Preuzmi ovaj program: OTM
http://oldtimer.geekstogo.com/OTM.exe

Pokreni program i u levi prozor ispod " Paste Instructions for Items to be Moved "
iskopiraj sve dole sto sam ti oznacio:




Idi na MoveIt!

restartuj komp....

Onda Skini DDS sa ovog linka:
http://download.bleepingcomputer.com/sUBs/dds.scr

Pokreni ga i sacekaj par minuta da program zavrsi skeniranje. Kad zavrsi napravice dva loga.
Prvi se zove Attach.txt i on nam netreba vec onaj drugi ( veci ) koji se zove DDS.txt

Tj log DDS.txt odmah kopiraj u drugi notepad ( File > Save As ) i taj notepad prikaci uz poruku
[/quote]

Interesantna stvar ali skoro sam ubio kod drugara taj virus, crv ili sta vec bese. Uradio ovako skini AV ESET SMART SECURITY 3.0.672. prvo obrisi taj fajl na lokaciji c\win\ i tu obrisi sve sto ima pa onda otvori Registry i obrisi svude gde nadjes c:\win pa onda idi start pa Run i tu kucaj "msconfig"(naravno ako imas XP) i tu ides na stavku startup i tu obrises tamo gde pise c:\win\isass.exe posle samo restart i instaliras AV nek ti skenira lepo komp kad nadje sve obrises viruse pa restart i onda ce da ga izbrise iz kompa

Hvala na javljanju!Cekam dalje upute, pozz


DDS (Ver_09-07-30.01) - NTFSx86
Run by PC at 16:34:09.85 on Thu 07/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1376 [GMT 2:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [run32] c:\win\lsass.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayaYpMF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-13 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-1 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-1 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40:42];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2008-5-14 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2008-5-14 9446]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-07-30 16:31 <DIR> --d----- C:\_OTM
2009-07-21 00:52 352 a---h--- c:\windows\nod32fixtemdono.reg
2009-07-21 00:51 <DIR> --d----- c:\program files\ESET
2009-07-21 00:47 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-18 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-18 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-11 21:31 <DIR> --d----- C:\VundoFix Backups
2009-07-11 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Jes-Soft
2009-07-09 18:34 25 a------- c:\windows\cdplayer.ini
2009-07-09 18:34 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:34 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-09 18:34 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-26 18:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 21:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-01 16:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-13 08:38 29,480 a------- c:\windows\system32\msxml3a.dll
2009-05-12 22:42 87,608 a------- c:\docume~1\pc\applic~1\inst.exe
2009-05-12 22:42 47,360 a------- c:\docume~1\pc\applic~1\pcouffin.sys
2009-05-07 17:44 344,064 a------- c:\windows\system32\localspl.dll
2008-05-15 16:32 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 16:34:36.07 ===============

To je to. Kompjuter je cist. Sad mozes obrisati sve te dijagnosticke alate koje smo koristili.

Jeli ovo ok, treba li da postoji ovo i kako da se ukloni?Pozz

izvini moja startiva...preskocio sam jedan mali deo loga...mali ali dovoljan...

Skini ovaj program:
Avenger
http://swandog46.geekstogo.com/avenger2/download.php

Znaci raspakuj Program u neki Folder na Desktop pa ga pokreni:

Iskopiraj ovaj tekst:



Idi na Execute ...pa Yes...Yes ... doci ce do restarta kompjutera

posle toga mi molim te postavi novi DDS log i HJT log


Ako ga sila od Avengera ne ukloni idemo na drasticnije mere

"Naredjenje izvrsenje" :)
ono isass i dalje postoji

DDS (Ver_09-07-30.01) - NTFSx86
Run by PC at 17:32:06.65 on Thu 07/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1452 [GMT 2:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [run32] c:\_otm\movedfiles\07302009_163103\win\lsass.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayaYpMF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-13 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-1 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-1 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40:42];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2008-5-14 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2008-5-14 9446]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-07-30 16:31 <DIR> --d----- C:\_OTM
2009-07-21 00:52 352 a---h--- c:\windows\nod32fixtemdono.reg
2009-07-21 00:51 <DIR> --d----- c:\program files\ESET
2009-07-21 00:47 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-18 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-18 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-11 21:31 <DIR> --d----- C:\VundoFix Backups
2009-07-11 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Jes-Soft
2009-07-09 18:34 25 a------- c:\windows\cdplayer.ini
2009-07-09 18:34 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:34 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-09 18:34 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-26 18:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 21:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-01 16:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-13 08:38 29,480 a------- c:\windows\system32\msxml3a.dll
2009-05-12 22:42 87,608 a------- c:\docume~1\pc\applic~1\inst.exe
2009-05-12 22:42 47,360 a------- c:\docume~1\pc\applic~1\pcouffin.sys
2009-05-07 17:44 344,064 a------- c:\windows\system32\localspl.dll
2008-05-15 16:32 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 17:32:32.26 ===============

Hajde sad obrisi OTM iz kompjutera,restartuj kompjuter pa pokreni HijackThis log i proveri jel se nalazi neka od ovih linija

O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe

O4 - HKLM\..\Run: [run32] c:\_otm\movedfiles\07302009_163103\win\lsass.exe

ili mi postavi HJT log..kako ti lakse

Kako se brise otm? Ja sam ga odavno izbrisao ,desni klik i delete.Ako se tako brise :(
Bolje da majstor provjeri...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:26, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\_OTM\MovedFiles\07302009_163103\Win\lsass.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\123\123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [run32] C:\_OTM\MovedFiles\07302009_163103\Win\lsass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6529 bytes

boze...svasta...

Pazljivo isprati uputstvo za skidanje Combofix

http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

znaci pre skidanja obavezno iskljuci AntiVirus program,
znaci pokreni ESET AV >> idi na "Setup >> izaberi "Antivirus and antispyware"
opciju i klikni na "Temporarily disable Antivirus and antispyware protection"

pa po datom uputstvu pokreni skriptu i postavi mi log koji CF napravi na kraju

Nadam se da sam sve odradio kako treba jer isass je i dalje tu :( !

ComboFix 09-07-29.04 - PC 07/30/2009 18:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1598 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\Application Data\.#
c:\documents and settings\PC\Application Data\inst.exe
c:\windows\Installer\19a771e.msi
c:\windows\Installer\a41ed.msi
c:\windows\Installer\fff055.msi
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 14:31 . 2009-07-30 14:31 -------- d-----w- C:\_OTM
2009-07-30 12:15 . 2009-07-30 12:15 328 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090730141520.bat
2009-07-29 08:54 . 2009-07-29 08:54 2883 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090729105403.bat
2009-07-27 18:06 . 2009-07-27 18:06 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727200645.bat
2009-07-27 14:08 . 2009-07-27 14:08 551 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727160838.bat
2009-07-26 18:17 . 2009-07-26 18:17 554 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090726201739.bat
2009-07-20 22:52 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-07-20 22:51 . 2009-07-20 22:51 -------- d-----w- c:\program files\ESET
2009-07-20 22:47 . 2009-07-20 22:47 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 19:06 . 2009-07-20 19:06 431 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720210656.bat
2009-07-20 11:13 . 2009-07-20 11:13 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131348.bat
2009-07-20 11:10 . 2009-07-20 11:10 360 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131025.bat
2009-07-20 11:05 . 2009-07-20 11:05 354 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130559.bat
2009-07-20 11:01 . 2009-07-20 11:01 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130145.bat
2009-07-19 16:18 . 2009-07-19 16:18 352 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090719181830.bat
2009-07-11 19:31 . 2009-07-11 19:31 -------- d-----w- C:\VundoFix Backups
2009-07-11 15:58 . 2009-07-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Jes-Soft
2009-07-10 15:05 . 2009-07-10 15:05 557 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710170525.bat
2009-07-10 14:52 . 2009-07-10 14:52 316 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710165216.bat
2009-07-09 20:43 . 2009-07-09 20:46 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2009-07-09 20:43 . 2009-07-09 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Real
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 16:33 . 2009-07-09 16:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 19:42 . 2009-07-08 19:42 -------- d-----w- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 15:30 . 2008-11-18 22:55 169936 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\FlashGot.exe
2009-07-30 12:15 . 2008-05-24 12:03 -------- d-----w- c:\documents and settings\PC\Application Data\WinFF
2009-07-29 22:32 . 2008-05-16 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 21:12 . 2008-05-15 14:35 -------- d-----w- c:\documents and settings\PC\Application Data\uTorrent
2009-07-28 21:05 . 2008-09-26 15:13 -------- d-----w- c:\documents and settings\PC\Application Data\Kingston
2009-07-27 14:30 . 2008-05-21 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 14:25 . 2008-06-01 08:05 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 22:51 . 2008-05-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-20 22:15 . 2008-05-15 13:25 -------- d-----w- c:\program files\Yahoo!
2009-07-13 11:36 . 2008-08-10 14:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-05-21 18:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 12:53 . 2008-12-06 12:00 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-07-10 14:43 . 2008-09-19 13:38 -------- d-----w- c:\program files\Google
2009-07-10 14:19 . 2009-01-31 01:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-09 16:34 . 2008-05-15 19:01 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 16:34 . 2008-05-15 19:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-09 16:34 . 2008-05-15 19:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 18:52 . 2008-05-15 14:29 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2009-07-08 18:52 . 2008-05-15 14:32 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2009-07-07 20:00 . 2009-06-24 14:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 20:00 . 2009-06-24 14:12 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 20:00 . 2009-06-24 14:11 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 19:20 . 2008-05-15 13:21 -------- d-----w- c:\documents and settings\PC\Application Data\Vso
2009-07-06 14:17 . 2009-06-24 14:12 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-06 14:17 . 2009-06-24 14:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-06 14:17 . 2009-06-24 14:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-06 14:17 . 2009-06-24 14:12 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-06 14:17 . 2009-06-01 14:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-06 14:16 . 2009-06-01 14:09 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-06 14:16 . 2009-06-01 14:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-06 14:16 . 2009-06-24 14:11 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-06 14:16 . 2009-06-24 14:11 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-06 14:16 . 2009-06-24 14:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-06 14:16 . 2009-06-24 14:10 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-06 14:16 . 2009-06-24 14:10 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 19:36 . 2009-06-26 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-06-26 19:32 . 2009-06-26 19:32 -------- d-----w- c:\program files\KONAMI
2009-06-26 16:18 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 14:19 . 2009-06-24 14:19 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161917.bat
2009-06-24 14:17 . 2009-06-24 14:17 789 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161739.bat
2009-06-23 18:55 . 2009-06-23 18:55 388 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623205533.bat
2009-06-23 18:33 . 2009-06-23 18:33 924 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203351.bat
2009-06-23 18:30 . 2009-06-23 18:30 2958 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203031.bat
2009-06-21 22:13 . 2008-05-16 13:36 -------- d-----w- c:\documents and settings\PC\Application Data\BSplayer PRO
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Adobe Media Player
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-21 22:10 . 2009-06-21 22:11 38208 ----a-w- c:\documents and settings\PC\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:55 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 20:15 . 2009-06-12 20:15 2165 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090612221550.bat
2009-06-09 18:50 . 2009-06-09 18:50 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090609205015.bat
2009-06-07 15:27 . 2009-06-07 15:27 3765 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090607172718.bat
2009-06-06 16:48 . 2009-06-06 16:48 440 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606184822.bat
2009-06-06 14:06 . 2009-06-06 14:06 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606160652.bat
2009-06-03 19:27 . 2004-08-03 22:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:18 . 2009-06-01 14:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:18 . 2009-05-13 14:10 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 16:56 . 2009-05-29 16:56 390664 ----a-w- c:\documents and settings\PC\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 14:04 . 2009-05-13 14:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-13 14:04 . 2009-05-13 14:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-13 06:42 . 2009-05-12 20:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-13 06:38 . 2008-07-10 14:33 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-08 10:44 . 2009-05-08 10:44 319 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090508124456.bat
2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:28 . 2009-05-04 19:28 322 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090504212841.bat
2009-07-26 19:34 . 2009-04-23 15:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-16 23:53 . 2008-05-15 14:07 48 --sh--w- c:\windows\SEAB9B388.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"run32"="c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe" [2002-01-01 552103]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2009 16:05 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/1/2008 13:48 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/1/2008 13:48 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 08:21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [5/14/2008 20:03 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 21:06 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 16:51 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [5/14/2008 17:25 9446]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:16]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Device Detector - DevDetect.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 18:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
.
**************************************************************************
.
Completion time: 2009-07-30 18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 16:16

Pre-Run: 44,667,514,880 bytes free
Post-Run: 45,848,989,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

228 --- E O F --- 2009-07-29 18:39

Otvori novi notepad i kopiraj ovo:



nazovi taj notepad kao CFScript i sacuvaj ga na Desktop

Prevuci CFScript preko Combofix-a ( kao na slici )

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

po zavrsetku skeniranja postavi log koji napravi CF

Mislim da je sada sve ok :) ?!

ComboFix 09-07-29.04 - PC 07/30/2009 18:46.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1592 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


FILE ::
"c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 14:31 . 2009-07-30 14:31 -------- d-----w- C:\_OTM
2009-07-30 12:15 . 2009-07-30 12:15 328 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090730141520.bat
2009-07-29 08:54 . 2009-07-29 08:54 2883 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090729105403.bat
2009-07-27 18:06 . 2009-07-27 18:06 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727200645.bat
2009-07-27 14:08 . 2009-07-27 14:08 551 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727160838.bat
2009-07-26 18:17 . 2009-07-26 18:17 554 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090726201739.bat
2009-07-20 22:52 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-07-20 22:51 . 2009-07-20 22:51 -------- d-----w- c:\program files\ESET
2009-07-20 22:47 . 2009-07-20 22:47 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 19:06 . 2009-07-20 19:06 431 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720210656.bat
2009-07-20 11:13 . 2009-07-20 11:13 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131348.bat
2009-07-20 11:10 . 2009-07-20 11:10 360 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131025.bat
2009-07-20 11:05 . 2009-07-20 11:05 354 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130559.bat
2009-07-20 11:01 . 2009-07-20 11:01 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130145.bat
2009-07-19 16:18 . 2009-07-19 16:18 352 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090719181830.bat
2009-07-11 19:31 . 2009-07-11 19:31 -------- d-----w- C:\VundoFix Backups
2009-07-11 15:58 . 2009-07-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Jes-Soft
2009-07-10 15:05 . 2009-07-10 15:05 557 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710170525.bat
2009-07-10 14:52 . 2009-07-10 14:52 316 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710165216.bat
2009-07-09 20:43 . 2009-07-09 20:46 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2009-07-09 20:43 . 2009-07-09 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Real
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 16:33 . 2009-07-09 16:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 19:42 . 2009-07-08 19:42 -------- d-----w- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 16:18 . 2008-11-18 22:55 169936 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\FlashGot.exe
2009-07-30 12:15 . 2008-05-24 12:03 -------- d-----w- c:\documents and settings\PC\Application Data\WinFF
2009-07-29 22:32 . 2008-05-16 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 21:12 . 2008-05-15 14:35 -------- d-----w- c:\documents and settings\PC\Application Data\uTorrent
2009-07-28 21:05 . 2008-09-26 15:13 -------- d-----w- c:\documents and settings\PC\Application Data\Kingston
2009-07-27 14:30 . 2008-05-21 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 14:25 . 2008-06-01 08:05 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 22:51 . 2008-05-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-20 22:15 . 2008-05-15 13:25 -------- d-----w- c:\program files\Yahoo!
2009-07-13 11:36 . 2008-08-10 14:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-05-21 18:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 12:53 . 2008-12-06 12:00 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-07-10 14:43 . 2008-09-19 13:38 -------- d-----w- c:\program files\Google
2009-07-10 14:19 . 2009-01-31 01:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-09 16:34 . 2008-05-15 19:01 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 16:34 . 2008-05-15 19:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-09 16:34 . 2008-05-15 19:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 18:52 . 2008-05-15 14:29 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2009-07-08 18:52 . 2008-05-15 14:32 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2009-07-07 20:00 . 2009-06-24 14:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 20:00 . 2009-06-24 14:12 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 20:00 . 2009-06-24 14:11 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 19:20 . 2008-05-15 13:21 -------- d-----w- c:\documents and settings\PC\Application Data\Vso
2009-07-06 14:17 . 2009-06-24 14:12 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-06 14:17 . 2009-06-24 14:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-06 14:17 . 2009-06-24 14:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-06 14:17 . 2009-06-24 14:12 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-06 14:17 . 2009-06-01 14:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-06 14:16 . 2009-06-01 14:09 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-06 14:16 . 2009-06-01 14:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-06 14:16 . 2009-06-24 14:11 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-06 14:16 . 2009-06-24 14:11 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-06 14:16 . 2009-06-24 14:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-06 14:16 . 2009-06-24 14:10 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-06 14:16 . 2009-06-24 14:10 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 19:36 . 2009-06-26 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-06-26 19:32 . 2009-06-26 19:32 -------- d-----w- c:\program files\KONAMI
2009-06-26 16:18 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 14:19 . 2009-06-24 14:19 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161917.bat
2009-06-24 14:17 . 2009-06-24 14:17 789 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161739.bat
2009-06-23 18:55 . 2009-06-23 18:55 388 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623205533.bat
2009-06-23 18:33 . 2009-06-23 18:33 924 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203351.bat
2009-06-23 18:30 . 2009-06-23 18:30 2958 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203031.bat
2009-06-21 22:13 . 2008-05-16 13:36 -------- d-----w- c:\documents and settings\PC\Application Data\BSplayer PRO
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Adobe Media Player
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-21 22:10 . 2009-06-21 22:11 38208 ----a-w- c:\documents and settings\PC\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:55 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 20:15 . 2009-06-12 20:15 2165 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090612221550.bat
2009-06-09 18:50 . 2009-06-09 18:50 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090609205015.bat
2009-06-07 15:27 . 2009-06-07 15:27 3765 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090607172718.bat
2009-06-06 16:48 . 2009-06-06 16:48 440 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606184822.bat
2009-06-06 14:06 . 2009-06-06 14:06 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606160652.bat
2009-06-03 19:27 . 2004-08-03 22:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:18 . 2009-06-01 14:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:18 . 2009-05-13 14:10 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 16:56 . 2009-05-29 16:56 390664 ----a-w- c:\documents and settings\PC\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 14:04 . 2009-05-13 14:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-13 14:04 . 2009-05-13 14:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-13 06:42 . 2009-05-12 20:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-13 06:38 . 2008-07-10 14:33 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-08 10:44 . 2009-05-08 10:44 319 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090508124456.bat
2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:28 . 2009-05-04 19:28 322 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090504212841.bat
2009-07-26 19:34 . 2009-04-23 15:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-16 23:53 . 2008-05-15 14:07 48 --sh--w- c:\windows\SEAB9B388.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2009 16:05 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/1/2008 13:48 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/1/2008 13:48 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 08:21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [5/14/2008 20:03 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 21:06 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 16:51 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [5/14/2008 17:25 9446]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:16]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-run32 - c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-30 18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 16:54
ComboFix2.txt 2009-07-30 16:16

Pre-Run: 45,860,954,112 bytes free
Post-Run: 45,817,937,920 bytes free

217 --- E O F --- 2009-07-29 18:39

Ok...to je to
Start >> Run kopiraj sledece:

OK

to ce uninstalirati Combofix skriptu

Hvala ti puno, znas znanje :) !!
Posle restarta pojavljuje mi se da li da kliknem na Recovery Console ili operativni sistem.To je povezano sa combofixom?Treba li tako svaki put ili mogu i to da uklonim, a pri tome sam aktivirao skriptu za brisanje combofixa.Pozz

_{[Ovu poruku je menjao igor_cg dana 30.07.2009. u 19:31 GMT+1]}

hehe...Hvala
pazi,preporucljivo je da ostane ali ako hoces da je bas uklonis i ako ti smeta idi na C particijiu i
obrisi CMDCONS folder i CMDLDR file sa root-a kao i Boot.bak.
Start >> Run kucaj OK

Na Boot.ini tabu treba kliknuti na "Check All Boot Paths"
Windows će da prijavi nefunkcionalnu liniju i samo treba kliknuti Yes
pa OK

Ako je preporucljivo necemo ga dirati hvala jos jednom!

Pazi ovako prosto jednostavno u glavnom windows folderu postoji taj fajl lsass.exe i on mora da bude pokrenut non stop a ako vidis negde gde pise c:\win\isass.exe slobodno brisi, ako to isto nadjes u Registry slobodno brise jer win direktorijum u XP nepostoji postoji glavni folder pod imenu WINDOWS. Posle kad obrises svuda gde nadjes c:\win\ posle sa AV ponovo skeniraj komp kad nadje sve viruse samo ga restartuj i to je to. Nadam se da sam bio jasan.

ok,hvala!!