da ne otvaram novu temu upravo sada sam preko "virustotal" skenirao i C;\WINDOWS\system32\Autochk.exe samo jedan AV je detektovao nesto sumljivo t.e AV eSafe detektuje Win32.Banker dok ostali 40 AV ne prikazuji nista. sta je sad ovo i sta uraditi pozzz i hvala

Autochk.exe je legitiman fajl, Autorun.exe je virus, da li si ga uklonio, koji problem u stvari ti imas ?

nisam ga uklonio jos, cekam strucno mislenje sta da radim. inace nemam nikakav problem na komp. ovo autorun.exe sam skenirao preko virustotal cisto onako iz radoznalosti i 23 AV su ga detektovali.dali da ga brisem ili...? posto nista sumlivo mi se ne desava na komp.

Brisi ga, mozda imas jos nesto.
Skini http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Zakaci mi log DDS.txt

Svaki proizvodjac AV programa ima svoj sistem davanja imena i katalogizacije virusa, tako da ce jedan te isti virus imati i po nekoliko desetina razlicitih oznaka, u zavisnosti od toga koji ga je AV program detektovao. To je kao sa biljkama i narodnim imenima - svaka biljka ima nekoliko desetina narodnih imena, pa ono sto ja recimo zovem petrovac neko drugi zove ranjenik, trava celog sveta, sitni cicak, mali cicak, cicak, mart, ruricica, turica ili dzigericnjak, ali svi pricamo o istoj biljci. Isto tako, kod racunarskih virusa, ono sto recimo Symantec zove Win32.Downadup, Computer Associates zove Win32/Conficker.A, a Kaspersky ga prepoznaje kao Net-Worm.Win32.Kido.bt, ali je u pitanju potpuno isti mrezni crv.

Znaci nije toliko bitno kako ga je onih 23 na VirusTotalu prepoznalo, bitno je da ga je vise od pola prepoznalo kao malware, sto ti je pouzdan signal da taj fajl ne bi trebalo tamo da se nalazi. Ako bas ne zelis da ga odmah obrises, probaj da ga preimenujes ili premestis negde, pa ako racunar i dalje radi kako treba u narednih nekoliko dana, slobodno ga obrisi. Ako vidis da se sam vratio nakon sto si ga preimenovao/premestio, to ti je znak vise da je u pitanju neki nezvani gost.

evo oba loga posto nisam bio siguran koj je trebao. inace autorun sam obrisao.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.03.2009 05:41:51
System Uptime: 14.09.2009 15:49:18 (1 hours ago)

Motherboard: | | ConRoe1333-D667
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPUSocket | 2991/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 48,059 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 83,818 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP21: 17.08.2009 02:59:19 - Configured NVIDIA ForceWare Network Access Manager
RP22: 17.08.2009 03:14:55 - Installed Realtek High Definition Audio Driver
RP23: 17.08.2009 03:18:14 - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP24: 17.08.2009 20:26:23 - Installed Bluesoleil2.6.0.9 Release 070606
RP25: 17.08.2009 20:29:32 - Installed Philips SPC220NC Webcam
RP26: 20.08.2009 04:46:34 - Software Distribution Service 3.0
RP27: 20.08.2009 05:01:06 - Software Distribution Service 3.0
RP28: 20.08.2009 07:43:22 - Installed Windows XP WgaNotify.
RP29: 21.08.2009 03:31:37 - Removed Windows Live Messenger
RP30: 21.08.2009 03:35:40 - Installed Windows Live installer
RP31: 21.08.2009 03:37:22 - Installed Windows Live
RP32: 21.08.2009 03:46:50 - Removed Windows Live foto-galerija
RP33: 21.08.2009 03:47:23 - Removed Windows Live Posta
RP34: 24.08.2009 03:00:19 - Software Distribution Service 3.0
RP35: 25.08.2009 03:54:03 - Software Distribution Service 3.0
RP36: 26.08.2009 11:27:21 - System Checkpoint
RP37: 26.08.2009 20:52:55 - Software Distribution Service 3.0
RP38: 27.08.2009 21:51:59 - System Checkpoint
RP39: 01.09.2009 16:39:06 - System Checkpoint
RP40: 02.09.2009 22:38:15 - System Checkpoint
RP41: 05.09.2009 06:52:26 - System Checkpoint
RP42: 06.09.2009 20:47:09 - System Checkpoint
RP43: 09.09.2009 02:53:32 - Software Distribution Service 3.0
RP44: 10.09.2009 05:54:30 - System Checkpoint
RP45: 11.09.2009 11:12:28 - System Checkpoint
RP46: 12.09.2009 01:41:27 - Installed Google Earth Pro.
RP47: 12.09.2009 01:56:21 - Removed Google Earth Pro.
RP48: 12.09.2009 02:18:32 - Installed Google Earth.
RP49: 12.09.2009 03:14:34 - Removed Google Earth.
RP50: 12.09.2009 03:29:49 - Installed Google Earth.
RP51: 12.09.2009 03:52:30 - Removed Google Earth.
RP52: 12.09.2009 23:33:23 - Installed Google Earth Pro.
RP53: 12.09.2009 23:55:12 - Removed Google Earth Pro.
RP54: 13.09.2009 01:54:00 - Installed Google Earth.
RP55: 14.09.2009 11:26:47 - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Alive Video Converter (version 3.2.0.8)
Allok AVI to DVD SVCD VCD Converter 3.9.0208
Athlon 64 Processor Driver
AutoUpdate
Bluesoleil2.6.0.9 Release 070606
BS.Player PRO
CorelDRAW Graphics Suite 12
CyberLink PowerDVD 8
DivX Codec
Easy Video Downloader v. 2.0
Google Earth
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Kaspersky Anti-Virus 7.0
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 6 Ultra Edition
NVIDIA Drivers
Philips SPC220NC Webcam
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skype™ 4.0
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Manager
VDOTool 5.3
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Live installer
Windows Live Messenger
WinRAR archiver

==== Event Viewer Messages From Past Week ========

13.09.2009 00:46:31, error: PSched [14103] - QoS [Adapter {162E98B7-3F4A-4FAF-9B4F-817B8D8FE32C}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
09.09.2009 00:22:31, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec kl1 klif MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
09.09.2009 00:22:31, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
09.09.2009 00:22:31, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
09.09.2009 00:22:31, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09.09.2009 00:22:31, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
09.09.2009 00:22:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
09.09.2009 00:21:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08.09.2009 21:13:45, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
07.09.2009 19:47:47, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================

evo i drugi.



DDS (Ver_09-07-30.01) - NTFSx86
Run by User at 16:24:08,87 on 14.09.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1251.389.1033.18.1023.546 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Gainward] c:\program files\vdotool\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Monitor] c:\windows\philips\spc220nc\Monitor.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc220nc webcam\TrayMin220.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {641D9245-E1B4-4362-8921-B8B83A23D64F} = 62.162.32.5 62.162.32.6
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\nwpliolc.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [2009-8-17 507136]

=============== Created Last 30 ================

2009-09-13 05:53 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-09-13 05:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-13 05:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 05:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-13 05:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 22:15 <DIR> --d----- c:\program files\mIRC
2009-08-30 04:24 <DIR> --d----- C:\OutputFolder
2009-08-26 23:11 <DIR> --d----- c:\docume~1\user\applic~1\mIRC
2009-08-24 21:24 64,376 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-24 02:37 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-24 02:37 208,744 a------- c:\windows\system32\muweb.dll
2009-08-24 02:37 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-24 00:04 <DIR> --d----- c:\program files\Webteh
2009-08-23 22:32 <DIR> --d----- c:\program files\Easy Video Downloader
2009-08-23 22:27 <DIR> --d----- c:\program files\Allok AVI to DVD SVCD VCD Converter
2009-08-23 22:04 <DIR> --d----- c:\program files\AliveMedia
2009-08-21 03:40 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-08-21 03:40 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-21 03:36 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-08-20 04:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-19 06:08 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-18 04:13 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-18 04:13 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-18 04:13 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-18 04:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-18 04:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-18 04:07 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-18 03:51 116 a------- c:\windows\NeroDigital.ini
2009-08-18 02:18 <DIR> --d----- c:\documents and settings\user\Contacts
2009-08-18 01:59 <DIR> --d----- c:\program files\common files\xing shared
2009-08-18 01:59 <DIR> --d----- c:\program files\common files\Real
2009-08-17 22:50 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-08-17 22:50 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-08-17 22:50 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-08-17 22:50 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-08-17 22:49 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-08-17 22:49 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-08-17 20:47 <DIR> --d----- c:\program files\VVSN
2009-08-17 20:47 223,128 a------- c:\windows\system32\drivers\dtscsi.sys
2009-08-17 20:47 <DIR> --d----- c:\program files\DAEMON Tools
2009-08-17 20:44 664,064 a------- c:\windows\system32\drivers\sptd.sys
2009-08-17 20:44 96,384 a------- c:\windows\system32\drivers\sptd5165.sys
2009-08-17 20:30 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2009-08-17 20:30 61,952 a------- c:\windows\system32\kstvtune.ax
2009-08-17 20:29 507,136 a------- c:\windows\system32\drivers\SPC220NC.SYS
2009-08-17 20:29 6,656 a------- c:\windows\system32\CoInst.dll
2009-08-17 20:29 518 a------- c:\windows\system32\SPC220NC.INI
2009-08-17 20:29 119,808 a------- c:\windows\system32\SPC220NC.AX
2009-08-17 20:29 <DIR> --d----- c:\program files\Philips
2009-08-17 20:26 <DIR> --d----- c:\program files\IVT Corporation
2009-08-17 20:26 32 a------- c:\windows\0
2009-08-17 20:26 0 a------- c:\windows\system32\0
2009-08-17 20:24 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-08-17 20:24 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-08-17 20:23 <DIR> --d----- c:\windows\system32\Lang
2009-08-17 20:23 558 a------- c:\windows\DFC.INI
2009-08-17 20:21 127,254 a------- c:\windows\system32\nvapps.xml
2009-08-17 20:21 17,463 a------- c:\windows\system32\nvdisp.nvu
2009-08-17 20:21 356,352 a------- c:\windows\system32\nvudisp.exe
2009-08-17 20:20 356,352 a------- c:\windows\system32\NVUNINST.EXE
2009-08-17 03:19 12,256 a------- c:\windows\system32\drivers\TBPanel.sys
2009-08-17 03:19 <DIR> --d----- c:\program files\VDOTool
2009-08-17 03:18 83,200 a----r-- c:\windows\system32\drivers\Rtenicxp.sys
2009-08-17 03:18 <DIR> --d----- c:\windows\OPTIONS
2009-08-17 03:16 143,360 -----r-- c:\windows\system32\RtlCPAPI.dll
2009-08-17 03:16 49,152 -----r-- c:\windows\system32\ChCfg.exe
2009-08-17 03:15 <DIR> --d----- c:\windows\system32\RTCOM
2009-08-17 03:15 86,016 -----r-- c:\windows\SoundMan.exe
2009-08-17 03:15 2,879,488 -----r-- c:\windows\SkyTel.exe
2009-08-17 03:15 364,544 -----r-- c:\windows\RtlUpd.exe
2009-08-17 03:15 282,624 -----r-- c:\windows\system32\RTSndMgr.Cpl
2009-08-17 03:15 9,709,568 -----r-- c:\windows\RTLCPL.exe
2009-08-17 03:15 4,381,184 -----r-- c:\windows\system32\drivers\RtkHDAud.Sys
2009-08-17 03:15 16,264,192 -----r-- c:\windows\RTHDCPL.exe
2009-08-17 03:15 2,155,008 -----r-- c:\windows\MicCal.exe
2009-08-17 03:15 69,632 -----r-- c:\windows\Alcmtr.exe
2009-08-17 03:15 2,808,832 -----r-- c:\windows\alcwzrd.exe
2009-08-17 03:15 299,008 -----r-- c:\windows\system32\ALSndMgr.Cpl
2009-08-17 03:14 <DIR> --d----- c:\program files\Realtek
2009-08-17 03:14 499,712 -----r-- c:\windows\RtlExUpd.dll
2009-08-17 03:09 4,372 a------- c:\windows\Ascd_tmp.ini
2009-08-17 03:09 10,288 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-08-17 02:59 20,608 ac------ c:\windows\system32\dllcache\usbuhci.sys
2009-08-17 02:59 20,608 a------- c:\windows\system32\drivers\usbuhci.sys

==================== Find3M ====================

2009-09-14 16:24 78,880 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-14 16:24 286,752 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-14 16:23 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-14 11:39 28,904 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-09-11 02:24 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-09-11 02:24 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-08-23 22:14 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-18 01:59 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-18 00:15 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 06:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 06:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 18:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 18:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 18:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 10:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 10:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 10:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-04-02 22:27 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-04-02 22:27 88 ---shr-- c:\docume~1\alluse~1\applic~1\CB8BCAFAE3.sys
2009-04-02 22:39 56 ---shr-- c:\windows\system32\E3FACA8BCB.sys
2009-04-02 22:39 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-12 06:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031120090312\index.dat

============= FINISH: 16:24:53,78 ===============

evo HiJack This log: inace preimenovan u blablabla.exe. samo da napomenem da sam obrisao autorun iz system 32 pre postavljanja ovih logova tako da ko je strucan neka proveri dali je ostalo jos nesto sumljivo ili neki trag od virusa. pozz i hvala



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:43, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\blablabla.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{641D9245-E1B4-4362-8921-B8B83A23D64F}: NameServer = 62.162.32.5 62.162.32.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6769 bytes

Stiklirajte sledece objekte i kliknite “Fix checked”
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
Posle toga restartujte racunar.

Ako mozete fajl
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
da zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujete na Rapidshare i posaljete mi link preko PP.

Sve je cisto, Monitor.exe ovo je kamera.

Prema ovome nije - http://www.exterminate-it.com/malpedia/remove-huntbar-btin
Za svaki slucaj bih hteo da proverim kakav je fajl.

Ne mari nista

sad ste me stavili u nedoumicu. sta da brisem a sta ne . molim brz i konacan odgovor. dali sve sto je dashkes rekao ili samo zadnje dve bez philips monitor? sta da brisem od navedenog? i za dashkes poslao sam sto je strazio nadam se da je to to posto je bilo dva faljlova sa natpisom monitor poslao sam oba. nadam se da su stigli posto prvi put saljem ne znam dali sam dobro uradio

Posaljite mi pa cu Vam konacno reci sta da uradite.
Nisam nista dobio. Pokusajte ponovo da upload-ujete na Rapidshare i posaljete mi link ovde - http://www.elitesecurity.org/pp/novaporuka/Dashkes

za dashkes: nadam se sad da je sve ok. cekam na odgovor

Fajl je cist. Ne morate da stiklirate
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe

a ona druga 2 fajla dali mogu slobodno da ih brisem ili ne. pozzzz i hvala sto ste se javili

Mozete slobodno. Nema problema. ;)