:28 . 2009-02-22 14:28 <DIR> d-------- C:\NVIDIA
2009-02-04 18:54 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 13:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 13:31 16,608 ----a-w c:\windows\gdrv.sys
2009-03-31 13:31 --------- d-----w c:\program files\SpeedFan
2009-03-30 21:53 --------- d-----w c:\program files\COMODO
2009-03-30 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 19:36 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-25 16:34 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-23 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-03-15 16:22 --------- d-----w c:\program files\Nero
2009-03-15 16:21 --------- d-----w c:\program files\Alcohol Soft
2009-03-15 15:17 --------- d-----w c:\program files\Common Files\Adobe
2009-03-15 15:11 --------- d-----w c:\program files\Winamp
2009-03-08 15:29 --------- d-----w c:\program files\Futuremark
2009-03-04 16:58 5,045,760 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-04 16:43 --------- d-----w c:\program files\GIGABYTE
2009-03-02 19:33 --------- d-----w c:\documents and settings\PC\Application Data\Winamp
2009-03-02 15:01 17,530,368 ----a-w c:\windows\RTHDCPL.EXE
2009-03-02 10:14 57,344 ----a-w c:\windows\ALCMTR.EXE
2009-02-28 20:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-22 12:31 --------- d-----w c:\program files\NVIDIA Corporation
2009-02-21 18:56 --------- d-----w c:\program files\Common Files\Nero
2009-02-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-18 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-09 18:23 --------- d-----w c:\program files\Simpli Software
2009-02-09 15:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-08 14:07 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-08 14:05 --------- d-----w c:\program files\Java
2009-02-08 13:37 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-03 19:53 586 ----a-w c:\program files\vtp.sif
2009-01-31 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-01-31 17:48 --------- d-----w c:\program files\Common Files\Ahead
2009-01-31 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-31 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Aspyr
2009-01-31 10:42 --------- d-----w c:\documents and settings\PC\Application Data\Codemasters
2009-01-31 10:40 --------- d-----w c:\documents and settings\PC\Application Data\InstallShield
2009-01-31 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-29 19:52 --------- d-----w c:\program files\CPU-Z
2009-01-26 17:46 4,488 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-01-21 14:54 1,206,816 ----a-w c:\windows\RtlUpd.exe
2009-01-14 18:23 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-14 18:23 262,144 ----a-w c:\windows\system32\wrap_oal.dll
2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 08:31 53,248 ----a-w c:\windows\system32\CSVer.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

2008-04-14 06:42 1228288 95df0824b4ccaa2ce637aaddca13ca6d c:\windows\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 06:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 06:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-12-03 2181672]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2008-05-26 2042880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-02 1575680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PC\Start Menu\Programs\Startup\
Shortcut to speedfan.lnk - c:\program files\SpeedFan\speedfan.exe [2/17/2009 10:52:18 AM 3885688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"COMODO System Cleaner"=c:\program files\COMODO\Registry Cleaner\CT.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Aspyr\\Guitar Hero III\\GH3.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [3/30/2009 11:53:48 PM 36752]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [3/30/2009 11:53:48 PM 39440]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/14/2009 8:56:10 PM 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/2/2009 9:56:15 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/2/2009 9:56:15 PM 24208]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2009 8:56:10 PM 20560]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/15/2009 7:05:10 PM 80392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2/9/2009 7:46:04 PM 603904]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [1/19/2007 1:54:14 PM 97136]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 gupdate1c991ef4366a442;Google Update Service (gupdate1c991ef4366a442);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2009 7:35:12 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/22/2009 2:36:33 PM 1684736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-03-21 c:\windows\Tasks\COMODO Registry Cleaner task.job
- c:\program files\COMODO\Registry Cleaner\CRC.exe []

2009-03-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 19:35]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.rs
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\7wgo58m3.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 16:58:42
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1343024091-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,d7,7a,c5,fe,3d,b2,4e,55,f1,78,db,79,ef,38,b4,98,fb,cf,57,0f,fa,09,
7d,69,44,d5,fe,b1,4c,4b,1f,33,47,d1,e2,27,66,25,2b,ec,7c,22,5b,ce,fb,50,f7,\
"??"=hex:1d,6f,c8,83,ec,16,d6,8a,87,77,63,18,7c,f3,16,c8

[HKEY_USERS\S-1-5-21-2052111302-1343024091-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:93,44,08,e9,b6,4d,05,40,d5,c9,5d,a4,6c,02,15,f2,d5,2c,f1,76,a3,
f5,72,da,de,fc,48,1c,a2,5a,ac,47,43,11,d8,ed,54,54,70,a6,c8,85,38,bb,d0,17,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608-)
c:\windows\system32\guard32.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\guard32.dll
.
Completion time: 2009-03-31 16:59:36
ComboFix-quarantined-files.txt 2009-03-31 14:59:33
ComboFix2.txt 2009-03-31 13:47:50

Pre-Run: 55.439.405.056 bytes free
Post-Run: 55,497,216,000 bytes free

328

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?