Pokreni ponovo HijackThis, pritisni Do a system scan only, stikliraj sledece linije:

O2 - BHO: (no name) - {587A9124-BFBB-4A6E-8F36-9129F19F27E0} - C:\WINDOWS\system32\batmete.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/t...ts/menusearch.jhtml?p=ZUman000
O20 - Winlogon Notify: diskurl - C:\WINDOWS\Driver Cache\diskurl.dll (file missing)
O20 - Winlogon Notify: pmkjg - pmkjg.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Irena/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

Kada sve to stikliras pritisni Fix checked i potvrdi sa Ok. Restartuj racunar. Kada to uradis posatvi nov HijackThis log (kao onaj prvi sto si napravio). I napisi kakvo je stanje. Sta je tacno problem?

_{[Ovu poruku je menjao Nemanja Živanović dana 12.04.2009. u 18:06 GMT+1]}

ne prepoznaje mi uključeni stick u my computer-u, ono čuje se zvuk, i dolje se prikaže u taskbaru ona ikonica kao da je uključen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:27, on 12.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\BUG\SystemExplorer 1.2.1\SystemExplorer.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Irena\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {587A9124-BFBB-4A6E-8F36-9129F19F27E0} - C:\WINDOWS\system32\batmete.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - (no file)
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3804E2C-C67F-4E37-8B6A-E3400A317A5E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SystemExplorer] "C:\BUG\SystemExplorer 1.2.1\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Stavi na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Stavi na blog u Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - Unknown owner - C:\WINDOWS\system32\vmnetdhcp.exe (file missing)
O23 - Service: VMware NAT Service - Unknown owner - C:\WINDOWS\system32\vmnat.exe (file missing)

--
End of file - 8176 bytes

eto opet

Samo polako i bez panike, sve cemo srediti. Da li to imas dva antivirusa (AVG i Avast)? Uninstaliraj jedan od ta dva (Control Panel > Add/Remove Programs > pa ga nadji tu na spisku). I javi koji ti je ostao antivirus. Takodje obrisi Autorun Eater. Javi kad uradis to, da nastavimo dalje.

eto, deinstalirala avast i autorun eater

Evo ti za tvoj AVG upustvo:
• Pokreni AVG Control Center (dva puta klikni na ikonicu u donjem desnom uglu ekrana), dvoklikni na Resident Shield.
• U prozoru koji se otvori, destikliraj opciju Resident Shield active i klikni Save changes.

našla sam drugi link za skidanje pa mi uspjelo...evo:

"Irena" - 2009-04-12 20:50:17 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Program Files\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\setup.exe.tmp"


((((((((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 ))))))))))))))))))))))))))))))))))


2009-04-12 20:05 387,584 --a------ C:\WINDOWS\system32\CF15820.exe
2009-04-12 20:03 73,728 --a------ C:\pv.exe
2009-04-12 20:02 387,584 --a------ C:\WINDOWS\system32\CF15487.exe
2009-04-12 16:58 <DIR> d-------- C:\Program Files\Autorun Eater
2009-04-12 16:29 16,896 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2009-04-12 15:25 7,168 --a------ C:\WINDOWS\system32\drivers\bltrust.sys
2009-04-12 15:25 <DIR> d-------- C:\WINDOWS\system32\TrustNoExe
2009-04-10 18:59 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2009-03-14 22:40 410,984 --a------ C:\WINDOWS\system32\deploytk.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-04-12 10:18:34 31,616 ----a-w C:\WINDOWS\system32\drivers\Winjo60.sys
2009-03-09 11:37:13 -------- d-----w C:\Program Files\In Flames - Screensaver
2009-03-06 12:03:26 -------- d-----w C:\Program Files\Windows Live
2009-03-06 12:02:49 -------- d-----w C:\Program Files\Windows Live Toolbar
2009-03-06 12:02:21 -------- d-----w C:\Program Files\Microsoft Sync Framework
2009-03-06 12:01:13 -------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-06 11:57:52 -------- d-----w C:\Program Files\Windows Live SkyDrive
2009-03-06 11:46:24 -------- d-----w C:\Program Files\Common Files\Windows Live
2009-03-01 11:10:59 -------- d-----w C:\Program Files\OnLine Brojac v.7.0
2009-02-26 11:48:41 -------- d-----w C:\Program Files\Google
2009-02-25 19:10:50 -------- d-----w C:\DOCUME~1\Irena\APPLIC~1\Google
2009-02-25 19:00:03 -------- d-----w C:\Program Files\Windows Installer Clean Up
2009-02-25 18:59:54 -------- d-----w C:\Program Files\MSECACHE
2009-02-06 19:02:48 308,104 ----a-w C:\WINDOWS\WLXPGSS.SCR
2009-02-06 17:52:40 49,504 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-08-14 18:11:32 3,364,957 --sha-w C:\WINDOWS\system32\rsetup.exe
2008-02-08 20:45:21 2,026 --sha-r C:\WINDOWS\system32\udardn.dll
2008-02-08 20:45:17 84,968 --sha-r C:\WINDOWS\system32\hgmfjn.dll
2008-02-08 20:45:11 1,624 --sha-r C:\WINDOWS\system32\comqqcea.dll
2008-02-06 15:07:04 1,536 --sha-w C:\WINDOWS\page files\maxmeg.sys
2007-11-28 18:56:28 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-28 14:27:21 8 --sh--r C:\WINDOWS\system32\B83872C642.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 19:04]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}=C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 18:49]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 16:41]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 22:39]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}=C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 19:17]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}=C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 22:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-03-03 15:50]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-14 22:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"SystemExplorer"="C:\BUG\SystemExplorer 1.2.1\SystemExplorer.exe" [2007-12-23 20:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 19:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Winjo60.sys]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0767371f-87c7-11dc-9fa4-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0feda428-a7ec-11dc-9fdb-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0feda43d-a7ec-11dc-9fdb-00112faf3edf}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149d693a-ae4a-11dd-a209-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{330b1590-1b61-11dd-a0e0-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36acb84c-27f0-11dd-a0f1-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ae4188-7e43-11dc-9f95-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3940df15-f519-11dc-a097-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e32767-7be5-11dc-9f91-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5921229d-1e99-11dd-a0e4-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5df69683-210b-11dd-a0e7-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c19380e-1658-11de-a2cd-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e7c1658-25a7-11dd-a0ed-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bdc8b5a-e92c-11dc-a07e-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4f0299-1139-11dd-a0ca-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d1c72cc-3234-11dd-a100-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e99cb84-53ed-11dd-a13d-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d3dcf94-0ae6-11dd-a0bc-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17b9fde-00d4-11dd-a0ad-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4e03bf6-70fb-11dc-9488-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c53ce9ec-dee7-11dc-a05d-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96adf95-7735-11dc-9f88-00112faf3edf}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca877488-1201-11dd-a0cb-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb09fc1c-69e2-11dd-a180-00112faf3edf}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e43dc8-c5cf-11dc-a017-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4a0e08-af3d-11dd-a20b-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef90ae6e-9b57-11dc-9fc0-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fb6ff9-0aea-11dd-a0bd-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fb6ffa-0aea-11dd-a0bd-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 20:58:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UACd.sys]
"imagepath"="\systemroot\system32\drivers\UACyqomuwyl.sys"

Completion time: 2009-04-12 21:01:26
C:\ComboFix-quarantined-files.txt ... 2009-04-12 21:00

--- E O F ---

Postoje fajlovi koji mi nisu poznati, pa bih te zamolio da ispres ovo upustvo:

• Poseti sajt Jotti Online Malware Scan
• Iskopiraj sledecu liniju (plave boje) u belo polje za unos teksta (na vrhu strane, levo od Browse)

C:\WINDOWS\system32\CF15820.exe

• Pritisni Submit.
• Iskopiraj izvestaj u sledecu poruku.

Napomena: Ako je server/sajt prezauzet, probaj ovu alternativu:

• Poseti sajt Virus Total
• Iskopiraj sledecu liniju (plave boje) u belo polje za unos teksta (na sredini strane, levo od Browse)

C:\WINDOWS\system32\CF15820.exe

• Pritisni Send.
• Iskopiraj izvestaj u sledecu poruku.

Zatim to isto ponovi i za C:\WINDOWS\system32\CF15487.exe

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.12 -
AhnLab-V3 5.0.0.2 2009.04.12 -
AntiVir 7.9.0.138 2009.04.11 -
Antiy-AVL 2.0.3.1 2009.04.12 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.12 -
AVG 8.5.0.285 2009.04.12 -
BitDefender 7.2 2009.04.12 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.12 -
Comodo 1111 2009.04.12 -
DrWeb 4.44.0.09170 2009.04.12 -
eSafe 7.0.17.0 2009.04.12 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.12 -
Fortinet 3.117.0.0 2009.04.12 -
GData 19 2009.04.12 -
Ikarus T3.1.1.49.0 2009.04.12 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.12 -
McAfee 5582 2009.04.12 -
McAfee+Artemis 5582 2009.04.12 -
McAfee-GW-Edition 6.7.6 2009.04.11 -
Microsoft 1.4502 2009.04.12 -
NOD32 4002 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.12 -
Panda 10.0.0.14 2009.04.12 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.12 -
Rising 21.24.62.00 2009.04.12 -
Sophos 4.40.0 2009.04.12 -
Sunbelt 3.2.1858.2 2009.04.12 -
Symantec 1.4.4.12 2009.04.12 -
TheHacker 6.3.4.0.306 2009.04.12 -
TrendMicro 8.700.0.1004 2009.04.12 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -
Additional information
File size: 387584 bytes
MD5...: 0022c04bb12917721f18dd79a4a4d9d5
SHA1..: 89c1bfe36084dcade31a7e7ed619fbf65349f07c
SHA256: 8ae4b770f333ea446422604507b624191bf41c4f6d0896c942742dabafe961ab
SHA512: 9a6121a4b9ba17f1d918c5a8bab12d84d29776f5e414402b13498624b350bb6e
ff663547f8ca267992cc628cc213cfe9aa82da864cfcd4378f89fc33b79843b3
ssdeep: 3072:v2vjZN+jaiG17Ef5KlrKnBZ59oZSmveDlcjIV8jlwIKpFFCcll3H3rH3XD7
Inm+t:OLZNai17Y56rKnBfWhveajzxwI
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5056
timedatestamp.....: 0x41107ebe (Wed Aug 04 06:14:22 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f5e0 0x1f600 6.59 86385f3ab48a55528ee07a09cd9b0870
.data 0x21000 0x1ca24 0x1ca00 0.17 f475a5d8db410678faa8b459e2a5fdb4
.rsrc 0x3e000 0x22414 0x22600 3.50 cbc6af510b5c7801e50061d0b5441007

( 3 imports )
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
RDS...: NSRL Reference Data Set
-
to je za prvi

a za drugi nije ništa

Jel koristi jos neko ovaj racunar osim tebe? Vidim da nemas Administratorska prava, pa ni skeniranje sa ComboFix-om nije moglo do kraja da se odradi. Jel ima neko ko nad ovim racunarom ima Administratorska prava?

hm..pa sestra je administrator ja mislim

Jel si ti pokrenuo temu ili ona? Kad upalis komp jel imas izbor da udjes na vise naloga ili ako?

ja sam, nemam

Hajde da probamo, pa sta bude - bude:

Opet iskljuci svu zastitu koju imas. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

joj, već me sram...

evo:

"Irena" - 2009-04-13 0:17:45 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Irena\"
Command switches used :: ""C:\Documents and Settings\Irena\Desktop\CFScript.txt""


((((((((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 ))))))))))))))))))))))))))))))))))


2009-04-12 21:01 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-04-12 20:05 387,584 --a------ C:\WINDOWS\system32\CF15820.exe
2009-04-12 20:03 73,728 --a------ C:\pv.exe
2009-04-12 20:02 387,584 --a------ C:\WINDOWS\system32\CF15487.exe
2009-04-12 16:58 <DIR> d-------- C:\Program Files\Autorun Eater
2009-04-12 16:29 16,896 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2009-04-12 15:25 7,168 --a------ C:\WINDOWS\system32\drivers\bltrust.sys
2009-04-12 15:25 <DIR> d-------- C:\WINDOWS\system32\TrustNoExe
2009-04-10 18:59 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2009-03-14 22:40 410,984 --a------ C:\WINDOWS\system32\deploytk.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-04-12 10:18:34 31,616 ----a-w C:\WINDOWS\system32\drivers\Winjo60.sys
2009-03-09 11:37:13 -------- d-----w C:\Program Files\In Flames - Screensaver
2009-03-06 12:03:26 -------- d-----w C:\Program Files\Windows Live
2009-03-06 12:02:49 -------- d-----w C:\Program Files\Windows Live Toolbar
2009-03-06 12:02:21 -------- d-----w C:\Program Files\Microsoft Sync Framework
2009-03-06 12:01:13 -------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-06 11:57:52 -------- d-----w C:\Program Files\Windows Live SkyDrive
2009-03-06 11:46:24 -------- d-----w C:\Program Files\Common Files\Windows Live
2009-03-01 11:10:59 -------- d-----w C:\Program Files\OnLine Brojac v.7.0
2009-02-26 11:48:41 -------- d-----w C:\Program Files\Google
2009-02-25 19:10:50 -------- d-----w C:\DOCUME~1\Irena\APPLIC~1\Google
2009-02-25 19:00:03 -------- d-----w C:\Program Files\Windows Installer Clean Up
2009-02-25 18:59:54 -------- d-----w C:\Program Files\MSECACHE
2009-02-06 19:02:48 308,104 ----a-w C:\WINDOWS\WLXPGSS.SCR
2009-02-06 17:52:40 49,504 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-08-14 18:11:32 3,364,957 --sha-w C:\WINDOWS\system32\rsetup.exe
2008-02-08 20:45:21 2,026 --sha-r C:\WINDOWS\system32\udardn.dll
2008-02-08 20:45:17 84,968 --sha-r C:\WINDOWS\system32\hgmfjn.dll
2008-02-08 20:45:11 1,624 --sha-r C:\WINDOWS\system32\comqqcea.dll
2008-02-06 15:07:04 1,536 --sha-w C:\WINDOWS\page files\maxmeg.sys
2007-11-28 18:56:28 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-28 14:27:21 8 --sh--r C:\WINDOWS\system32\B83872C642.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 19:04]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}=C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 18:49]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 16:41]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 22:39]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}=C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 19:17]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}=C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 22:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-03-03 15:50]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-14 22:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"SystemExplorer"="C:\BUG\SystemExplorer 1.2.1\SystemExplorer.exe" [2007-12-23 20:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 19:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Winjo60.sys]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0767371f-87c7-11dc-9fa4-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0feda428-a7ec-11dc-9fdb-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0feda43d-a7ec-11dc-9fdb-00112faf3edf}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149d693a-ae4a-11dd-a209-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{330b1590-1b61-11dd-a0e0-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36acb84c-27f0-11dd-a0f1-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ae4188-7e43-11dc-9f95-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3940df15-f519-11dc-a097-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e32767-7be5-11dc-9f91-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5921229d-1e99-11dd-a0e4-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5df69683-210b-11dd-a0e7-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c19380e-1658-11de-a2cd-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e7c1658-25a7-11dd-a0ed-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bdc8b5a-e92c-11dc-a07e-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4f0299-1139-11dd-a0ca-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d1c72cc-3234-11dd-a100-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e99cb84-53ed-11dd-a13d-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d3dcf94-0ae6-11dd-a0bc-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17b9fde-00d4-11dd-a0ad-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4e03bf6-70fb-11dc-9488-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c53ce9ec-dee7-11dc-a05d-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96adf95-7735-11dc-9f88-00112faf3edf}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca877488-1201-11dd-a0cb-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb09fc1c-69e2-11dd-a180-00112faf3edf}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e43dc8-c5cf-11dc-a017-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4a0e08-af3d-11dd-a20b-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef90ae6e-9b57-11dc-9fc0-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fb6ff9-0aea-11dd-a0bd-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fb6ffa-0aea-11dd-a0bd-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

*Newly Created Service* - HTTPFILTER

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 00:24:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UACd.sys]
"imagepath"="\systemroot\system32\drivers\UACyqomuwyl.sys"

Completion time: 2009-04-13 0:28:45
C:\ComboFix-quarantined-files.txt ... 2009-04-13 00:28
C:\ComboFix2.txt ... 2009-04-12 21:01

--- E O F ---

Hajde ponovo ovo uradi, ali budi siguran da si tacno ovako uradio. Skini ComboFix ponovo, ali sada na DESKTOP!

Opet iskljuci svu zastitu koju imas. Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

napravila sam tak, al neće se otvorit combofix s drugog linka na kojem sam skinula,
uglavnom, ne moraš se više zamarat time, znam da je sad glupo to za reć nakon svega ovoga, al ne želim više tebe zamarat

HVALA na svemu i sorry

Nemoj tako lako da odustajes. Probaj da skines CF sa nekog od ovih linkova:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Pa onda uradi ono sto sam ti rekao. Ako ne moze nikako, javi se da uninstaliramo ComboFix, pa da probamo nesto drugo.

ne znam zašto neće :(

idem ja spavat, sutra je novi dan, tj. danas, pa ako hoćeš sutra nastavit...al ne moraš ako nećeš, razumijem

Ok. Nastavljamo onda sutra. Kad budes mogao, probaj ovo sto sam ti dao da uradis. Ne moras da skines novi ComboFix, probaj sa starim. Pa postavi izvestaj. Ako nece, javi se, pa da probamo nesto drugo.

"Irena" - 2009-04-13 11:51:08 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Irena\"
Command switches used :: ""C:\Documents and Settings\Irena\Desktop\CFScript.txt""


((((((((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))))))))


2009-04-13 01:00 387,584 --a------ C:\WINDOWS\system32\CF8362.exe
2009-04-13 01:00 387,584 --a------ C:\WINDOWS\system32\CF8238.exe
2009-04-13 00:59 387,584 --a------ C:\WINDOWS\system32\CF8117.exe
2009-04-12 21:01 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-04-12 20:05 387,584 --a------ C:\WINDOWS\system32\CF15820.exe
2009-04-12 20:02 387,584 --a------ C:\WINDOWS\system32\CF15487.exe
2009-04-12 16:58 <DIR> d-------- C:\Program Files\Autorun Eater
2009-04-12 16:29 16,896 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2009-04-12 15:25 7,168 --a------ C:\WINDOWS\system32\drivers\bltrust.sys
2009-04-12 15:25 <DIR> d-------- C:\WINDOWS\system32\TrustNoExe
2009-04-10 18:59 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2009-03-14 22:40 410,984 --a------ C:\WINDOWS\system32\deploytk.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-04-12 10:18:34 31,616 ----a-w C:\WINDOWS\system32\drivers\Winjo60.sys
2009-03-09 11:37:13 -------- d-----w C:\Program Files\In Flames - Screensaver
2009-03-06 12:03:26 -------- d-----w C:\Program Files\Windows Live
2009-03-06 12:02:49 -------- d-----w C:\Program Files\Windows Live Toolbar
2009-03-06 12:02:21 -------- d-----w C:\Program Files\Microsoft Sync Framework
2009-03-06 12:01:13 -------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-06 11:57:52 -------- d-----w C:\Program Files\Windows Live SkyDrive
2009-03-06 11:46:24 -------- d-----w C:\Program Files\Common Files\Windows Live
2009-03-01 11:10:59 -------- d-----w C:\Program Files\OnLine Brojac v.7.0
2009-02-26 11:48:41 -------- d-----w C:\Program Files\Google
2009-02-25 19:10:50 -------- d-----w C:\DOCUME~1\Irena\APPLIC~1\Google
2009-02-25 19:00:03 -------- d-----w C:\Program Files\Windows Installer Clean Up
2009-02-25 18:59:54 -------- d-----w C:\Program Files\MSECACHE
2009-02-06 19:02:48 308,104 ----a-w C:\WINDOWS\WLXPGSS.SCR
2009-02-06 17:52:40 49,504 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-08-14 18:11:32 3,364,957 --sha-w C:\WINDOWS\system32\rsetup.exe
2008-02-08 20:45:21 2,026 --sha-r C:\WINDOWS\system32\udardn.dll
2008-02-08 20:45:17 84,968 --sha-r C:\WINDOWS\system32\hgmfjn.dll
2008-02-08 20:45:11 1,624 --sha-r C:\WINDOWS\system32\comqqcea.dll
2008-02-06 15:07:04 1,536 --sha-w C:\WINDOWS\page files\maxmeg.sys
2007-11-28 18:56:28 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-28 14:27:21 8 --sh--r C:\WINDOWS\system32\B83872C642.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 19:04]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}=C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 18:49]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 16:41]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 22:39]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}=C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 19:17]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}=C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 22:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-03-03 15:50]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-14 22:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"SystemExplorer"="C:\BUG\SystemExplorer 1.2.1\SystemExplorer.exe" [2007-12-23 20:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 19:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Winjo60.sys]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0767371f-87c7-11dc-9fa4-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0feda428-a7ec-11dc-9fdb-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0feda43d-a7ec-11dc-9fdb-00112faf3edf}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149d693a-ae4a-11dd-a209-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{330b1590-1b61-11dd-a0e0-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36acb84c-27f0-11dd-a0f1-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ae4188-7e43-11dc-9f95-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3940df15-f519-11dc-a097-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e32767-7be5-11dc-9f91-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5921229d-1e99-11dd-a0e4-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5df69683-210b-11dd-a0e7-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c19380e-1658-11de-a2cd-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e7c1658-25a7-11dd-a0ed-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bdc8b5a-e92c-11dc-a07e-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4f0299-1139-11dd-a0ca-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d1c72cc-3234-11dd-a100-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e99cb84-53ed-11dd-a13d-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d3dcf94-0ae6-11dd-a0bc-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17b9fde-00d4-11dd-a0ad-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4e03bf6-70fb-11dc-9488-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c53ce9ec-dee7-11dc-a05d-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96adf95-7735-11dc-9f88-00112faf3edf}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca877488-1201-11dd-a0cb-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb09fc1c-69e2-11dd-a180-00112faf3edf}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e43dc8-c5cf-11dc-a017-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec4a0e08-af3d-11dd-a20b-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef90ae6e-9b57-11dc-9fc0-00112faf3edf}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fb6ff9-0aea-11dd-a0bd-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fb6ffa-0aea-11dd-a0bd-00112faf3edf}]
AutoRun\command- I:\
open\Command- rundll32.exe .\desktop.dll,InstallM


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 11:56:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UACd.sys]
"imagepath"="\systemroot\system32\drivers\UACyqomuwyl.sys"

Completion time: 2009-04-13 11:59:21
C:\ComboFix-quarantined-files.txt ... 2009-04-13 11:58
C:\ComboFix2.txt ... 2009-04-13 11:49
C:\ComboFix3.txt ... 2009-04-13 00:28

--- E O F ---


eto

Ok. Necemo vise da se patimo sa ComboFix-om. Sad cemo da ga uninstaliramo. Otvori Start pa klikni na Run i u njemu ukucaj combofix /u. Znaci pise combofix pa razmak pa /u (bez razmaka izmenju kose crte i slova u). I pritisni Enter. Sacekaj par minuta da se zavrsi proces unnstalacije.

Idemo dalje. Hajde da probamo sa drugim alatom.

Preuzmi program Avenger, raspakuj ga na Desktop i pokreni. Kada ga pokrenes u polje Input script here iskopiraj sledeci tekst:



Kada iskopiras ovaj tekst pritisni Execute, potvrdi dva puta sa Yes i racunar ce se restrtovati. Posle restartovanja otvorice se jedan txt faj u Notepadu koji mi iskopiraj ovde u sledecoj poruci.

neće mi radit, jesam iskopirlala sam, al se nešt pojavljivalo puno puta, i onda se na kraju restartao sam, a sad kad ga pokrenem, neće radit...

ja odustajem, sorry, hvala još jednom na svemu, morat ću nekog pozvat da to riješi i gotovo, sorry još jednom :/

Ok. Ako odlucis da nastavimo, slobodno mi posalji privatnu poruku, pa da otkljucam temu.

Pozdrav