cd/dvd nece da reze

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

cd/dvd nece da narezuje diskove. Uredno cita sve vrste medija, ali ni jedan program za rezanje nece da reze. Molim Vas pogledajte da nisam pokuipio neku napast. Hvala

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:35, on 27.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\Socks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\Korisnik\Desktop\My Computer\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinsysMon] C:\WINDOWS\system32\Socks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ww.4um.rs
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - 93.87.16.18/activex/AMC.cab
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 5623 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Ovde možda postoji malware, ali teško da je to uzrok opisanog problema.




Upload-uj file: C:\WINDOWS\system32\Socks.exe

Upload link: http://www.mycity.rs/ambulanta-upload.php





Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).




Preuzmi program RootRepeal sa jednog od sledećih linkova na Desktop:

http://rootrepeal.googlepages.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip


Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Iskopiraj sadržaj tog izveštaja u iduću poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Kada pokusam da uploadujem socks.exe, klikom na link dobijam praznu stranicu explorera. Kako da uploadujem?

Prikacio sam log file koji je napravio RSIT.

Program RootRepeal.exe ne moze da se pokrene. Evo razlog:

22:42:30: Warning - could not read Windows kernel using raw-disk reading!
22:42:30: Could not find module file on disk!
22:42:31: Could not find module file on disk!
22:42:31: Could not find module file on disk!

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upload može da sačeka...




Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Kacim
mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-27.02 - Korisnik 28.07.2009 0:19.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.381.1033.18.2046.1711 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Application Data\inst.exe
c:\recycler\S-1-5-21-3146027232-677793022-1255899302-1003
c:\windows\Installer\4e215.msi
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\drivers\vsfoceifkdvtbq.sys
c:\windows\system32\vsfocedablvhol.dat
c:\windows\system32\vsfoceqhgaemxo.dll
c:\windows\system32\vsfoceqjxuwcdt.dat
c:\windows\system32\vsfocewaorgkxy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vsfoceyfvamyqb


((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 20:50 . 2009-07-27 20:50 -------- d-----w- c:\program files\Lavasoft
2009-07-27 20:50 . 2009-07-27 20:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-27 20:38 . 2009-07-27 20:38 -------- d-----w- c:\program files\trend micro
2009-07-27 20:38 . 2009-07-27 20:38 -------- d-----w- C:\rsit
2009-07-27 12:49 . 2009-07-27 12:59 -------- d-----w- C:\Temp
2009-07-27 12:49 . 2005-01-18 22:18 323584 ----a-w- c:\windows\system32\FoxImager.dll
2009-07-27 12:49 . 2009-07-27 12:49 -------- d-----w- c:\program files\Cheetah Burner
2009-07-27 08:59 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-27 08:48 . 2009-07-27 08:48 -------- d-----w- c:\documents and settings\Korisnik\Application Data\AVS4YOU
2009-07-27 08:48 . 2009-07-27 08:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU
2009-07-27 08:47 . 2009-07-27 09:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-27 08:47 . 2009-07-27 08:47 -------- d-----w- c:\windows\system32\drivers\umdf
2009-07-27 08:46 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-27 08:46 . 2009-07-27 09:18 -------- d-----w- c:\program files\AVS4YOU
2009-07-27 08:46 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-27 08:43 . 2009-07-27 08:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-27 08:32 . 2009-07-27 08:32 154254 ----a-w- c:\documents and settings\Korisnik\Application Data\dllreg.exe
2009-07-20 22:09 . 2009-07-20 22:09 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\PowerDVDCox
2009-07-20 22:09 . 2009-07-20 22:13 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\PowerDVDCinema
2009-07-20 22:08 . 2009-07-20 22:08 -------- d-----w- c:\program files\Common Files\CyberLink
2009-07-19 10:31 . 2009-07-19 11:33 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Any Video Converter
2009-07-19 10:31 . 2009-07-19 11:33 -------- d-----w- c:\program files\Any Video Converter
2009-07-19 10:14 . 2009-07-19 10:25 -------- d-----w- c:\documents and settings\Korisnik\Application Data\gtk-2.0
2009-07-19 10:14 . 2009-07-19 10:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\avidemux
2009-07-19 03:26 . 2009-07-19 03:26 86311 ----a-w- c:\windows\system32\Socks.exe
2009-07-17 08:27 . 2009-07-27 12:34 -------- d-----w- c:\documents and settings\Korisnik\Application Data\vlc
2009-07-17 08:07 . 2009-07-17 08:07 -------- d-----w- c:\program files\Axis Communications
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\Korisnik\Application Data\HEXelon
2009-07-12 14:14 . 2009-07-12 21:51 -------- d-----w- c:\program files\TC UP
2009-07-12 11:34 . 2009-07-12 11:34 -------- d-----w- c:\program files\SubtitleCreator
2009-07-09 12:16 . 2009-07-09 12:16 -------- d-----w- c:\program files\XviD
2009-07-09 12:16 . 2009-07-12 11:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-09 12:16 . 2009-07-12 11:34 -------- d-----w- c:\program files\Gabest
2009-07-09 12:00 . 2009-07-09 12:03 249856 ------w- c:\windows\Setup1.exe
2009-07-09 12:00 . 2009-07-09 12:03 34816 ----a-w- c:\windows\ST6UNST.EXE
2009-07-08 20:45 . 2009-07-08 20:45 -------- d-----w- c:\program files\Gandalf Services
2009-07-08 20:45 . 2009-07-08 20:45 -------- d-----w- c:\windows\Downloaded Installations
2009-07-08 19:50 . 2009-07-08 19:53 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\SubtitleCreator
2009-07-08 19:30 . 2009-07-08 19:31 -------- d-----w- c:\program files\MagicISO
2009-07-07 21:17 . 2009-07-26 21:55 -------- d-----w- c:\documents and settings\Korisnik\Application Data\foobar2000
2009-07-07 21:14 . 2009-07-07 21:17 -------- d-----w- c:\program files\foobar2000
2009-07-06 20:02 . 2009-07-06 20:02 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DivX
2009-07-06 19:46 . 2009-07-06 19:46 -------- d-----w- c:\program files\Pegasys Inc
2009-07-05 14:00 . 2009-07-05 14:03 -------- d-----w- c:\documents and settings\Korisnik\Application Data\GARMIN
2009-07-05 13:42 . 2009-07-05 13:45 -------- d-----w- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 20:50 . 2008-11-02 10:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 12:59 . 2007-12-01 20:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 12:59 . 2008-04-04 18:48 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-27 09:36 . 2008-09-01 17:05 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Sony
2009-07-27 09:30 . 2008-09-01 16:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sony
2009-07-27 09:29 . 2008-09-01 16:58 -------- d-----w- c:\program files\Sony
2009-07-27 08:35 . 2008-04-04 09:06 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Vso
2009-07-26 21:43 . 2008-04-13 17:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DVD Shrink
2009-07-20 22:13 . 2008-04-02 11:40 -------- d-----w- c:\documents and settings\Korisnik\Application Data\CyberLink
2009-07-20 22:09 . 2008-04-02 10:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CyberLink
2009-07-20 22:07 . 2008-04-02 10:53 -------- d-----w- c:\program files\Cyberlink
2009-07-20 22:07 . 2008-04-02 10:53 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-20 22:07 . 2007-12-01 12:27 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-19 10:28 . 2008-04-05 09:26 -------- d-----w- c:\program files\Call of Duty
2009-07-09 00:13 . 2009-02-22 19:27 -------- d-----w- c:\documents and settings\Korisnik\Application Data\dvdcss
2009-07-08 23:33 . 2008-04-13 17:26 -------- d-----w- c:\program files\DVD Shrink
2009-07-08 20:08 . 2008-11-08 12:02 -------- d-----w- c:\program files\URUSoft
2009-06-19 11:35 . 2009-06-19 11:35 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-18 12:49 . 2009-06-18 12:49 14 ----a-w- c:\windows\popcinfo.dat
2009-06-13 14:47 . 2009-06-13 14:47 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 11:02 . 2009-06-06 11:02 -------- d-----w- c:\program files\Rockstar Games
2009-06-05 09:31 . 2008-04-02 10:40 16440 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 19:12 . 2009-06-02 09:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Pure Networks
2009-06-02 09:22 . 2009-06-02 09:22 8892928 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\atscie.msi
2009-05-31 17:57 . 2009-05-31 17:57 0 ----a-w- c:\windows\nsreg.dat
2009-05-01 13:43 . 2008-04-06 15:57 1003 ----a-w- c:\windows\eReg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinsysMon"="c:\windows\system32\Socks.exe" [2009-07-19 86311]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\WINDOWS\\system32\\Socks.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 34312]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/21 00:08];c:\program files\Cyberlink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 14:25 468224]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [22.3.2006 17:33 826752]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1.12.2007 21:17 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Advanced Uninstaller PRO Installation Monitor - c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-28 00:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Completion time: 2009-07-27 0:28
ComboFix-quarantined-files.txt 2009-07-27 22:28

Pre-Run: 15.921.475.584 bytes free
Post-Run: 16.663.961.600 bytes free

175

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zašto nisi dozvolio instalaciju Recovery Console?




Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\Socks.exe
c:\documents and settings\Korisnik\Application Data\dllreg.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinsysMon"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\Socks.exe"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Misli da me nije ni pitao da li zelim instalaciju Recovery Console.





ComboFix 09-07-27.02 - Korisnik 28.07.2009 1:30.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.381.1033.18.2046.1644 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\Korisnik\Application Data\dllreg.exe"
"c:\windows\system32\Socks.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Application Data\dllreg.exe
c:\windows\system32\Socks.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 20:50 . 2009-07-27 20:50 -------- d-----w- c:\program files\Lavasoft
2009-07-27 20:50 . 2009-07-27 20:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-27 20:38 . 2009-07-27 20:38 -------- d-----w- c:\program files\trend micro
2009-07-27 20:38 . 2009-07-27 20:38 -------- d-----w- C:\rsit
2009-07-27 12:49 . 2009-07-27 12:59 -------- d-----w- C:\Temp
2009-07-27 12:49 . 2005-01-18 22:18 323584 ----a-w- c:\windows\system32\FoxImager.dll
2009-07-27 12:49 . 2009-07-27 12:49 -------- d-----w- c:\program files\Cheetah Burner
2009-07-27 08:59 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-27 08:48 . 2009-07-27 08:48 -------- d-----w- c:\documents and settings\Korisnik\Application Data\AVS4YOU
2009-07-27 08:48 . 2009-07-27 08:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU
2009-07-27 08:47 . 2009-07-27 09:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-27 08:47 . 2009-07-27 08:47 -------- d-----w- c:\windows\system32\drivers\umdf
2009-07-27 08:46 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-27 08:46 . 2009-07-27 09:18 -------- d-----w- c:\program files\AVS4YOU
2009-07-27 08:46 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-27 08:43 . 2009-07-27 08:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-20 22:09 . 2009-07-20 22:09 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\PowerDVDCox
2009-07-20 22:09 . 2009-07-20 22:13 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\PowerDVDCinema
2009-07-20 22:08 . 2009-07-20 22:08 -------- d-----w- c:\program files\Common Files\CyberLink
2009-07-19 10:31 . 2009-07-19 11:33 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Any Video Converter
2009-07-19 10:31 . 2009-07-19 11:33 -------- d-----w- c:\program files\Any Video Converter
2009-07-19 10:14 . 2009-07-19 10:25 -------- d-----w- c:\documents and settings\Korisnik\Application Data\gtk-2.0
2009-07-19 10:14 . 2009-07-19 10:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\avidemux
2009-07-17 08:27 . 2009-07-27 12:34 -------- d-----w- c:\documents and settings\Korisnik\Application Data\vlc
2009-07-17 08:07 . 2009-07-17 08:07 -------- d-----w- c:\program files\Axis Communications
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\Korisnik\Application Data\HEXelon
2009-07-12 14:14 . 2009-07-12 21:51 -------- d-----w- c:\program files\TC UP
2009-07-12 11:34 . 2009-07-12 11:34 -------- d-----w- c:\program files\SubtitleCreator
2009-07-09 12:16 . 2009-07-09 12:16 -------- d-----w- c:\program files\XviD
2009-07-09 12:16 . 2009-07-12 11:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-09 12:16 . 2009-07-12 11:34 -------- d-----w- c:\program files\Gabest
2009-07-09 12:00 . 2009-07-09 12:03 249856 ------w- c:\windows\Setup1.exe
2009-07-09 12:00 . 2009-07-09 12:03 34816 ----a-w- c:\windows\ST6UNST.EXE
2009-07-08 20:45 . 2009-07-08 20:45 -------- d-----w- c:\program files\Gandalf Services
2009-07-08 20:45 . 2009-07-08 20:45 -------- d-----w- c:\windows\Downloaded Installations
2009-07-08 19:50 . 2009-07-08 19:53 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\SubtitleCreator
2009-07-08 19:30 . 2009-07-08 19:31 -------- d-----w- c:\program files\MagicISO
2009-07-07 21:17 . 2009-07-26 21:55 -------- d-----w- c:\documents and settings\Korisnik\Application Data\foobar2000
2009-07-07 21:14 . 2009-07-07 21:17 -------- d-----w- c:\program files\foobar2000
2009-07-06 20:02 . 2009-07-06 20:02 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DivX
2009-07-06 19:46 . 2009-07-06 19:46 -------- d-----w- c:\program files\Pegasys Inc
2009-07-05 14:00 . 2009-07-05 14:03 -------- d-----w- c:\documents and settings\Korisnik\Application Data\GARMIN
2009-07-05 13:42 . 2009-07-05 13:45 -------- d-----w- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 20:50 . 2008-11-02 10:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 12:59 . 2007-12-01 20:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 12:59 . 2008-04-04 18:48 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-27 09:36 . 2008-09-01 17:05 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Sony
2009-07-27 09:30 . 2008-09-01 16:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sony
2009-07-27 09:29 . 2008-09-01 16:58 -------- d-----w- c:\program files\Sony
2009-07-27 08:35 . 2008-04-04 09:06 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Vso
2009-07-26 21:43 . 2008-04-13 17:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DVD Shrink
2009-07-20 22:13 . 2008-04-02 11:40 -------- d-----w- c:\documents and settings\Korisnik\Application Data\CyberLink
2009-07-20 22:09 . 2008-04-02 10:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CyberLink
2009-07-20 22:07 . 2008-04-02 10:53 -------- d-----w- c:\program files\Cyberlink
2009-07-20 22:07 . 2008-04-02 10:53 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-20 22:07 . 2007-12-01 12:27 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-19 10:28 . 2008-04-05 09:26 -------- d-----w- c:\program files\Call of Duty
2009-07-09 00:13 . 2009-02-22 19:27 -------- d-----w- c:\documents and settings\Korisnik\Application Data\dvdcss
2009-07-08 23:33 . 2008-04-13 17:26 -------- d-----w- c:\program files\DVD Shrink
2009-07-08 20:08 . 2008-11-08 12:02 -------- d-----w- c:\program files\URUSoft
2009-06-19 11:35 . 2009-06-19 11:35 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-18 12:49 . 2009-06-18 12:49 14 ----a-w- c:\windows\popcinfo.dat
2009-06-13 14:47 . 2009-06-13 14:47 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 11:02 . 2009-06-06 11:02 -------- d-----w- c:\program files\Rockstar Games
2009-06-05 09:31 . 2008-04-02 10:40 16440 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 19:12 . 2009-06-02 09:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Pure Networks
2009-06-02 09:22 . 2009-06-02 09:22 8892928 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\atscie.msi
2009-05-31 17:57 . 2009-05-31 17:57 0 ----a-w- c:\windows\nsreg.dat
2009-05-01 13:43 . 2008-04-06 15:57 1003 ----a-w- c:\windows\eReg.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-27_22.27.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-27 23:25 . 2009-07-27 23:25 16384 c:\windows\Temp\Perflib_Perfdata_238.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 34312]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/21 00:08];c:\program files\Cyberlink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 14:25 468224]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [22.3.2006 17:33 826752]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1.12.2007 21:17 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-28 01:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Completion time: 2009-07-27 1:34
ComboFix-quarantined-files.txt 2009-07-27 23:33
ComboFix2.txt 2009-07-27 22:28

Pre-Run: 16.648.089.600 bytes free
Post-Run: 16.608.735.232 bytes free

167

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo je sada čisto. Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Obriši i ostale korišćene programe.



Za sve preostale probleme potraži pomoć u odgovarajućem potforumu.