MyCity » Ambulanta -> Arhiva Ambulante » problem autorun.inf

problem autorun.inf

Napisano na dan: 29.9.2009

problem autorun.inf
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Sep 2009 18:54
Idi na vrh
offline
  • kraza  Male
  • Zaslužni građanin
  • Pridružio: 10 Okt 2006
  • Poruke: 588
  • Gde živiš: uz kompjuter

Napisano: 29 Sep 2009 18:51

Pozdrav svima!
Imam problem sa autorun.inf fajla, svaki put kada ubacim flesku u komp taj fajl se pojavi na njoj i onda nemogu da izvucem flesku sa sa safely remove hardware, prijavljuje da ne moze da iskljuci flesku jer je u nekom procesu, onda moram da restartujem komp pa tek onda.
Imam kaspersky 2009 i skenirao sam ceo komp i nije nasao ni jedan virus a kada sa njim skeniram flesku pojavljuje se Virus: P2P-Worm.Win32.Palevo.jsg i na delete nece da ga izbrise nego kada restartujem komp u toku logovanja iskoci mi prozor za brisanje virusa i tada ga obrise, formatiram flesku i tada je ok, ali cim opet gurnem flesku opet se javi autorun.inf
Skenirao sam komp i sa Ad-Aware 2007 i opet nista
Inace komp je XP SP2 AMD Athlon 1700Mhz, SBB kablovski internet 1.5Mb/s


DDS (Ver_09-09-29.01) - NTFSx86
Run by Kraza yo at 18:09:23.29 on Tue 09/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.286 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programi\Clock Tray Skins\ClockTraySkins.exe
D:\Programi\Ram Saver pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\YzToolBar\yztbr103\YzToolBar.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Programi\Firefox\firefox.exe
C:\Documents and Settings\Kraza yo\Desktop\dds.pif

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 221.130.193.14:8080
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-5813555057-7151793982-903390340-1531\nissan.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SkinClock] d:\programi\clock tray skins\ClockTraySkins.exe
uRun: [RAMSaverPro] d:\programi\ram saver pro\ramsaverpro.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ToolBar icon can be changed.] d:\programi\yztoolbar\yztbr103\YzToolBar.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Vistadrv] c:\windows\vipv3\viphd\vsdrv.exe
mRun: [iKeyWorks] c:\progra~1\a4tech\keyboard\Ikeymain.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233196352562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233372121937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: cru629.dat,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\krazay~1\applic~1\mozilla\firefox\profiles\38o9145m.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=uDXhiMlE5fOuFQCCq1Is.w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\programi\opera\program\plugins\np_gp.dll
FF - plugin: d:\programi\opera\program\plugins\npdsplay.dll
FF - plugin: d:\programi\opera\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programi\opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programi\opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programi\real player\netscape6\nppl3260.dll
FF - plugin: d:\programi\real player\netscape6\nprjplug.dll
FF - plugin: d:\programi\real player\netscape6\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\programi\firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-9-9 226832]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2009-5-12 53760]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-19 27632]
R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2009-1-29 476672]
R3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [2009-1-29 260224]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 aawservice;Ad-Aware 2007 Service;d:\programi\ad-aware 2007\aawservice.exe [2007-10-29 587096]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2009-1-30 11648]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys --> c:\windows\system32\drivers\klmouflt.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-19 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-19 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-19 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-19 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-19 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-19 115752]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-7-24 2560]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-25 19:51 <DIR> --d----- c:\docume~1\krazay~1\applic~1\GARMIN
2009-09-24 05:07 162,816 a------- c:\windows\system32\fmod.dll
2009-09-21 03:09 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-09-20 23:22 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-09-20 23:22 12,800 -------- c:\windows\system32\drivers\usb8023x.sys
2009-09-19 19:40 27,632 a------- c:\windows\system32\drivers\seehcri.sys
2009-09-19 19:39 115,752 a------- c:\windows\system32\drivers\s0016unic.sys
2009-09-19 19:39 114,216 a------- c:\windows\system32\drivers\s0016mgmt.sys
2009-09-19 19:39 10,792 a------- c:\windows\system32\drivers\s0016cr.sys
2009-09-19 19:39 120,744 a------- c:\windows\system32\drivers\s0016mdm.sys
2009-09-19 19:39 110,632 a------- c:\windows\system32\drivers\s0016obex.sys
2009-09-19 19:39 25,512 a------- c:\windows\system32\drivers\s0016nd5.sys
2009-09-19 19:39 15,016 a------- c:\windows\system32\drivers\s0016mdfl.sys
2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016cmnt.sys
2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016cm.sys
2009-09-19 19:39 89,256 a------- c:\windows\system32\drivers\s0016bus.sys
2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016whnt.sys
2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016wh.sys
2009-09-19 02:47 3,245 a------- c:\windows\system32\wbem\Outlook_01ca38c2c2a5544a.mof
2009-09-19 00:40 <DIR> --d----- c:\docume~1\krazay~1\applic~1\ViquaSoft
2009-09-16 01:03 <DIR> --d----- c:\docume~1\krazay~1\applic~1\Dress Up Rush TAC CM
2009-09-16 00:07 <DIR> --d----- c:\program files\temp
2009-09-12 23:11 <DIR> --d----- c:\docume~1\krazay~1\applic~1\BeachPartyCraze
2009-09-09 17:18 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-09-09 17:18 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-09-09 17:17 5,759,520 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-09 17:17 499,744 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-09 17:17 50,268 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-09 17:17 6,980 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-09-09 17:17 <DIR> --d----- c:\program files\Kaspersky Lab
2009-09-09 01:15 18,794 a------- c:\windows\system32\ypev.sys
2009-09-09 01:15 17,972 a------- c:\windows\xyfe.dat
2009-09-09 01:15 15,782 a------- c:\windows\system32\niwe.bat
2009-09-09 01:15 15,154 a------- c:\windows\ijudu.lib
2009-09-09 01:15 14,727 a------- c:\windows\secyruzimi.vbs
2009-09-09 01:15 14,182 a------- c:\windows\system32\gujafusit.scr
2009-09-09 01:15 12,833 a------- c:\windows\unodaneva.sys
2009-09-09 01:15 12,269 a------- c:\program files\common files\wykotidyp.dll
2009-09-09 01:15 11,442 a------- c:\windows\vepudupu.bin
2009-09-09 01:15 10,091 a------- c:\docume~1\krazay~1\applic~1\wiwusupawo.pif
2009-09-08 22:31 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-07 00:09 <DIR> --d----- c:\windows\system32\Plugins
2009-09-07 00:09 <DIR> --d----- c:\windows\system32\ocr
2009-09-07 00:09 <DIR> --d----- c:\windows\system32\Data
2009-09-04 19:03 151,050 ----h--- C:\treeinfo.wc
2009-09-04 01:22 <DIR> --d----- c:\docume~1\krazay~1\applic~1\blg
2009-09-04 01:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\blg
2009-09-03 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-09-03 05:26 <DIR> --d----- c:\program files\common files\xing shared
2009-09-03 05:25 <DIR> --d----- c:\program files\common files\Real

==================== Find3M ====================

2009-09-09 17:37 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-09-05 02:03 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-03 05:25 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-24 17:54 48,640 a------- c:\windows\mmfs.dll
2009-07-24 17:54 2,560 a------- c:\windows\Runservice.exe
2009-07-10 22:39 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-06-16 01:08 87,608 a------- c:\docume~1\krazay~1\applic~1\inst.exe
2009-06-16 01:08 47,360 a------- c:\docume~1\krazay~1\applic~1\pcouffin.sys
2002-07-01 16:13 224 a--sh--- c:\docume~1\krazay~1\applic~1\maildriver32.dat
2005-06-22 07:37 45,568 a--shr-- c:\windows\system32\cygz.dll

============= FINISH: 18:10:14.59 ===============

https://www.mycity.rs/must-login.png

Dopuna: 29 Sep 2009 18:54

Molim vas za pomoc ako je moguca
Unapred hvala!
https://www.mycity.rs/must-login.png

Poslao: 29 Sep 2009 20:03
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav krazo.. uradi sledece :

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 29 Sep 2009 21:42
Idi na vrh
offline
  • kraza  Male
  • Zaslužni građanin
  • Pridružio: 10 Okt 2006
  • Poruke: 588
  • Gde živiš: uz kompjuter

Napisano: 29 Sep 2009 21:23

evo drugar

ComboFix 09-09-28.01 - Kraza yo 09/29/2009 21:04.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.459 [GMT 2:00]
Running from: c:\documents and settings\Kraza yo\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kraza yo\Application Data\inst.exe
c:\documents and settings\Kraza yo\Application Data\wiwusupawo.pif
c:\documents and settings\Kraza yo\Cookies\ahyxuk.reg
c:\documents and settings\Kraza yo\Cookies\jitypa.vbs
c:\documents and settings\Kraza yo\Cookies\pite.sys
c:\documents and settings\Kraza yo\Cookies\ylesazof.dat
c:\documents and settings\Kraza yo\Local Settings\Application Data\iredacijug.sys
c:\documents and settings\Kraza yo\Local Settings\Application Data\pacuranywo.dl
c:\documents and settings\Kraza yo\Local Settings\Application Data\voxixivy.reg
c:\documents and settings\Kraza yo\Local Settings\Application Data\yxon.scr
c:\program files\Common Files\wykotidyp.dll
c:\recycler\S-1-5-21-3556411021-0126197081-355577831-5008
c:\recycler\S-1-5-21-5813555057-7151793982-903390340-1531
c:\recycler\S-1-5-21-5813555057-7151793982-903390340-1531\Desktop.ini
c:\recycler\S-1-5-21-5813555057-7151793982-903390340-1531\nissan.exe
c:\recycler\S-1-5-21-8583073009-5762081904-861684205-6723
c:\windows\Installer\35044.msi
c:\windows\notepad.tmp2
c:\windows\secyruzimi.vbs
c:\windows\system32\dllcache\notepad.tmp2
c:\windows\system32\gujafusit.scr
c:\windows\system32\niwe.bat
c:\windows\system32\notepad.tmp2
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gameblog.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\linkbank.dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\mirrorit.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\shareprotect.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll
c:\windows\system32\tmp93.tmp
c:\windows\system32\tmp94.tmp
c:\windows\system32\ypev.sys
c:\windows\unodaneva.sys
c:\windows\vepudupu.bin

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 18:26 . 2009-09-29 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER
2009-09-29 18:23 . 2009-09-29 18:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-25 17:51 . 2009-09-25 17:51 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\GARMIN
2009-09-24 03:07 . 2009-09-28 01:22 162816 ----a-w- c:\windows\system32\fmod.dll
2009-09-21 01:09 . 2009-09-28 01:06 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-20 21:22 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-09-20 21:22 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2009-09-19 17:40 . 2008-01-09 09:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-09-19 17:39 . 2008-05-16 10:33 115752 ----a-w- c:\windows\system32\drivers\s0016unic.sys
2009-09-19 17:39 . 2008-05-16 10:33 114216 ----a-w- c:\windows\system32\drivers\s0016mgmt.sys
2009-09-19 17:39 . 2008-05-16 10:33 10792 ----a-w- c:\windows\system32\drivers\s0016cr.sys
2009-09-19 17:39 . 2008-05-16 10:33 25512 ----a-w- c:\windows\system32\drivers\s0016nd5.sys
2009-09-19 17:39 . 2008-05-16 10:33 15016 ----a-w- c:\windows\system32\drivers\s0016mdfl.sys
2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016cmnt.sys
2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016cm.sys
2009-09-19 17:39 . 2008-05-16 10:33 120744 ----a-w- c:\windows\system32\drivers\s0016mdm.sys
2009-09-19 17:39 . 2008-05-16 10:33 110632 ----a-w- c:\windows\system32\drivers\s0016obex.sys
2009-09-19 17:39 . 2008-05-16 10:33 89256 ----a-w- c:\windows\system32\drivers\s0016bus.sys
2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016whnt.sys
2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016wh.sys
2009-09-18 22:40 . 2009-09-18 22:40 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\ViquaSoft
2009-09-15 23:03 . 2009-09-15 23:03 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\Dress Up Rush TAC CM
2009-09-15 22:07 . 2009-09-16 13:53 -------- d-----w- c:\program files\temp
2009-09-12 21:11 . 2009-09-14 19:59 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\BeachPartyCraze
2009-09-10 17:09 . 2009-09-10 17:09 -------- d-----w- c:\documents and settings\Kraza yo\Local Settings\Application Data\Identities
2009-09-09 15:18 . 2009-09-25 17:05 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-09 15:18 . 2009-09-25 17:05 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-09 15:17 . 2009-09-29 19:11 5759520 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-09 15:17 . 2009-09-29 19:11 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-09 15:17 . 2009-09-09 15:17 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-08 23:15 . 2009-09-08 23:15 17972 ----a-w- c:\windows\xyfe.dat
2009-09-08 20:31 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-06 22:09 . 2009-09-06 22:09 -------- d-----w- c:\windows\system32\Data
2009-09-06 22:09 . 2009-09-06 22:09 -------- d-----w- c:\windows\system32\ocr
2009-09-03 23:22 . 2009-09-03 23:22 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\blg
2009-09-03 23:22 . 2009-09-03 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-09-03 20:18 . 2009-09-03 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-09-03 03:26 . 2009-09-03 03:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-03 03:25 . 2009-09-03 03:26 -------- d-----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 19:12 . 2009-01-28 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 19:11 . 2009-09-09 15:17 7064 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-29 19:11 . 2009-09-09 15:17 50268 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-29 18:47 . 2009-08-14 19:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-29 18:47 . 2009-01-29 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-27 19:38 . 2009-01-29 00:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-27 15:07 . 2009-01-30 01:22 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\MyPhoneExplorer
2009-09-24 19:58 . 2009-01-29 23:39 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\Skype
2009-09-24 19:58 . 2009-01-29 23:45 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\skypePM
2009-09-23 20:50 . 2009-02-11 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-09-21 00:50 . 2009-05-12 01:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-19 17:56 . 2009-01-28 22:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 17:57 . 2009-08-27 01:06 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\PlayFirst
2009-09-18 17:57 . 2009-08-27 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-09 15:37 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-08 23:32 . 2009-07-24 15:54 1353 --sha-w- c:\windows\system32\mmf.sys
2009-09-05 00:03 . 2009-08-14 19:37 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-03 20:09 . 2009-01-30 01:44 -------- d-----w- c:\program files\IncrediMail
2009-09-03 03:25 . 2009-01-29 01:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-27 01:15 . 2009-08-27 01:15 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\ERS G-Studio
2009-08-27 01:04 . 2009-08-27 01:04 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\PoBros
2009-08-27 01:04 . 2009-08-27 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2009-08-27 00:30 . 2009-08-27 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-08-25 17:00 . 2009-08-25 17:00 -------- d--h--r- c:\documents and settings\Kraza yo\Application Data\SecuROM
2009-08-24 15:54 . 2009-08-24 15:54 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\ABBYY
2009-08-24 15:47 . 2009-08-24 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2009-08-21 17:18 . 2009-08-21 17:08 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\SuperMP3Download
2009-08-21 17:18 . 2009-08-21 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2009-08-14 19:26 . 2009-02-11 20:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-11 20:53 . 2009-01-30 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-07-24 15:54 . 2009-07-24 15:54 48640 ----a-w- c:\windows\mmfs.dll
2009-07-24 15:54 . 2009-07-24 15:54 2560 ----a-w- c:\windows\Runservice.exe
2009-07-10 20:39 . 2009-01-29 18:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.

------- Sigcheck -------


[-] 2008-10-17 . 1FA0C7D29F15A931F0198A8D214A2A6D . 3802112 . . [7.00.6000.16762] . . c:\windows\system32\mshtml.dll
[-] 2008-10-17 . 1FA0C7D29F15A931F0198A8D214A2A6D . 3802112 . . [7.00.6000.16762] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-10-17 . 1FA0C7D29F15A931F0198A8D214A2A6D . 3802112 . . [7.00.6000.16762] . . c:\windows\VIPv3\resources\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2004-08-03 . CDAE6C4376E296E63AC23AA6F43DB5AF . 3380224 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\VIPv3\backup\mshtml.dll

[7] 2006-10-30 . 29664B5A66F187790006014F87ADCCDF . 2182016 . . [5.1.2600.3023] . . c:\windows\$hf_mig$\KB896256\SP2QFE\ntoskrnl.exe
[-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\VIPv3\resources\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\VIPv3\backup\ntoskrnl.exe

[-] 2008-10-16 . 0FB0036ACEA470CC670C4919FE53007F . 78360 . . [7.2.6001.788] . . c:\windows\system32\wuauclt.exe
[-] 2008-10-16 . 0FB0036ACEA470CC670C4919FE53007F . 78360 . . [7.2.6001.788] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-10-16 . 0FB0036ACEA470CC670C4919FE53007F . 78360 . . [7.2.6001.788] . . c:\windows\VIPv3\resources\wuauclt.exe
[7] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\VIPv3\backup\wuauclt.exe

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 9EC826F53E508B488DB5EBC101DBA7DE . 1403904 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 9EC826F53E508B488DB5EBC101DBA7DE . 1403904 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 9EC826F53E508B488DB5EBC101DBA7DE . 1403904 . . [6.00.2900.3156] . . c:\windows\VIPv3\resources\explorer.exe
[-] 2004-08-03 . DD0875A1F0B34140501AA4D0D365D694 . 1402880 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\VIPv3\backup\explorer.exe

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="d:\programi\Clock Tray Skins\ClockTraySkins.exe" [2009-01-29 1336576]
"RAMSaverPro"="d:\programi\Ram Saver pro\ramsaverpro.exe" [2007-10-09 155168]
"ToolBar icon can be changed."="d:\programi\YzToolBar\yztbr103\YzToolBar.exe" [2002-09-29 90112]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\windows\VIPv3\VIPhd\vsdrv.exe" [2006-07-30 121089]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-09-09 208616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-20 21:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pgdfgsvc C 1\0autocheck autochk *lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^Kraza yo^Start Menu^Programs^Startup^nero.bat.lnk]
backup=c:\windows\pss\nero.bat.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kraza yo^Start Menu^Programs^Startup^winword.exe.lnk]
backup=c:\windows\pss\winword.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conflict Zone
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallShieldSetup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"npggsvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [5/12/2009 5:16 PM 53760]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/19/2009 7:40 PM 27632]
R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [1/29/2009 12:42 AM 476672]
R3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [1/29/2009 12:42 AM 260224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [1/30/2009 3:35 AM 11648]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys --> c:\windows\system32\DRIVERS\klmouflt.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [9/19/2009 7:39 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [9/19/2009 7:39 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [9/19/2009 7:39 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [9/19/2009 7:39 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [9/19/2009 7:39 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [9/19/2009 7:39 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [9/19/2009 7:39 PM 115752]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/24/2009 5:54 PM 2560]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 221.130.193.14:8080
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRman000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Kraza yo\Application Data\Mozilla\Firefox\Profiles\38o9145m.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=uDXhiMlE5fOuFQCCq1Is.w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programi\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programi\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programi\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programi\Real player\Netscape6\nppl3260.dll
FF - plugin: d:\programi\Real player\Netscape6\nprjplug.dll
FF - plugin: d:\programi\Real player\Netscape6\nprpjplug.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 21:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\B7F5EA513569EA3E98352E3A3D1D6A3D]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,a6,93,a9,25,23,fb,66,
2c,77,d8,5d,6a,fe,59,6e,ef
"2"=hex:84,e0,11,4a,54,77,0e,d0
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:58,eb,3b,8d,af,31,32,62,22,1b,23,79,6d,f4,12,c1,db,b4,20,3e,7f,80,2a,
0f,6a,a6,22,9f,10,4c,a5,77,df,44,a4,37,10,4b,bc,75,d7,98,0e,82,a4,8d,85,b3,\
"8"=hex:9e,e4,09,10,dc,f9,e0,bb,ad,b1,2f,7a,0c,bd,eb,cb,16,07,a3,ce,58,38,16,
20,ec,4a,22,77,1a,4f,40,02,e9,7e,a8,01,fd,48,a7,67
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1108-)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(2860)
d:\programi\YzToolBar\yztbr103\YzToolBar.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\A4Tech\Keyboard\Ikeymain.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-09-29 21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 19:15

Pre-Run: 11,133,489,152 bytes free
Post-Run: 11,192,516,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=ZFCA87 /Kernel=TUKernel.exe

404

Dopuna: 29 Sep 2009 21:42

Diarno mislim da je sada sve u redu, nekoliko puta sam ubacio flesku i ne pojavljuje se vise autorun.inf
ako je to sve sto treba da uradim, ja ti se onda zahvaljujem iz sveg srca na pomoci!
Pozdrav drugar i hvala ti!

Poslao: 30 Sep 2009 00:11
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

to bi bilo to...jos samo ovo uradi


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

pozzz

MyCity » Ambulanta -> Arhiva Ambulante » problem autorun.inf

Ko je trenutno na forumu
 

Ukupno su 500 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 496 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Litostroton, MikeHammer, mrav pesadinac, sasa76