Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:51 AM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\-Bajt\Desktop\blabla.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.a013...tulation_spyhunter_scanner.php
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3070 bytes

A ovo je sa COMBOFIX-a:
_________________________________



ComboFix 09-04-04.01 - -Bajt 2009-04-10 12:02:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2511 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bo1dhu.bat
c:\windows\system32\aajehubl.ini
c:\windows\Tasks\lkhumjsx.job
D:\2.bat
D:\bo1dhu.bat
D:\dbrxubcw.com
D:\resycled
D:\uxkl0apt.bat
D:\yh.cmd
E:\2.bat
E:\bo1dhu.bat
E:\uxkl0apt.bat
E:\yh.cmd
F:\bo1dhu.bat
G:\2.bat
G:\bo1dhu.bat
G:\dbrxubcw.com
G:\resycled
G:\uxkl0apt.bat
G:\yh.cmd
H:\2.bat
H:\bo1dhu.bat
H:\dbrxubcw.com
H:\resycled
H:\uxkl0apt.bat
H:\yh.cmd
I:\2.bat
I:\bo1dhu.bat
I:\uxkl0apt.bat
I:\yh.cmd
J:\2.bat
J:\bo1dhu.bat
J:\uxkl0apt.bat
J:\yh.cmd
K:\2.bat
K:\bo1dhu.bat
K:\uxkl0apt.bat
K:\yh.cmd
L:\2.bat
L:\bo1dhu.bat
L:\uxkl0apt.bat
L:\yh.cmd

.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:33 . 2009-04-10 10:52 <DIR> d-------- c:\program files\Anti Trojan Elite
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-10 09:19 . 2009-04-09 22:52 110,321 --a------ c:\windows\system32\olhrwef.exe.vir
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-09 23:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-09 23:09 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 08:17 55 ----a-w C:\autorun.inf.vir
2009-04-10 07:19 --------- d-----w c:\program files\Enigma Software Group
2009-04-09 21:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:31 --------- d-----w c:\program files\Adobe Media Player
2009-04-09 21:30 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\program files\QuickTime
2009-04-09 21:10 --------- d-----w c:\program files\Apple Software Update
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 21:05 --------- d-----w c:\program files\Winamp
2009-04-09 20:52 110,321 --sh--r C:\1ogf.exe
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2009-01-02 389120]
"SW24"="c:\windows\system32\sw24.exe" [2009-01-02 139264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 364544]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\sw20.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter3.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qkhjpn.sys --> c:\windows\system32\drivers\qkhjpn.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99999aac-2553-11de-ab30-806d6172696f}]
\Shell\AutoRun\command - M:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 12:03:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-10 12:04:02
ComboFix-quarantined-files.txt 2009-04-10 10:04:00

Pre-Run: 40,498,290,688 bytes free
Post-Run: 40,809,775,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

176

Pozdrav Djordje,
Naravno da mozes i ti, samo bih te molio da sledeci put NE PUSTAS na svoju ruku ComboFix. Sad cu da pogledam log, pa da ti napisem sta da radis u sledecoj poruci

Opet iskljuci svu zastitu koju imas. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

_{[Ovu poruku je menjao Nemanja Živanović dana 10.04.2009. u 19:46 GMT+1]}

ComboFix 09-04-04.01 - -Bajt 2009-04-10 17:56:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2585 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\-Bajt\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\1ogf.exe
C:\autorun.inf.vir
c:\windows\system32\drivers\qkhjpn.sys
c:\windows\system32\olhrwef.exe.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1ogf.exe
C:\autorun.inf.vir
c:\windows\system32\olhrwef.exe.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-10 16:04 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-10 17:54 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 14:36 69 --a------ c:\windows\NeroDigital.ini
2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:33 . 2009-04-10 10:52 <DIR> d-------- c:\program files\Anti Trojan Elite
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-09 23:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-09 23:09 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 07:19 --------- d-----w c:\program files\Enigma Software Group
2009-04-09 21:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:31 --------- d-----w c:\program files\Adobe Media Player
2009-04-09 21:30 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\program files\QuickTime
2009-04-09 21:10 --------- d-----w c:\program files\Apple Software Update
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 21:05 --------- d-----w c:\program files\Winamp
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_12.03.31.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 12:58:04 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2004-08-03 21:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-04-10 15:58:40 16,384 ----atw c:\windows\temp\Perflib_Perfdata_56c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2009-01-02 389120]
"SW24"="c:\windows\system32\sw24.exe" [2009-01-02 139264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 364544]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\sw20.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter3.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5166c978-25ce-11de-91c9-0013d311484b}]
\Shell\AutOPlAy\CommanD - N:\wjtexs.exe
\Shell\AutoRun\command - N:\wjtexs.exe
\Shell\expLore\COmMand - N:\wjtexs.exe
\Shell\OpEN\COmmand - N:\wjtexs.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 17:58:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2009-04-10 18:00:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 16:00:02
ComboFix2.txt 2009-04-10 10:04:03

Pre-Run: 40,166,346,752 bytes free
Post-Run: 40,059,277,312 bytes free

171

Da li si ubacivao si neki flash izmedju ova dva izvestaja? Ako jesi zarazen je. Nemoj da ga ubacujes dok ne zavrsimo, posle cu ti datu upustvo da ga ocistis. Opet iskljuci svu zastitu koju imas. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

_{[Ovu poruku je menjao Nemanja Živanović dana 10.04.2009. u 19:46 GMT+1]}

ComboFix 09-04-04.01 - -Bajt 2009-04-10 18:35:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2593 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\-Bajt\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-10 16:04 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-10 17:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 14:36 69 --a------ c:\windows\NeroDigital.ini
2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:33 . 2009-04-10 10:52 <DIR> d-------- c:\program files\Anti Trojan Elite
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-09 23:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-09 23:09 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 07:19 --------- d-----w c:\program files\Enigma Software Group
2009-04-09 21:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:31 --------- d-----w c:\program files\Adobe Media Player
2009-04-09 21:30 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\program files\QuickTime
2009-04-09 21:10 --------- d-----w c:\program files\Apple Software Update
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 21:05 --------- d-----w c:\program files\Winamp
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_12.03.31.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 12:58:04 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2004-08-03 21:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2009-01-02 389120]
"SW24"="c:\windows\system32\sw24.exe" [2009-01-02 139264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 364544]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\sw20.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter3.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 18:35:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-10 18:36:36
ComboFix-quarantined-files.txt 2009-04-10 16:36:34
ComboFix2.txt 2009-04-10 16:00:05
ComboFix3.txt 2009-04-10 10:04:03

Pre-Run: 40,071,774,208 bytes free
Post-Run: 40,059,076,608 bytes free

140



_________________
Ok. Nisam bio kuci, moguce da je neko ubacivao flash. Vise nece ;). Cekam dalje instrukcije....

Pokreni HijackThis, klikni na "Do a system scan only". Pronadji sledecu liniju, oznaci je i pritisni Fix Checked:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Posle toga ponovo skeniraj sa HijackThis-om i postavi izvestaj.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:26 PM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\-Bajt\Desktop\blabla.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.a013...tulation_spyhunter_scanner.php
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3863 bytes

Opet iskljuci svu zastitu koju imas. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

_{[Ovu poruku je menjao Nemanja Živanović dana 10.04.2009. u 19:46 GMT+1]}

Kazi mi na koji nacin da iskljucim zastitu ? ! Desni taster, my computer ? I + antivirus da iskljucim, jel pod iskljucivanjem zastite to podrazumevas ? :)

ComboFix 09-04-04.01 - -Bajt 2009-04-10 19:26:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2591 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\-Bajt\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5


((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-10 16:04 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-10 19:28 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 14:36 69 --a------ c:\windows\NeroDigital.ini
2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:33 . 2009-04-10 10:52 <DIR> d-------- c:\program files\Anti Trojan Elite
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-10 19:00 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-09 23:09 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-10 07:19 --------- d-----w c:\program files\Enigma Software Group
2009-04-09 21:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:31 --------- d-----w c:\program files\Adobe Media Player
2009-04-09 21:30 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\program files\QuickTime
2009-04-09 21:10 --------- d-----w c:\program files\Apple Software Update
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 21:05 --------- d-----w c:\program files\Winamp
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_12.03.31.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 12:58:04 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2004-08-03 21:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-04-10 17:28:19 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2009-01-02 389120]
"SW24"="c:\windows\system32\sw24.exe" [2009-01-02 139264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 364544]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\sw20.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter3.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qkhjpn.sys --> c:\windows\system32\drivers\qkhjpn.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 19:28:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-10 19:29:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 17:29:39
ComboFix2.txt 2009-04-10 16:36:37
ComboFix3.txt 2009-04-10 16:00:05
ComboFix4.txt 2009-04-10 10:04:03

Pre-Run: 39,549,247,488 bytes free
Post-Run: 39,483,949,056 bytes free

151

Cekaj, ti nemas antivirus? Zasto? Pod hitno instaliraj neki antivirus (mozes za pocetak neki besplatni - izaberi samo jedan od ova 3):

Avast: http://www.avast.com/eng/download-avast-home.html
Avira: http://www.free-av.com/en/download/index.html
AVG: http://free.avg.com/download-avg-anti-virus-free-edition

I ove programe pobrisi sa racunara:
Anti Trojan Elite
TrojanHunter 5.0
SpyHunter

Pa se onda javi.

Nema ih u ADD REMOVE PROGRAMS ! Obrisao sam SpyHunter. Ove sam danas obrisao.... Sad ih nema u ADD/Remove P... ??

A u kompu imam Malwarebytes, a sad cu i da instaliram Avast.

Ok, samo nastavi. Ako nisi jos instalirao Antivirus uradi ovo. Ako si instalirao Antivirus iskljuci ga pa nastavi. Ako ne znas kako se iskljucuje reci koji si Antivirus instalirao da ti objasnim. Imaj na umu da NE SMES da nastavis dalje, ako imas ukljucen i aktivan Antivirus.

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Pa imam Malwarebytes ! ! ??

Samo njega... i naravno, iskljucio sam ga ! On cak i nije neki antivirus....

Ostavi Malwarebytes` Antimalware. On je dobar, ali pored njega moras instalirati neki Antivirus. Hajde prvo pusti onu skriptu koju sam ti dao i postavi izvestaj. Da li si instalirao neki od ona 3 antivirusa koja sam ti predlozio?

Evo skripte....

ComboFix 09-04-04.01 - -Bajt 2009-04-10 19:46:53.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2661 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\-Bajt\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\qkhjpn.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-10 16:04 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-10 19:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 14:36 69 --a------ c:\windows\NeroDigital.ini
2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-10 19:00 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-09 23:09 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 17:40 --------- d-----w c:\program files\Enigma Software Group
2009-04-10 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:31 --------- d-----w c:\program files\Adobe Media Player
2009-04-09 21:30 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\program files\QuickTime
2009-04-09 21:10 --------- d-----w c:\program files\Apple Software Update
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 21:05 --------- d-----w c:\program files\Winamp
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_12.03.31.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 12:58:04 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2004-08-03 21:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-04-10 17:48:23 16,384 ----atw c:\windows\temp\Perflib_Perfdata_538.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2009-01-02 389120]
"SW24"="c:\windows\system32\sw24.exe" [2009-01-02 139264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 364544]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\sw20.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 19:48:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2009-04-10 19:49:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 17:49:37
ComboFix2.txt 2009-04-10 17:29:42
ComboFix3.txt 2009-04-10 16:36:37
ComboFix4.txt 2009-04-10 16:00:05
ComboFix5.txt 2009-04-10 17:46:42

Pre-Run: 39,533,035,520 bytes free
Post-Run: 39,500,132,352 bytes free

159



_____________________

Evo sad instaliram AVAST

Instaliraj Avast. Imas ovde detaljno upustvo sa slikama kroz instalaciju:

http://www.bleepingcomputer.com/tutorials/tutorial104.html

Samo pogledaj deo upustva za instalaciju, ostalo ti nije bitno. Posle instalacije, pristani da program restartuje racunar. Posle restartovanja pusti kompletno skeniranje racunara i postavimi izvestaj kad se to zavrsi.

Hm... Nikako nece da pokrene instalaciju. Skinuo sam nekoliko raznih verzija. Pocne malo, i odma se automatski iskljuci, ili nece ni da pocinje ! ! !
:@
Evo sad skidam sa zvanicnog sajta AVASTA. Pa da probam za 5 minuta.... Poludeo sam :)

Trebao si odmah za zvanicnog sajta. Ako ne moze da se instalira, probacemo neki drugi posle. Video sam da imas program Malwarebytes` Antimalware.

• Pokreni ga i izvrsi update (Update > Check for Updates) i po zavrsetku potvrdi sa OK
• Posle update-a odaberi Scanner, oznaci Perform full scan i pritisni Scan
• Kada se zavrsi skeniranje videces spisak pronadjenih "stetocina" u levom prozoru
• Proveri da li su svi pronadjeni fajlovi stiklirani i pritisni Remove Selected i potvrdi sa OK
• Program ce te upitati da restartujes racunar i ti to potvrdi
• Takodje posle ukljanjanje malware-a sa racunara dobices log fajl (izvestaj) koji ces iskopirati ovde

Ako ti MBAM nije u funkciji, unistalraj ga i instaliraj novu verziju → Link za preuzimanje.

Evo izvestaj Malwarebytes` Antimalware-a.

_{[Ovu poruku je menjao Nemanja Živanović dana 11.04.2009. u 18:18 GMT+1]}

Ugasi System Restore:

• Na Desktopu, desni klik na My Computer.
• Odaberi Properties.
• Odaberi System Restore tab.
• Stikliraj Turn off System Restore.
• Klikni na dugme Apply.
• Klikni na dugme OK.

********

Sada instaliraj neki od onih antivirusa, update-uj ga i pusti kompletno skeniranje svih particija. U sledecoj poruci postavi izvestaj koji dobijes na kraju skeniranja.

_{[Ovu poruku je menjao Nemanja Živanović dana 11.04.2009. u 11:02 GMT+1]}

Evo ovako, posto je mnogo velika skripta, pa ne mogu da je ovde iskopiram...
evo u Atach....

Pustio sam jos jednom da Avira skenira. Za sad ne trazi nista da brisem :)...

zz

Kao sto sam predpostavio - W32/Sality.AA. Preuzmi novu instalaciju ComboFix-a:

Iskljuci Aviru. Skini ComboFix na Desktop. Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva koja ti program zadaje. Kada se zavrsi proces skeniranja pojavice se izvestaj koji ces ovde iskopirati. Ako slucajno ugasis izvestaj on se nalazi na C:\ComboFix.txt.

Evo i Combofix log.....


ComboFix 09-04-04.01 - -Bajt 2009-04-11 18:19:07.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2502 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 15:15 . 2009-04-11 15:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 15:15 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 15:15 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-11 11:33 . 2009-04-11 11:33 <DIR> d-------- c:\program files\Real
2009-04-11 11:33 . 2009-04-11 11:47 <DIR> d-------- c:\documents and settings\-Bajt\Contacts
2009-04-11 11:32 . 2009-04-11 11:32 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-04-11 11:32 . 2009-04-11 15:12 <DIR> d-------- c:\program files\MSN Messenger
2009-04-11 10:48 . 2009-04-11 10:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Avira
2009-04-11 10:45 . 2009-04-11 10:45 <DIR> d-------- c:\program files\Avira
2009-04-11 10:45 . 2009-04-11 10:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-11 10:45 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft.NET
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Works
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-04-10 23:24 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Expression
2009-04-10 23:24 . 2009-04-10 23:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-10 23:23 . 2009-04-10 23:23 <DIR> dr-h----- C:\MSOCache
2009-04-10 22:50 . 2009-04-10 22:50 <DIR> d-------- c:\program files\Alwil Software
2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-11 17:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-11 18:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 23:52 116 --a------ c:\windows\NeroDigital.ini
2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-10 19:00 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-10 23:46 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 12:57 --------- d-----w c:\program files\Winamp
2009-04-11 12:57 --------- d-----w c:\program files\QuickTime
2009-04-11 11:37 --------- d-----w c:\program files\Apple Software Update
2009-04-10 17:40 --------- d-----w c:\program files\Enigma Software Group
2009-04-10 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_12.03.31.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 21:25:45 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-04-10 21:25:46 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-04-10 21:25:41 183,104 ----a-w c:\windows\assembly\GAC\Microsoft.Expression.Interop.WebDesigner\12.0.0.0__71e9bce111e9429c\Microsoft.Expression.Interop.WebDesigner.dll
+ 2009-04-10 21:25:41 1,989,448 ----a-w c:\windows\assembly\GAC\Microsoft.Expression.Interop.WebDesignerPage\12.0.0.0__71e9bce111e9429c\Microsoft.Expression.Interop.WebDesignerPage.dll
+ 2009-04-10 21:25:44 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-04-10 21:25:13 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2009-04-10 21:25:43 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-04-10 21:25:33 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-04-10 21:25:33 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-04-10 21:25:43 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2009-04-10 21:25:45 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2009-04-10 21:25:33 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-04-10 21:25:36 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-04-10 21:25:36 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-04-10 21:25:43 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-04-10 21:24:46 53,248 ----a-w c:\windows\assembly\GAC_32\WebDev.WebHost\8.0.0.0__b03f5f7f11d50a3a\WebDev.WebHost.dll
+ 2009-04-10 21:27:10 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\783f9001734087408c0ecb5606234920\Microsoft.VisualC.ni.dll
+ 2009-04-10 21:26:58 778,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\3ac652be369b41488c3294507e3d1cbe\Microsoft.Web.Authoring.ni.dll
+ 2009-04-10 21:27:29 1,560,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Desig#\c75f12d4d01c2240abefc015710cb52d\Microsoft.Web.Design.Client.ni.dll
+ 2009-04-10 21:27:19 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4a18ee53436fd74cb3ed7fc188ebf6be\System.Configuration.Install.ni.dll
+ 2009-04-10 21:27:23 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7c3ec0bde1dbdd4b8dc0da29499ae5f4\System.Data.OracleClient.ni.dll
+ 2009-04-10 21:27:10 2,703,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\645ba35aa640a94181ecc0856c2d8ff1\System.Data.SqlXml.ni.dll
+ 2009-04-10 21:27:15 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f219b676e04e2e4099a18325eb9f9f97\System.Runtime.Remoting.ni.dll
+ 2009-04-10 21:27:19 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9dad7d5a6b31fb46a2f83cd2a757fbe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-04-10 21:27:18 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\4c2afca607e16242a4bf605b0685d4c1\System.ServiceProcess.ni.dll
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 12:58:04 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-04-11 13:12:04 29,926 ----a-r c:\windows\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2009-04-10 21:26:00 20,240 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-10 21:26:00 217,864 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-10 21:26:00 18,704 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-10 21:26:00 35,088 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-10 21:24:15 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2006-10-26 11:45:04 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE
- 2009-04-09 20:34:22 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-04-11 08:32:16 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
- 2009-04-09 20:34:20 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-04-11 08:34:35 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-04-09 20:34:22 2,112 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-04-11 08:34:35 2,722 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-13 09:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2009-02-13 09:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2009-02-13 12:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2009-02-13 09:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2004-08-03 21:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
+ 2006-10-26 12:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2006-10-26 12:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
- 2009-04-09 21:39:41 1,974,880 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-11 08:23:06 2,011,792 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-10-26 11:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
+ 2006-07-24 08:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2006-07-24 08:50:40 39,728 ----a-w c:\windows\system32\SCP32.DLL
+ 2007-01-19 10:53:04 51,056 ----a-w c:\windows\system32\sirenacm.dll
+ 2006-07-24 08:50:40 47,920 ----a-w c:\windows\system32\VBAME.DLL
+ 2006-10-26 11:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 11:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-06-05 12:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-10-26 11:40:36 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 11:40:36 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 11:40:36 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 11:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 11:40:36 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 11:40:36 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 11:40:36 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 11:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 11:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 11:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 11:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 11:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 11:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2008-07-29 06:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 01:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 06:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 06:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 04:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 06:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2007-11-07 00:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-11 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-11 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-04-11 432897]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qkhjpn.sys --> c:\windows\system32\drivers\qkhjpn.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - USNJSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-SW20 - c:\windows\system32\sw20.exe
MSConfigStartUp-SW24 - c:\windows\system32\sw24.exe


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 18:20:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-04-11 18:21:09
ComboFix-quarantined-files.txt 2009-04-11 16:21:07
ComboFix2.txt 2009-04-10 17:49:40
ComboFix3.txt 2009-04-10 17:29:42
ComboFix4.txt 2009-04-10 16:36:37
ComboFix5.txt 2009-04-11 16:18:54

Pre-Run: 36,737,331,200 bytes free
Post-Run: 36,823,584,768 bytes free

254

Opet iskljuci Aviru. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Taman cu sa ovom skriptom da ti obrisem ostatke TrohjanHunter-a i Trojan Remover-a.

_{[Ovu poruku je menjao Nemanja Živanović dana 12.04.2009. u 01:14 GMT+1]}

ComboFix 09-04-04.01 - -Bajt 2009-04-11 18:38:43.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2479 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\-Bajt\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\Anti Trojan Elite\ATEPMon.sys
c:\windows\system32\drivers\qkhjpn.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\-Bajt\Application Data\Simply Super Software
c:\documents and settings\-Bajt\Application Data\Simply Super Software\Trojan Remover\cwe30.exe
c:\documents and settings\-Bajt\Application Data\TrojanHunter
c:\documents and settings\-Bajt\Application Data\TrojanHunter\TreeState.dat
c:\program files\TrojanHunter 5.0
c:\program files\TrojanHunter 5.0\IL.ini
c:\program files\TrojanHunter 5.0\Scan Reports\2009-04-10_1058.txt
c:\program files\TrojanHunter 5.0\Scan Reports\2009-04-10_1136.txt
c:\program files\TrojanHunter 5.0\THGuard.exe.BAK
c:\program files\TrojanHunter 5.0\TrojanHunter.exe.BAK

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATE_PROCMON
-------\Service_abp470n5
-------\Service_ATE_PROCMON


((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 15:15 . 2009-04-11 15:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 15:15 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 15:15 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-11 11:33 . 2009-04-11 11:33 <DIR> d-------- c:\program files\Real
2009-04-11 11:33 . 2009-04-11 11:47 <DIR> d-------- c:\documents and settings\-Bajt\Contacts
2009-04-11 11:32 . 2009-04-11 11:32 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-04-11 11:32 . 2009-04-11 15:12 <DIR> d-------- c:\program files\MSN Messenger
2009-04-11 10:48 . 2009-04-11 10:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Avira
2009-04-11 10:45 . 2009-04-11 10:45 <DIR> d-------- c:\program files\Avira
2009-04-11 10:45 . 2009-04-11 10:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-11 10:45 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft.NET
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Works
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-04-10 23:24 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Expression
2009-04-10 23:24 . 2009-04-10 23:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-10 23:23 . 2009-04-10 23:23 <DIR> dr-h----- C:\MSOCache
2009-04-10 22:50 . 2009-04-10 22:50 <DIR> d-------- c:\program files\Alwil Software
2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-11 17:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-11 18:41 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 23:52 116 --a------ c:\windows\NeroDigital.ini
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-10 19:00 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-10 23:46 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 12:57 --------- d-----w c:\program files\Winamp
2009-04-11 12:57 --------- d-----w c:\program files\QuickTime
2009-04-11 11:37 --------- d-----w c:\program files\Apple Software Update
2009-04-10 17:40 --------- d-----w c:\program files\Enigma Software Group
2009-04-10 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-11 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-11 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-04-11 432897]
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 18:41:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2009-04-11 18:42:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 16:42:12
ComboFix2.txt 2009-04-11 16:21:10
ComboFix3.txt 2009-04-10 17:49:40
ComboFix4.txt 2009-04-10 17:29:42
ComboFix5.txt 2009-04-11 16:38:31

Pre-Run: 36,833,083,392 bytes free
Post-Run: 36,861,435,904 bytes free

175

Odlicno. Sada je red da uninstaliramo ComboFix:

Otvori Start > Run i ukucaj combofix /u

Program ce se automatski uninstalirati. Nemoj zaboraviti da ukljucis svu zastitu, posto si je gasio zbog rada ovog programa.

====================================

Upustvo za gasenje Autoplay-a:

• Otvorite Start > Run > i ukucajte gpedit.msc
• Idite na User Configuration > Administrative Templates > System
• Kada ste kliknuli na System sad desne strane nadjite stavku Turn off Autoplay
• Kliknite dva puta na nju i u novom prozoru, koji se otvori, oznacite Enabled, a ispod te stavke pod Turn off Autoplay on: u padajucem meniju izaberite All drives i potvrdite sa OK
• Idite na Computer Configuration > Administrative Templates > System
• Kada ste kliknuli na System sad desne strane nadjite stavku Turn off Autoplay
• Kliknite dva puta na nju i u novom prozoru, koji se otvori, oznacite Enabled, a ispod te stavke pod Turn off Autoplay on: u padajucem meniju izaberite All drives i potvrdite sa OK
• Izadjite iz ovog prozora - File > Exit

Gasenjem Autoplay-a onemogucavas da se virusi automatski pokrenu sa flash-a ili CD-a i zaraze ti racunar. Gasenjem Autoplay-a znaci da ces kad ubacis CD/DVD ili USB trebati da ides u My Computer pa da ih odatle pokrenes, iscitas sadrzaj ili sta vec imas u planu.

Takodje pogledaj komentar kolege valjana u vezi dodatne zastite.

====================================

• Preuzmi program CCleaner
• Snimi ga na desktop i pokreni CCleaner.exe
• Po otvaranja programa sa leve strane odaberi Cleaner, proveri da li su sve stavke pod Windows i Applications stiklirane (osim Wipe Free Space) i pritisni Analyze
• Analiziranje fajlova moze potrajati par minuta
• Kad se analiza zavrsi na vrhu desnog prozora pisace ANALYSIS COMPLETE
• Sada pritisni Run Cleaner u donjem desnom uglu i sacekaj da se obavi brisanje fajlova (moze potrajati par minuta)
• Posle uspesnog ciscenja u desnom prozoru na vrhu pisace CLEANING COMPLETE
• Posle ciscenja fajlova, prelazimo na ciscenje Registry baze
• Odaberi sa leve strane Registry
• Pritisni Scan for issues i sacekaj da se skeniranje zavrsi
• Kada je zavrseno skeniranje pritisni Fix selected issues
• Ovara se novi prozor - odgovorite sa No
• Ovara se novi prozor - odgovorite sa Fix All Selected Issues i potvrdite sa Ok
• Kad se zavrsi brisanje u istom prozoru pisace zelenim slovima Issue Fixed i kliknite Close
• Ovo ciscenje Registry baze mozete uraditi nekoliko puta za redom, dok vam se ne pojavi No issues were found

====================================

Posto ovaj virus napada instalacije i exe fajlove preporucujem ti da sve programe koji ne rade obrises. Takodje, obrisi sve instalacije programa koje imas na diskovima. Moram da te upozorim, da postoji velika sansa da se ovaj virus opet vrati. Zato je dobro da uradis ovo sto sam ti napisao u poslednjih par recenica.

Pa.... Sve je ok. Nemanja hvala ti ! Ne postoje vise tragovi virusa... Sve radi, s tim sto sam morao da se odreknem velikog broja podataka, ali sta je tu je.
Nemanja hvala ti puno i ..... imas pivo ! ;)
Jos ga nisam dobro testirao, ali videcemo kkao radi, mada mislim da je sve ok.

Pozdrav !

Zarazio sam se virutom, i odlučio napraviti format celog hard diska. Sad me zanima jel virut inficira .iso, .avi, .mp3, .jpeg, i slične datoteke (muzika, slike, video) ili samo .exe datoteke? Tj, da li njih smem snimiti na dvd pa prebaciti ponovo na hd bez straha da će mi se virut vratiti preko tih dvd-ova?

Mogao si malo i da potražiš na netu...
Evo ti link za Win32/Virut info
http://www.avast.com/eng/win32-virut.html
Samo čisto da znaš, ima nekoliko vrsta tog virusa Virut Q, Virut A, pa ti vidi šta ti treba.

Koliko ja znam, Virut inficira samo ".exe" i ".scr".