Zaraza?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada stavim flash uvek mi doda neki EXE fajl razlicitog imena (CAPABILITYMANAGER.EXE,RUNDLL32.EXE,MBAM.EXE). Da li neko zna u cemu je problem
Pozdrav

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Uradi po uputstvu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Maj 2009 13:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:36, on 26.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\spoolsv.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\PC Security Tweaker\newlock.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\xampp\mysql\bin\mysqld-nt.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\windows\system32\svchost.exe
C:\windows\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boban\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
O8 - Extra context menu item: Prevedi sa Di recnikom - D:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\windows\System32\alg.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\PC Security Tweaker\newlock.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Messenger - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Network Connections (Netman) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: NetOp Helper ver. 9.21 (2008329) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp School\Student\NHOSTSVC.EXE
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvsvc32.exe
O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Themes - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: TuneUp Theme Extension (UxTuneUp) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: WebClient - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\windows\System32\svchost.exe

--
End of file - 15627 bytes

Dopuna: 26 Maj 2009 14:15

Nod mi je nasao virus Virut na mnogo mesta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Maj 2009 14:21

Ja ne vidim da imas Antivirus.


Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Dopuna: 26 Maj 2009 14:44

Citat:Ja ne vidim da imas Antivirus.

Sorry nisam primetio

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nece. Kada pokrenem ComboFix on pocne da radi i na kraju napise ERROR i izbrise se sa dektopa gde sam ga skinuo. Probao sam da ga preimenujem ali se isto desava.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

http://amf.mycity.rs/programs/mirrored/C-F.exe

Probaj sa ovim, Obavezno prihvati update

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-04-17.05 - Boban 26.05.2009 17:45.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.597 [GMT 2:00]
Running from: c:\documents and settings\Boban\Desktop\C-F.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 13:19 . 2009-05-26 15:44 -------- d-----w C:\ComboFix
2009-05-26 07:16 . 2009-05-26 07:16 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-05-25 15:28 . 2009-05-25 15:28 -------- d--h--w C:\PC Security Tweaker
2009-05-25 12:54 . 2009-05-25 12:55 -------- d-----w C:\!SKOLA
2009-05-25 09:50 . 2009-05-25 09:50 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sony Ericsson
2009-05-25 09:23 . 2009-05-26 07:17 -------- d-----w c:\program files\Invisible Browsing
2009-05-25 07:26 . 2009-05-25 07:26 -------- d-----w c:\program files\Mutilate File Wiper
2009-05-24 08:33 . 2009-05-25 12:53 -------- d-----w C:\CyrStart
2009-05-24 08:33 . 2009-05-24 08:33 49 ----a-w c:\windows\CyrKbd.ini
2009-05-21 13:10 . 2009-05-21 13:10 -------- d-----w c:\program files\Unlocker
2009-05-20 07:22 . 2009-05-20 07:22 47883 ----a-w C:\M4.DBF
2009-05-11 08:14 . 2009-02-24 16:42 116736 ----a-w c:\windows\system32\drivers\mcdbus.sys
2009-05-11 08:14 . 2009-05-26 07:16 -------- d-----w c:\program files\MagicDisc
2009-05-06 07:10 . 2009-05-06 07:10 9728 ----a-w c:\windows\system32\bdco1ins.dll
2009-05-06 07:10 . 2009-05-06 07:10 201728 ----a-w c:\windows\system32\fdco1ins.dll
2009-05-06 07:09 . 2009-05-06 07:09 42 ----a-w c:\windows\system32\DriverChecker.lie
2009-05-06 07:08 . 2009-05-06 07:12 -------- d-----w c:\program files\Driver Checker
2009-05-01 20:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 20:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 20:05 . 2009-05-01 20:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 17:43 . 2004-02-22 23:00 1386496 ----a-w c:\windows\MSVBVM60.DLL
2009-04-30 13:00 . 2009-04-30 13:00 -------- d-----w C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 15:41 . 2008-08-27 07:40 484 ----a-w C:\sccfg.sys
2009-05-26 14:42 . 2008-08-19 13:24 -------- d-----w c:\documents and settings\Boban\Application Data\SolidDocuments
2009-05-26 13:14 . 2004-08-03 22:56 44544 ----a-w c:\windows\system32\alg.exe
2009-05-26 12:15 . 2008-01-13 19:13 -------- d-----w c:\program files\DBF Viewer 2000
2009-05-26 11:51 . 2008-06-08 18:22 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-26 11:50 . 2008-01-12 19:03 -------- d-----w c:\program files\WinHTTrack
2009-05-26 11:48 . 2008-07-24 08:12 -------- d-----w c:\documents and settings\Boban\Application Data\uTorrent
2009-05-26 07:18 . 2008-03-07 08:41 -------- d-----w c:\program files\recnik
2009-05-26 07:17 . 2009-02-15 13:56 -------- d-----w c:\program files\NOD32view
2009-05-26 07:17 . 2009-03-16 09:30 -------- d-----w c:\program files\Super Internet TV
2009-05-26 07:16 . 2008-02-17 14:55 -------- d-----w c:\program files\QuickTime
2009-05-26 07:16 . 2008-01-10 21:28 -------- d-----w c:\program files\PC Auto Shutdown
2009-05-26 07:16 . 2008-01-23 10:12 -------- d-----w c:\program files\IrfanView
2009-05-26 07:16 . 2008-05-31 11:48 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-05-26 07:13 . 2009-01-14 10:00 -------- d-----w c:\program files\PhotoFiltre Studio
2009-05-25 12:29 . 2008-01-08 20:27 114872 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 13:10 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\Desktopicon
2009-05-20 13:19 . 2008-08-27 18:08 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-05-20 07:18 . 2008-08-27 12:14 145920 ----a-w C:\M4cacak.xls
2009-05-06 07:10 . 2008-01-09 05:12 33536 ----a-w c:\windows\system32\drivers\NVENETFD.sys
2009-05-06 07:10 . 2008-01-09 05:12 32256 ----a-w c:\windows\system32\nvconrm.dll
2009-05-06 07:10 . 2008-01-09 05:12 261888 ----a-w c:\windows\system32\drivers\nvnrm.sys
2009-05-06 07:10 . 2008-01-09 05:12 208256 ----a-w c:\windows\system32\drivers\nvsnpu.sys
2009-05-06 07:10 . 2008-01-09 05:12 201728 ----a-w c:\windows\system32\fdco1.dll
2009-05-06 07:10 . 2008-01-09 05:12 12928 ----a-w c:\windows\system32\drivers\nvnetbus.sys
2009-05-06 07:10 . 2008-01-09 05:12 9728 ----a-w c:\windows\system32\bdco1.dll
2009-04-30 18:16 . 2008-05-11 07:34 -------- d-----w c:\documents and settings\Boban\Application Data\Thinstall
2009-04-30 18:12 . 2008-01-21 17:53 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-30 17:07 . 2008-05-29 07:51 -------- d-----w c:\documents and settings\Boban\Application Data\MegauploadToolbar
2009-04-20 16:01 . 2008-01-09 05:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 15:58 . 2008-06-25 17:06 -------- d-----w c:\program files\Flash Website Design
2009-04-20 15:57 . 2008-01-23 13:23 -------- d-----w c:\program files\flash
2009-04-20 15:52 . 2008-01-21 17:59 -------- d-----w c:\program files\CoffeeCup Software
2009-04-20 15:51 . 2008-10-06 07:54 -------- d-----w c:\program files\AutoVer
2009-04-18 07:18 . 2008-01-10 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 07:18 . 2008-01-10 18:18 -------- d-----w c:\program files\ADAWRE
2009-04-08 21:27 . 2009-02-16 12:59 -------- d-----w c:\program files\Trojan Remover
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\Boban\Application Data\Malwarebytes
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Common Files\EPSON
2009-03-29 11:31 . 2008-11-13 13:22 -------- d-----w c:\program files\Spy Cleaner Gold
2009-03-29 11:26 . 2009-03-17 15:39 -------- d-----w c:\program files\Multi Password Recovery
2009-03-29 11:24 . 2009-03-29 11:24 -------- d-----w c:\program files\Smart Virus Remover
2009-03-25 21:02 . 2008-06-03 05:26 22463 ----a-w c:\windows\system32\epfwdata.bin
2009-03-12 20:24 . 2009-03-12 20:24 137728 ----a-w C:\M4gm.xls
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24E.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24D.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24C.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87C.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87A.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml879.tmp
2008-09-01 08:52 . 2008-09-01 08:52 128 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\fusioncache.dat
2008-07-25 13:22 . 2008-06-03 20:52 88 --sh--r c:\documents and settings\All Users\Application Data\428B7D0D81.sys
2008-07-25 13:22 . 2008-06-03 20:52 2984 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-02-03 15:34 . 2009-02-03 15:34 68 --sha-w c:\windows\system32\windzfa0.sys
.

------- Sigcheck -------

[-] 2004-08-03 22:56 34816 ED88F7156EDCE53276E27F690DB5FECF c:\windows\system32\svchost.exe
[-] 2004-08-03 22:56 14336 A1CE5DD4C50F596FACB96777E92C786A c:\windows\system32\dllcache\svchost.exe

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-03 22:56 1052672 BE73BC7332C4081BEAA43C3114092A7D c:\windows\explorer.exe
[-] 2004-08-03 22:56 1032192 C9C7CF667A86077CF0252024249839B1 c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 35840 9ACA10AE9C846B029DE5AE54022FA353 c:\windows\system32\ctfmon.exe
[-] 2004-08-03 22:56 15360 4BC57F5F054186E06EDB109A01043494 c:\windows\system32\dllcache\ctfmon.exe

[-] 2004-08-03 22:56 78336 A8AAE74683D24699C8D6C6189DE6A249 c:\windows\system32\spoolsv.exe
[-] 2004-08-03 22:56 57856 35E9B4EB71478584DCBF948FDDCBF1D1 c:\windows\system32\dllcache\spoolsv.exe

[-] 2002-12-31 12:00 111104 11BF81AB25CFA7080CE80C6B7CE610CA c:\windows\system32\WUAUCLT.EXE
[-] 2002-12-31 12:00 111104 D147065BBE9BC833D531EE0E0BF9379D c:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 24576 14BECB15A1BB7A843496A457BFBAC46E c:\windows\system32\userinit.exe
[-] 2004-08-03 22:56 24576 A2DFF5C716637533CA4CC08081CCCF94 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 35840 ----a-w c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-05-25 14:02 6746112 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 07:58 68856 ----a-w c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Auto Shutdown"=c:\program files\PC Auto Shutdown\AutoShutdown.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"00saskda"="c:\program files\1st Security Agent\newlock.exe" saskda
"TrayFactory"=d:\! dobri programi\!RAZNO\PS Tray Factory 2.52\PSTrayFactory.exe /start
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 HWiNFO32;HWiNFO32 Kernel Driver; [x]
R2 klpsrvc;klpsrvc; [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 block_reader;MPR DRV; [x]
R3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\DRIVERS\dwvscd.sys [2008-04-16 16696]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2007-05-02 55296]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 PORTMON;PORTMON; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [2008-09-01 98488]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123); [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208]
S1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008329);c:\windows\System32\Drivers\NHOSTNT1.SYS [2008-11-24 102544]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [2008-06-14 37888]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2008-07-06 1473536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008329);c:\program files\Danware Data\NetOp School\Student\NHOSTSVC.EXE [2008-11-24 1705896]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2006-12-08 471552]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-22 603904]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
S3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008329) (NHOSTNT3);c:\windows\System32\Drivers\NHOSTNT3.SYS [2008-11-24 10280]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2009-05-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 01:39]

2008-08-03 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 12:28]

2009-05-26 c:\windows\Tasks\OFF.job
- c:\windows\system32\shutdown.exe [2004-08-03 22:56]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-InvisibleBrowsing - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
IE: Prevedi sa Di recnikom - d:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\
FF - component: c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Boban\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 17:46
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E628ABE-25B0-7959-18B5-B5F2BAB81FE5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panclfcefkdjlbbabbfkekfnebmkibgh"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,
6a,65,66,61,67,65,65,00,fc
"oahdnggiehbahillfkklckihjgbofc"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,6a,
65,66,61,67,65,65,00,ff

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9435EE08-ADD3-A534-31C1-CE2382557008}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakljmmedmndhcoabi"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"hamlhhoibinpocak"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"gajkigojcnlgaa"=hex:6a,61,6e,66,6c,68,6d,6a,62,6e,6b,62,6a,66,66,6f,66,69,6b,
6f,00,02

[HKEY_LOCAL_MACHINE\software\Classes\N94827103]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="S"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1508-)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(6076)
c:\windows\system32\msi.dll
.
Completion time: 2009-05-26 17:48
ComboFix-quarantined-files.txt 2009-05-26 15:47
ComboFix2.txt 2009-04-18 07:08

Pre-Run: 56.815.190.016 bytes free
Post-Run: 56.813.506.560 bytes free

396

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@bobang
Evo kako stoje stvari, kod tebe.
Tvoj sistem je tesko ostecen. Najbolje je da formatiras C, podignes novi sistem, odmah instaliras antivirus i skeniras ceo komp, komplet! Postoji mogucnost, u procentima nekih 30-40% da ga se resis, ali, sistem je vec pretrpeo veliku stetu, tako da ...?
Ako zelis mogu da ti preporucim neki alat za uklanjanje, ali da sam ja na tvom mestu, ja bih uradio kao sto sam ti gore napisao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Formatiracu ceo disk. Ali imam i drugi disk D na kome su mi vazni podaci i mnogo programa. Sta da radim sa njima, jer mi je i on zarazen a voleo bih da mi ti podaci ostanu. Da li mozes da mi kazes kako se uvukao ovaj virus jer sam samo u poselednje vreme jurio neku cirilicu za windows 98 i mislim da sam sa nekim od tih programa zarazio racunar. Ne bi bilo lose da mi kazes neki alat sa kojim bi bar obrisao virus na D disku.
Unapred hvala. I jos nesto, posto radim u skoli veoma cesto kopiram podatke pomocu flasha sa mog racunara na skolske i obrnuto, Sta ako sam virus preneo putem flasha, jer ce opet i sredjen racunar da se ponovo zarazi ako se ovaj virus moze preneti putem flasha.
Pozdrav

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ti dva alata, Norman Virut Cleaner i drWeb CureIt

http://www.norman.com/support/support_tools/68989/en


Preuzmi Dr.Web CureIt (~13 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Sto se tice flashke odradi sledece:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.