Zaražen PC

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

PC mi je (bio) umrežen sa drugim PC-em.
Kada pošaljem printati na 2. PC javlja da ne postoji mrežna veza.
Kada ubodem USB stik ne prepoznaje ga, ili ga prepozna, a umjesto njegove ikone stavi mi ikonu foldera. AV mi nalazi nekakve malware koje ne mogu skinuti i sl.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:44:36, on 16.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\EPSON\ESM2\eEBAgent.exe
C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BeautifulEarth\Beautiful-Earth.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\PROGRA~1\FLOCK\FLOCK.EXE
C:\Documents and Settings\Računalo 2\Desktop\HijackThis 2.0.0 Beta\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GGWallpaper] C:\Program Files\BeautifulEarth\Beautiful-Earth.exe
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe C:\DOCUME~1\RAUNAL~1\IBM\Lotus\Symphony\.sodc\
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Postavke Gearsa - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Google Update Service (gupdate1c98795f66c459c) (gupdate1c98795f66c459c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\PROGRA~1\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9600 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Citat:AV mi nalazi nekakve malware koje ne mogu skinuti i sl.


Može li ovo malo preciznije?




Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.


-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-15.01 - Računalo 2 2009-02-17 7:31:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.1023.569 [GMT 1:00]
Running from: c:\documents and settings\Računalo 2\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090216-1] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-16 09:23 . 2009-02-16 09:23 <DIR> d--h----- c:\program files\Zenographics
2009-02-16 09:23 . 2006-07-28 11:00 143,360 -ra------ c:\windows\apptune1018.exe
2009-02-16 09:23 . 2006-07-28 11:00 106,496 -ra------ c:\windows\system32\vshp1018.dll
2009-02-16 09:23 . 2006-07-28 11:00 28,672 -ra------ c:\windows\system32\zlm.dll
2009-02-16 09:23 . 2006-07-28 11:00 28,672 -ra------ c:\windows\system32\IMF32.DLL
2009-02-16 09:23 . 2006-07-28 11:00 24,576 -ra------ c:\windows\system32\ZTAG32.DLL
2009-02-16 09:23 . 2006-07-28 11:00 7,280 -ra------ c:\windows\system32\ZSHP1018.HLP
2009-02-16 09:21 . 2009-02-16 09:22 <DIR> d-------- C:\hp_LJ1018_Full_Solution
2009-02-16 08:45 . 2007-12-10 08:00 430,080 --a------ c:\windows\system32\ZSHP1018.EXE
2009-02-16 08:45 . 2007-12-10 08:00 128,380 --a------ c:\windows\system32\hp1018.img
2009-02-16 08:45 . 2007-12-10 08:00 106,496 --a------ c:\windows\system32\ZSPOOL.DLL
2009-02-16 08:45 . 2007-12-10 08:00 102,400 --a------ c:\windows\system32\ZLhp1018.DLL
2009-02-16 08:45 . 2007-12-10 08:00 61,440 --a------ c:\windows\system32\ZIMF.DLL
2009-02-16 08:45 . 2007-12-10 08:00 53,248 --a------ c:\windows\system32\ZTAG.DLL
2009-02-16 08:45 . 2007-12-10 08:00 10,632 --a------ c:\windows\system32\ZSHP1018.CHM
2009-02-16 08:29 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-16 08:29 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-11 10:47 . 2009-02-13 07:37 127 --a------ c:\windows\wininit.ini
2009-02-11 07:05 . 2009-02-11 07:05 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 14:11 . 2009-02-09 14:11 <DIR> d-------- c:\documents and settings\Administrator.RACUNALO2
2009-02-04 15:15 . 2009-02-04 15:25 <DIR> d-------- c:\program files\Stardock
2009-02-04 15:15 . 2009-02-04 15:15 <DIR> d-------- c:\program files\Common Files\stardock
2009-02-04 15:15 . 2003-03-18 15:05 89,088 --a------ c:\windows\system32\atl71.dll
2009-02-04 15:15 . 2000-10-20 01:05 25,088 --a------ c:\windows\system32\msxml3a.dll
2009-02-04 11:45 . 2009-02-04 11:45 <DIR> d-------- c:\documents and settings\Računalo 2\IBM
2009-02-04 11:45 . 2009-02-04 11:45 <DIR> d-------- c:\documents and settings\Računalo 2\IBM
2009-02-04 11:44 . 2009-02-04 11:44 <DIR> d-------- c:\program files\IBM
2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Računalo 2\DownloadDirector
2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Računalo 2\DownloadDirector
2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Ra_unalo 2\DownloadDirector
2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Ra_unalo 2
2009-02-04 08:18 . 2009-02-04 08:32 <DIR> d-------- c:\documents and settings\Računalo 2\Application Data\IObit
2009-02-04 08:15 . 2009-02-05 09:40 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-30 12:47 . 2009-01-30 12:50 <DIR> d-------- c:\program files\WhiteSmoke
2009-01-30 12:47 . 2009-01-30 12:50 23 --a------ c:\windows\settings.ini
2009-01-23 09:52 . 2009-01-23 09:53 250 --a------ c:\windows\gmer.ini
2009-01-22 10:05 . 2009-01-22 10:05 <DIR> d-------- c:\windows\system32\hr-HR
2009-01-22 09:11 . 2009-01-22 10:35 <DIR> d-------- C:\dc245d67aca233770e0567461b
2009-01-22 07:58 . 2009-02-04 11:43 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-19 09:57 . 2009-01-19 09:58 <DIR> d-------- c:\documents and settings\Računalo 2\dwhelper
2009-01-19 09:57 . 2009-01-19 09:58 <DIR> d-------- c:\documents and settings\Računalo 2\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 06:35 --------- d-----w c:\documents and settings\Računalo 2\Application Data\BeautifulEarth
2009-02-17 06:29 --------- d-----w c:\program files\Flock
2009-02-16 08:23 --------- d-----w c:\program files\Hewlett-Packard
2009-02-13 09:15 --------- d-----w c:\documents and settings\Računalo 2\Application Data\Canon
2009-02-13 06:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 06:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-12 11:06 --------- d-----w c:\program files\Google
2009-02-11 15:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-10 09:23 --------- d-----w c:\program files\Defraggler
2009-02-05 14:27 --------- d-----w c:\program files\Common Files\ArcSoft
2009-02-05 14:27 --------- d-----w c:\program files\ASCII Art Studio
2009-02-05 14:27 --------- d-----w c:\program files\ArcSoft
2009-02-05 14:27 --------- d-----w c:\documents and settings\Računalo 2\Application Data\ArcSoft
2009-02-05 14:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2009-02-05 11:26 --------- d-----w c:\program files\eMule
2009-02-05 08:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 07:18 --------- d-----w c:\program files\IObit
2009-02-03 12:15 --------- d-----w c:\program files\Canon
2009-01-29 11:00 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-28 08:50 --------- d-----w c:\program files\MSECache
2009-01-16 11:50 --------- d-----w c:\program files\Cucusoft
2009-01-08 07:41 --------- dc----w c:\documents and settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-08 06:51 --------- d-----w c:\program files\Java
2008-12-23 09:47 --------- d-----w c:\documents and settings\Računalo 2\Application Data\Ahead
2008-12-23 09:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2008-12-22 08:56 --------- d-----w c:\program files\SSC Service Utility
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-19 15:53 98328 --a------ c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"GGWallpaper"="c:\program files\BeautifulEarth\Beautiful-Earth.exe" [2008-08-05 774656]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe" [2009-02-04 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2008-04-09 17:10 90112 c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-07-30 11:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Vip Communicator"="c:\program files\Vip\Vip Communicator\Vip Communicator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Nero\Nero 9\InCD\InCD.exe
"NBHGui"=c:\program files\Nero\Nero 9\InCD\NBHGui.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Program Files\\Vip\\Vip Communicator\\Vip Communicator.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200810171336\\win32\\x86\\symphony.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1055:TCP"= 1055:TCP:Discreet BrowseD
"1066:TCP"= 1066:TCP:Discreet Slave Render

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-10-10 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 114768]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-14 20560]
R2 Multiplicity;Stardock Multiplicity;c:\progra~1\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe [2009-02-04 242936]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2008-09-19 108568]
S2 gupdate1c98795f66c459c;Google Update Service (gupdate1c98795f66c459c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-10-20 98488]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f72f5b3-9900-11dd-bb5e-0019661222f3}]
\Shell\AutoRun\command - F:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8feaf030-ede7-11dd-bbd3-0019661222f3}]
\Shell\AutoRun\command - F:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2009-02-16 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-02-03 12:22]

2009-02-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-17 07:35:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\EPSON\ESM2\eEBSvc.exe
c:\progra~1\COMMON~1\stardock\SDMCP.exe
c:\program files\EPSON\ESM2\eEBAgent.exe
c:\program files\Nero\Nero 9\InCD\InCDSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe
.
**************************************************************************
.
Completion time: 2009-02-17 7:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 06:38:54

Pre-Run: 28.578.623.488 bytes free
Post-Run: 28,500,213,760 bytes free

225 --- E O F --- 2009-02-11 15:05:22



Dopuna: 17 Feb 2009 7:46

što se tiče malwarea, otprilike takve poruke dobivam. Svako malo nekakav win32 klon. Ko da mi je AV niš koristi!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napravio sam kako si rekao. Kada sam ubacio 1. stik ništa se nije događalo. prozor na programčiću bio je bijel preko min. pa sam ga ugasio (Ctrl+shift+esc) i restartao PC.
kada se sustav digao, zabunom sam ubacio stik, a da nisam uključio tvoj program. Čim sam to skužio odmah sam ga odspojio.
Upalio sam tvoj program i ubacio 2 stika. Za oboje se javio AV sa porukom, (slike prilažem), te sam ih stavio u karantenu.

Evo isvještaja:

USBNoRisk by bobby

Started at 19.2.2009 10:37:41

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {9ca6ffd6-96a9-11dd-9f77-806d6172696f}
D: {9ca6ffd7-96a9-11dd-9f77-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 9ca6ffd6-96a9-11dd-9f77-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 9ca6ffd7-96a9-11dd-9f77-806d6172696f
========================================

========================================



New device connected at 19.2.2009 10:37:47

Scanning for connected USB mass storage...
----------------------------------------
F: {0634bb40-a0cb-11dd-bb6e-0019661222f3}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized 0634bb40-a0cb-11dd-bb6e-0019661222f3
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

========================================
Removed F:
========================================


New device connected at 19.2.2009 10:39:38

Scanning for connected USB mass storage...
----------------------------------------
F: {d5a6f127-990e-11dd-bb5f-0019661222f3}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for d5a6f127-990e-11dd-bb5f-0019661222f3
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

Detektuje li AV nešto, prikazuju li se usb drive-ovi kako treba?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

AV ništa ne detektira, i USBovi se prikazuju u win. ex. kako treba, ali nema SAMO POKRENI (auto play ili kako se već zove) izbornika!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



Što se tiče autorun-a... ComboFIx ga je deaktivirao kako bi ''zatvorio vrata'' USB infektorima.
Preporučio bih da autorun ostane isključen, no ako baš želiš, možemo ga aktivirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Učinjeno!
I to je to, ili...?

PS
Kako se aktivira AUTORUN (čisto informativno)?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

To je to.

Dvoklikom na ovaj file aktiviraš autoplay (biće potreban restart): [Link mogu videti samo ulogovani korisnici]