ne mogu da otvorim ni c ni d!!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu da otvorim ni c ni d ni duplim klikom ni desni klik pa open, nikako. Otvaraju se samo ako kliknem na explore. Ponekad mi kad probam da otvorim C kaze da ne moze da nadje recycler\s-8-6-55-100005931-1000014105-1000019939-259.com, a D ni na sta ne reaguje!
Sta da mu radim?

Dopuna: 05 Feb 2009 13:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:54, on 5.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\HDTVPlayer\BlazeDTV 3.5\MediaDetector.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FDE6C76-3F7C-4812-A8B5-3E588EEF5177}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FDE6C76-3F7C-4812-A8B5-3E588EEF5177}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FDE6C76-3F7C-4812-A8B5-3E588EEF5177}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5520 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Uradi sledece :

Iskljuci sav zastitni softver...

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-04.04 - Admin 2009-02-05 14:25:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.624 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-7-1-13-100000747-100016712-100022569-1314.com
c:\windows\system32\drivers\gaopdxethelwfe.sys
c:\windows\system32\drivers\gaopdxhpyyqxtp.sys
c:\windows\system32\drivers\gaopdxmlemovdb.sys
c:\windows\system32\drivers\gaopdxoofjwbpq.sys
c:\windows\system32\drivers\gaopdxpagxanfo.sys
c:\windows\system32\drivers\gaopdxppfejbxn.sys
c:\windows\system32\drivers\gaopdxvrrppjnq.sys
c:\windows\system32\drivers\gaopdxygkfkveo.sys
c:\windows\system32\gaopdxsmbitaxt.dll
c:\windows\system32\MSREPL35.DLL
D:\Autorun.inf
d:\recycler\S-0-7-24-100027430-100025366-100022757-6355.com
d:\recycler\S-1-7-79-100019978-100032028-100023808-8009.com
d:\recycler\S-2-1-85-100022079-100030316-100032082-2253.com
d:\recycler\S-3-2-39-100021188-100009380-100019529-3109.com
d:\recycler\S-3-5-47-100000641-100023497-100023349-9805.com
d:\recycler\S-6-0-13-100014523-100006379-100031857-2139.com
d:\recycler\S-6-7-32-100012726-100025815-100030603-9724.com
d:\recycler\S-7-1-13-100000747-100016712-100022569-1314.com
d:\recycler\S-7-6-61-100027988-100030269-100004107-7975.com
d:\recycler\S-8-6-55-100005931-100014105-100019939-2596.com
d:\recycler\S-8-9-22-100030984-100022399-100000157-9079.com
d:\recycler\S-9-1-63-100002742-100024252-100030415-7871.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-04 16:43 . 2009-02-04 16:44 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 11:51 . 2009-02-04 11:51 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-04 11:51 . 2009-02-04 11:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-02-04 11:51 . 2009-02-04 11:51 <DIR> d-------- c:\documents and settings\Admin\Application Data\Ldoce
2009-02-04 11:51 . 2009-02-04 11:51 54,784 --a------ c:\windows\system32\drivers\CDAC11BA.EXE
2009-02-04 11:51 . 2009-02-04 11:51 12,464 --a------ c:\windows\system32\drivers\CdaC15BA.SYS
2009-02-04 11:51 . 2009-02-04 11:51 335 --a------ c:\windows\ldoce.dat
2009-02-04 11:46 . 2009-02-04 11:46 <DIR> d-------- c:\program files\Longman
2009-02-04 10:30 . 2009-02-04 10:30 <DIR> d-------- c:\program files\URUSoft
2009-02-03 17:52 . 2009-02-03 17:52 <DIR> d-------- c:\program files\PDFCreator
2009-02-03 17:52 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-02-03 17:52 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-02-03 17:52 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-01-28 17:16 . 2009-01-28 17:16 <DIR> d-------- c:\documents and settings\Admin\Application Data\Move Networks
2009-01-28 16:48 . 2009-01-28 16:48 <DIR> d-------- c:\windows\HDTVPlayer
2009-01-28 16:48 . 2009-01-28 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\BlazeVideo
2009-01-28 16:48 . 2009-02-05 12:53 4 --a------ c:\windows\system32\gaopdxcounter
2009-01-27 14:54 . 2009-02-04 09:52 <DIR> d-------- c:\program files\FrostWire
2009-01-27 14:54 . 2009-02-05 14:19 <DIR> d-------- c:\documents and settings\Admin\Application Data\FrostWire
2009-01-27 14:37 . 2009-01-27 14:53 <DIR> d-------- c:\program files\Common Files\Real
2009-01-25 12:44 . 2009-02-01 21:24 <DIR> d-------- C:\temp
2009-01-23 17:16 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2009-01-23 17:16 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2009-01-23 17:16 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2009-01-23 17:16 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2009-01-23 17:16 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2009-01-23 17:16 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2009-01-23 17:16 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2009-01-23 17:16 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2009-01-23 17:16 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2009-01-22 11:57 . 2009-01-22 11:57 38 --a------ c:\windows\avisplitter.INI
2009-01-21 23:19 . 2005-03-25 23:42 363,520 --a------ c:\windows\system32\psisdecd.dll
2009-01-21 23:19 . 2005-03-25 23:42 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-01-21 23:19 . 2004-08-04 00:56 56,832 --a------ c:\windows\system32\msdvbnp.ax
2009-01-21 23:19 . 2004-08-04 00:56 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-01-21 23:19 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\psisrndr.ax
2009-01-21 23:19 . 2004-08-04 00:56 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2009-01-20 13:11 . 2009-01-20 13:11 <DIR> d-------- c:\program files\BearShare
2009-01-20 13:11 . 2009-02-03 19:38 <DIR> d-------- C:\My Downloads
2009-01-17 17:51 . 2009-01-17 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-17 17:46 . 2009-01-17 17:46 <DIR> d-------- c:\program files\FaxTools
2009-01-17 17:46 . 2009-01-17 17:46 <DIR> d-------- c:\program files\ABBYY FineReader 6.0
2009-01-17 17:46 . 2009-01-17 17:46 <DIR> d-------- c:\program files\ABBYY FineReader 5.0 Sprint
2009-01-17 17:46 . 2009-01-17 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-17 17:44 . 2009-01-17 17:45 <DIR> d-------- c:\program files\Lexmark 1200 Series
2009-01-17 17:44 . 2006-01-12 05:32 983,107 --a------ c:\windows\system32\LXCZGF.DLL
2009-01-17 17:44 . 2006-07-13 06:22 458,752 --a------ c:\windows\system32\LXCZJSWR.DLL
2009-01-17 17:44 . 2006-07-13 06:17 356,352 --a------ c:\windows\system32\LXCZUTIL.DLL
2009-01-17 17:44 . 2006-07-13 06:45 69,632 --a------ c:\windows\system32\lxczscin.dll
2009-01-17 17:44 . 2006-07-13 06:45 57,344 --a------ c:\windows\system32\lxczcinf.dll
2009-01-17 17:44 . 2006-07-13 06:45 49,152 --a------ c:\windows\system32\lxczcoin.dll
2009-01-17 17:44 . 2006-01-30 13:42 270 --a------ c:\windows\system32\lxczcoin.ini
2009-01-17 17:36 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-17 17:36 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-16 16:02 . 2009-02-02 20:42 <DIR> d-------- C:\DVDVideoSoft
2009-01-15 17:01 . 2009-01-25 12:57 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-15 17:01 . 2009-01-15 17:01 1,409 --a------ c:\windows\QTFont.for
2009-01-14 16:41 . 2009-01-14 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-14 16:41 . 2009-01-14 16:41 <DIR> d-------- c:\documents and settings\Admin\Application Data\CyberLink
2009-01-14 16:16 . 2009-01-14 16:16 <DIR> d-------- c:\program files\DVDVideoSoft
2009-01-14 16:16 . 2009-01-14 16:17 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2009-01-14 15:20 . 2009-01-27 14:53 59 --a------ c:\windows\cdplayer.ini
2009-01-14 14:37 . 2009-01-14 14:41 <DIR> d-------- c:\program files\Winamp
2009-01-14 14:37 . 2009-01-14 14:44 <DIR> d-------- c:\documents and settings\Admin\Application Data\Winamp
2009-01-13 22:05 . 2009-01-13 22:06 <DIR> d-------- c:\program files\Internet Jamb Klub
2009-01-13 22:05 . 2009-01-13 22:05 720,896 --a------ c:\windows\iun6002.exe
2009-01-13 21:58 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-13 21:58 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-01-13 21:40 . 2001-03-06 18:05 4,358,144 -ra------ c:\windows\uncsetup.exe
2009-01-13 21:27 . 2008-10-27 14:38 2,362 --a------ C:\ma477.bin
2009-01-13 20:34 . 2009-01-13 20:34 <DIR> d-------- c:\documents and settings\Admin\Application Data\ACD Systems
2009-01-13 20:30 . 2009-02-02 20:52 <DIR> d-------- c:\documents and settings\Admin\Application Data\Wildfire
2009-01-13 20:30 . 2009-01-13 20:30 4,096 --a------ c:\windows\d3dx.dat
2009-01-13 19:39 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2009-01-13 19:38 . 2009-01-13 19:38 <DIR> d-------- c:\documents and settings\Admin\Application Data\ESET
2009-01-13 19:37 . 2009-01-13 19:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-01-13 19:36 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-13 19:24 . 2009-01-13 19:24 <DIR> d-------- c:\documents and settings\Admin\Application Data\Media Player Classic
2009-01-13 19:24 . 2009-01-29 17:38 69 --a------ c:\windows\NeroDigital.ini
2009-01-13 19:19 . 2009-01-13 19:19 <DIR> d-------- c:\windows\system32\RTCOM
2009-01-13 19:19 . 2006-07-12 16:50 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2009-01-13 19:19 . 2004-08-04 01:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2009-01-13 19:19 . 2004-08-04 00:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2009-01-13 19:19 . 2004-08-03 23:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-13 19:19 . 2004-08-04 01:56 4,096 --a------ c:\windows\system32\ksuser.dll
2009-01-13 19:18 . 2009-01-13 19:18 <DIR> d-------- c:\windows\Motorola
2009-01-13 19:18 . 2004-08-04 01:56 74,240 --a------ c:\windows\system32\usbui.dll
2009-01-13 19:18 . 2009-01-13 19:18 0 --a------ c:\windows\ativpsrm.bin
2009-01-13 19:13 . 2009-01-13 18:25 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-13 19:12 . 2002-12-31 13:00 2,012,670 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2009-01-13 19:11 . 2009-02-05 14:25 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-13 19:11 . 2009-01-13 19:11 <DIR> d-------- c:\windows\system32\CatRoot
2009-01-13 19:11 . 2002-12-31 13:00 1,086,058 -ra------ c:\windows\SET4.tmp
2009-01-13 19:11 . 2002-12-31 13:00 1,042,903 -ra------ c:\windows\SET3.tmp
2009-01-13 19:11 . 2002-12-31 13:00 13,753 -ra------ c:\windows\SET8.tmp
2009-01-13 19:10 . 2005-01-11 13:25 923,826 --a------ c:\windows\system32\drivers\smserial.sys
2009-01-13 19:10 . 2004-12-29 12:01 544,768 --a------ c:\windows\sm56hlpr.exe
2009-01-13 19:10 . 2004-12-29 12:01 73,728 --a------ c:\windows\system32\sm56co.dll
2009-01-13 19:10 . 2004-11-02 16:12 65,536 --a------ c:\windows\sm56spn.dll
2009-01-13 19:10 . 2004-11-02 16:12 65,536 --a------ c:\windows\sm56itl.dll
2009-01-13 19:10 . 2004-11-02 16:12 65,536 --a------ c:\windows\sm56ger.dll
2009-01-13 19:10 . 2004-11-02 16:12 65,536 --a------ c:\windows\sm56fra.dll
2009-01-13 19:10 . 2004-11-10 10:42 65,536 --a------ c:\windows\sm56eng.dll
2009-01-13 19:10 . 2004-11-02 16:12 65,536 --a------ c:\windows\sm56brz.dll
2009-01-13 19:10 . 2004-11-10 10:42 49,152 --a------ c:\windows\sm56jpn.dll
2009-01-13 19:10 . 2004-11-10 10:42 45,056 --a------ c:\windows\sm56cht.dll
2009-01-13 19:10 . 2004-11-11 07:16 45,056 --a------ c:\windows\sm56chs.dll
2009-01-13 19:07 . 2008-01-29 21:47 16,859,648 --a------ c:\windows\RTHDCPL.EXE
2009-01-13 19:07 . 2007-03-24 01:19 9,715,200 --a------ c:\windows\RTLCPL.EXE
2009-01-13 19:07 . 2008-01-30 17:28 4,725,760 --a------ c:\windows\system32\drivers\RtkHDAud.sys
2009-01-13 19:07 . 2006-05-04 22:26 2,808,832 --a------ c:\windows\ALCWZRD.EXE
2009-01-13 19:07 . 2007-06-28 22:44 2,165,760 --a------ c:\windows\MicCal.exe
2009-01-13 19:07 . 2007-11-21 00:15 1,826,816 --a------ c:\windows\SkyTel.exe
2009-01-13 19:07 . 2007-11-07 23:31 1,191,936 --a------ c:\windows\RtlUpd.exe
2009-01-13 19:07 . 2005-09-21 16:25 299,008 --a------ c:\windows\system32\ALSNDMGR.CPL
2009-01-13 19:07 . 2006-08-18 12:58 282,624 --a------ c:\windows\system32\RTSndMgr.CPL
2009-01-13 19:07 . 2006-07-21 22:14 86,016 --a------ c:\windows\SOUNDMAN.EXE
2009-01-13 19:07 . 2005-05-04 00:43 69,632 --a------ c:\windows\ALCMTR.EXE
2009-01-13 19:06 . 2007-07-12 16:49 96,384 --a------ c:\windows\system32\drivers\Rtnicxp.sys
2009-01-13 19:03 . 2008-01-22 21:14 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2009-01-13 19:03 . 2008-01-22 21:14 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2009-01-13 19:03 . 2008-01-22 21:14 887,724 --a------ c:\windows\system32\ativva6x.dat
2009-01-13 19:03 . 2008-01-22 21:34 512,000 --a------ c:\windows\system32\ati2evxx.exe
2009-01-13 19:03 . 2008-01-07 15:43 165,782 --a------ c:\windows\system32\atiicdxx.dat
2009-01-13 19:03 . 2006-06-19 04:37 36,864 --a------ c:\windows\system32\drivers\AmdK8.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-27 13:49 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-01-21 15:49 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-17 16:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-13 19:30 --------- d-----w c:\program files\Tumblebugs
2009-01-13 18:37 --------- d-----w c:\program files\Eset
2009-01-13 17:55 --------- d-----w c:\program files\PerformanceTest
2009-01-13 17:55 --------- d-----w c:\program files\Common Files\Ahead
2009-01-13 17:55 --------- d-----w c:\program files\Ahead
2009-01-13 17:54 --------- d-----w c:\program files\Microsoft Works
2009-01-13 17:54 --------- d-----w c:\program files\CyberLink
2009-01-13 17:50 --------- d-----w c:\program files\Common Files\ACD Systems
2009-01-13 17:50 --------- d-----w c:\program files\ACD Systems
2009-01-13 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-13 17:49 --------- d-----w c:\program files\MrDicty 2000
2009-01-13 17:46 --------- d-----w c:\program files\SM
2009-01-13 17:46 --------- d-----w c:\program files\Jooleem
2009-01-13 17:46 --------- d-----w c:\program files\EverestUltimatePortable
2009-01-13 17:46 --------- d-----w c:\program files\Audiograbber
2009-01-13 17:43 --------- d-----w c:\program files\microsoft frontpage
2009-01-13 17:42 --------- d-----w c:\program files\Real Alternative
2009-01-13 17:42 --------- d-----w c:\program files\QuickTime Alternative
2009-01-13 17:42 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-13 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-13 17:41 --------- d-----w c:\program files\Webteh
2009-01-13 17:41 --------- d-----w c:\program files\Utilities
2009-01-13 17:41 --------- d-----w c:\program files\Java
2009-01-13 17:41 --------- d-----w c:\program files\Common Files\Java
2009-01-13 17:40 --------- d-----w c:\program files\Lavasoft
2009-01-13 17:40 --------- d-----w c:\program files\Common Files\Adobe
2009-01-13 17:29 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-13 17:23 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-13 17:23 --------- d-----w c:\program files\NeoSmart Technologies
2009-01-13 17:23 --------- d-----w c:\program files\DVD Shrink
2009-01-13 17:23 --------- d-----w c:\program files\DVD Decrypter
.

------- Sigcheck -------

2002-12-31 13:00 360832 ce3ec03c9f65302e44af5c452d20a86f c:\windows\system32\drivers\tcpip.sys

2002-12-31 13:00 502272 6225f14b8ce08ccba8b25ad27843c674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2005-11-17 3223552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2002-12-31 119808]
R2 ekrn;Eset Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [2007-12-21 468224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BlazeServoTool - c:\program files\HDTVPlayer\BlazeDTV 3.5\MediaDetector.exe


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-05 14:26:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-05 14:27:16
ComboFix-quarantined-files.txt 2009-02-05 13:27:14

Pre-Run: 45,600,722,944 bytes free
Post-Run: 45,654,876,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

285

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Proradio je. Jeeeeeeeeeeee...
You are a life saver!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kasnije cu ti javiti dalju proceduru

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I imam jos jedno pitanje. Kad prikacim player sa memorijskom pojavljuje mi se neki folder recaycler. Sam se stvori i kad ga obrisem, opet se stvori, a prazan je. U cemu je fora? Jel to imalo neke veze sa ovim c i d?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Neka ti pri ruci bude taj player... Treba ce nam za sledecu proceduru...

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

USBNoRisk by bobby

Started at 5.2.2009 15:27:26

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
D: {e0913de8-e199-11dd-82a8-806d6172696f}
C: {e0913dea-e199-11dd-82a8-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for e0913dea-e199-11dd-82a8-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for e0913de8-e199-11dd-82a8-806d6172696f
========================================

========================================



New device connected at 5.2.2009 15:27:57

Scanning for connected USB mass storage...
----------------------------------------
F: {2e77fe6a-f391-11dd-a3d2-001c25087f22}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 2e77fe6a-f391-11dd-a3d2-001c25087f22
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

========================================
Removed F:
========================================


New device connected at 5.2.2009 15:28:03

Scanning for connected USB mass storage...
----------------------------------------
F: {2e77fe6a-f391-11dd-a3d2-001c25087f22}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 2e77fe6a-f391-11dd-a3d2-001c25087f22
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

========================================
Removed F:
========================================


New device connected at 5.2.2009 15:28:08

Scanning for connected USB mass storage...
----------------------------------------
F: {2e77fe6a-f391-11dd-a3d2-001c25087f22}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 2e77fe6a-f391-11dd-a3d2-001c25087f22
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

========================================
Removed F:
========================================


New device connected at 5.2.2009 15:29:01

Scanning for connected USB mass storage...
----------------------------------------
F: {859e1d7e-e1a9-11dd-a3ab-001c25087f22}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 859e1d7e-e1a9-11dd-a3ab-001c25087f22
========================================

----------------------------------------

desktop.ini found on F:
----------------------------------------

Content of F:\MUSIC\Lily Allen\desktop.ini
----------------------------------------
[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://redir.metaservices.microsoft.com/redir/buynow/?providerName=AMG&albumID=61D63C59-1560-485B-87D2-22A916580ACC&a_id=R%20%201020486&album=Alright%2C%20Still&artistID=8D55CF5A-87F3-45AE-93AB-9C26D1390DB5&p_id=P%20%20%20816902&artist=Lily%20Allen&locale=409&geoid=f4&version=11.0.5721.5230&userlocale=81a
----------------------------------------

Files referenced from F:\MUSIC\Lily Allen\desktop.ini
----------------------------------------
None
----------------------------------------

========================================



New device connected at 5.2.2009 15:29:04

Scanning for connected USB mass storage...
----------------------------------------
G: {859e1d7f-e1a9-11dd-a3ab-001c25087f22}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
;bdncdehbbdrsxcqwxneainrwlyjxivytdlnvkvxquzpxcofmqkycqclmllmekfedet
shellexecute="RECYCLER\S-1-7-79-100019978-100032028-100023808-8009.com g:\"
;oldddnaxbocwdbriealsu
shell\Open\command="RECYCLER\S-1-7-79-100019978-100032028-100023808-8009.com g:\"
;egygscxteptwewwmsga
shell=Open
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 859e1d7f-e1a9-11dd-a3ab-001c25087f22
========================================

----------------------------------------

Desktop.ini on G: - None
----------------------------------------

========================================

========================================
Removed G:
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori USBNoRisk, prebaci se na tab Script i tu upisi sledece:


{859e1d7f-e1a9-11dd-a3ab-001c25087f22}
delete: %DRIVE%RECYCLER\S-1-7-79-100019978-100032028-100023808-8009.com
delete_blocked:

Sada prikljuci poslednji USB uredjaj koji si ubacivala prilikom gore navedene procedure i sacekaj da USBNoRisk obavi svoje.

Nakon toga idi na desni click, pa na Save log, i iskopiraj mi taj log ovde.