C:\WINDOWS\System32\Drivers\unctzo.sys

[ neri86 @ 20.12.2009. 14:14 ] @

avast mi javlja da je nasao ovaj virus, i ne moze da ga obrise odmah jer je u memoriji pa trazi da restartujem kompjuter da bi ga obrisao u onom modu pre nego sto se podigne sistem i skenira sve i tada ga ne detektuje ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:02, on 20.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\uWDF.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Korisnik\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krstarica.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM11A.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ?????? Google Update (gupdate1c9e2d63a91a64) (gupdate1c9e2d63a91a64) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

sta da radim?

[ neri86 @ 20.12.2009. 14:51 ] @

a javljal mi se i ovo upozorenje od avasta:

There are too many identical e-mails in appointed time

Sender: VIAGRA © Best Online Store <[email protected]>
Recipient: [email protected]
Subject: User marta special 80% OFF

i u sys tray- u imam neku cudnu ikonicu i pise da je avastov mail skener i pojavila se danas a avast imam sigurno godinu dana

[ kristi1 @ 20.12.2009. 16:24 ] @

Isklkjuci stalnu zastitu Avasta desnim mklikom na ikonicu pored sata. (ne zaboravi da je ukljucis kad za vrsimo ciscenje).
Skini CF sa sledeceg sajta http://download.bleepingcomputer.com/sUBs/ComboFix.exe na Desktop
Pokreni Combofix sa Desktopa
Odgovori potvrdno za sve sto te pita.
Kad zavrsi skeniranje izbacice ti log u notepadu koji ces kopirati ovde na forumu.

[ neri86 @ 20.12.2009. 17:59 ] @

ComboFix 09-12-19.03 - Korisnik 20.12.2009 18:47:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.513 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091220-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Application Data\avdrn.dat
c:\documents and settings\Korisnik\Application Data\wiaserva.log
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm19.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm25.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm29.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm34.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm35.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm48E.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm4D.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm75.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tmA2.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tmD.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tmDC.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\Korisnik\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-20 14:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-19 20:07 . 2009-12-20 17:50 734208 ----a-w- c:\windows\system32\drivers\unctzo.sys
2009-12-19 20:07 . 2009-12-19 20:07 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-10 19:10 . 2009-12-17 21:03 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Cooliris
2009-12-03 22:22 . 2009-12-03 22:23 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SecondLife
2009-12-03 22:22 . 2009-12-03 22:44 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\SecondLife
2009-11-22 13:41 . 2009-11-22 13:41 117760 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-22 13:40 . 2009-11-22 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-22 13:40 . 2009-12-07 16:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-22 13:40 . 2009-11-22 13:40 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 14:46 . 2009-11-04 16:12 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-12-20 13:31 . 2009-01-19 18:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-19 21:51 . 2008-01-19 01:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 20:17 . 2009-02-01 14:36 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2009-12-19 20:06 . 2009-12-19 20:06 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-19 14:17 . 2009-12-19 14:17 118784 ----a-w- c:\windows\Web\Wallpaper\Living Waterfalls Wallpaper #1.exe
2009-12-19 14:15 . 2008-11-17 15:25 -------- d-----w- c:\program files\MP3 Rocket
2009-12-19 14:15 . 2008-04-02 20:13 -------- d-----w- c:\documents and settings\Korisnik\Application Data\MP3Rocket
2009-12-14 20:32 . 2009-02-28 22:40 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-12-02 13:18 . 2008-09-06 14:31 -------- d-----w- c:\program files\Google
2009-11-29 18:08 . 2008-04-08 17:56 -------- d-----w- c:\program files\Windows Live
2009-11-24 23:54 . 2009-02-09 21:09 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-02-09 21:09 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-02-09 21:09 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-02-09 21:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-02-09 21:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-02-09 21:09 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-02-09 21:09 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-02-09 21:09 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-02-09 21:09 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:40 . 2009-01-22 18:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-14 11:02 . 2009-01-12 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-04 17:14 . 2008-01-18 20:07 68984 -c--a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\program files\Common Files\SPSS
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\program files\SPSSInc
2009-11-04 16:08 . 2009-11-04 16:08 1025 ----a-w- c:\windows\system32\sysprs7.dll
2008-05-04 21:56 . 2008-05-04 21:55 2401296 ----a-w- c:\program files\WLinstaller.exe
2009-07-06 10:15 . 2009-02-09 20:55 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2006-12-22 10:28 271360 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-07-06 2749952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Korisnik\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-07-06 10:15 2749952 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-02 16:48 133104 -----tw- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
2008-11-06 17:23 772096 ----a-w- c:\program files\MP4 Player\Mp4Player.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2009-03-08 20:08 4685312 -c--a-w- c:\program files\Nexus Radio\Nexus Radio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-19 18:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 15:16 393216 ------w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 21:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SENS"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"NVSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7.2.2009 0:49 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8.2.2009 23:03 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.2.2009 22:09 114768]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.1\AGCoreService.exe [20.9.2009 16:03 20480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.2.2009 22:09 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2008 15:07 716272]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2.4.2009 12:38 13224]

--- Other Services/Drivers In Memory ---

*Deregistered* - unctzo
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\omeyncdj.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://home.gamingharbor.com
FF - prefs.js: keyword.URL - hxxp://www.gamingharbor.com/search.do?desktopsmiley&keyword=
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-SmileyApp - c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbapp.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\_avast4_\unp235409863.tmp 1582 bytes
c:\windows\TEMP\_avast4_\unp5266459.tmp 1581 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\unctzo]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-20 18:52:50
ComboFix-quarantined-files.txt 2009-12-20 17:52
ComboFix2.txt 2009-02-09 20:21

Pre-Run: 29.007.126.528 bytes free
Post-Run: 29.018.800.128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A20FFA4CE9828AF7EDA85915CB4F7FB3

[ kristi1 @ 20.12.2009. 21:08 ] @

Skini ovaj fajl na desktop i raspakuj ga. Ugasi antivirus.
Levim klikom misa prevuci skriptu na ikonicu Combofixa.

Kad zavrsi ciscenje okaci novi log.

_{[Ovu poruku je menjao kristi1 dana 20.12.2009. u 22:20 GMT+1]}

[ neri86 @ 20.12.2009. 22:13 ] @

ComboFix 09-12-19.03 - Korisnik 20.12.2009 22:58:23.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.512 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091220-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\LocalService\Application Data\fvgqad.dat"
"c:\windows\system32\drivers\unctzo.sys"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\fvgqad.dat
c:\windows\system32\drivers\unctzo.sys
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UNCTZO
-------\Service_unctzo

((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-20 14:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 19:10 . 2009-12-17 21:03 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Cooliris
2009-12-03 22:22 . 2009-12-03 22:23 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SecondLife
2009-12-03 22:22 . 2009-12-03 22:44 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\SecondLife
2009-11-22 13:41 . 2009-11-22 13:41 117760 ----a-w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-22 13:40 . 2009-11-22 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-22 13:40 . 2009-12-07 16:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-22 13:40 . 2009-11-22 13:40 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 22:05 . 2009-01-19 18:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-20 14:46 . 2009-11-04 16:12 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-12-19 21:51 . 2008-01-19 01:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 20:17 . 2009-02-01 14:36 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2009-12-19 14:17 . 2009-12-19 14:17 118784 ----a-w- c:\windows\Web\Wallpaper\Living Waterfalls Wallpaper #1.exe
2009-12-19 14:15 . 2008-11-17 15:25 -------- d-----w- c:\program files\MP3 Rocket
2009-12-19 14:15 . 2008-04-02 20:13 -------- d-----w- c:\documents and settings\Korisnik\Application Data\MP3Rocket
2009-12-14 20:32 . 2009-02-28 22:40 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-12-02 13:18 . 2008-09-06 14:31 -------- d-----w- c:\program files\Google
2009-11-29 18:08 . 2008-04-08 17:56 -------- d-----w- c:\program files\Windows Live
2009-11-22 13:40 . 2009-01-22 18:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-14 11:02 . 2009-01-12 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-04 17:14 . 2008-01-18 20:07 68984 -c--a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\program files\Common Files\SPSS
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\program files\SPSSInc
2009-11-04 16:08 . 2009-11-04 16:08 1025 ----a-w- c:\windows\system32\sysprs7.dll
2008-05-04 21:56 . 2008-05-04 21:55 2401296 ----a-w- c:\program files\WLinstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-12-20_17.50.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-20 22:05 . 2009-12-20 22:05 16384 c:\windows\Temp\Perflib_Perfdata_ae8.dat
+ 2009-12-20 22:05 . 2009-12-20 22:05 16384 c:\windows\Temp\Perflib_Perfdata_38c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2006-12-22 10:28 271360 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-07-06 2749952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Korisnik\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-07-06 10:15 2749952 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-02 16:48 133104 -----tw- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
2008-11-06 17:23 772096 ----a-w- c:\program files\MP4 Player\Mp4Player.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2009-03-08 20:08 4685312 -c--a-w- c:\program files\Nexus Radio\Nexus Radio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-19 18:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 15:16 393216 ------w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 21:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SENS"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"NVSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7.2.2009 0:49 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8.2.2009 23:03 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2008 15:07 716272]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.1\AGCoreService.exe [20.9.2009 16:03 20480]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2.4.2009 12:38 13224]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\omeyncdj.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://home.gamingharbor.com
FF - prefs.js: keyword.URL - hxxp://www.gamingharbor.com/search.do?desktopsmiley&keyword=

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-M4P - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 23:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D381F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7249cb8
\Driver\atapi -> 0x86d381f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf6facba0
PacketIndicateHandler -> NDIS.sys @ 0xf6fb9b21
SendHandler -> NDIS.sys @ 0xf6f9787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-20 23:10:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-20 22:10
ComboFix2.txt 2009-12-20 17:52
ComboFix3.txt 2009-02-09 20:21

Pre-Run: 29.176.451.072 bytes free
Post-Run: 29.051.166.720 bytes free

- - End Of File - - 9EE41E8626403E372DAB5656970BC440

[ kristi1 @ 21.12.2009. 11:45 ] @

Trebalo bi da je resen problem. ostaje da deinstaliras Combofix.
Start > Run > Combofix /Uninstall ok.

[ neri86 @ 21.12.2009. 13:02 ] @

uradila, hvala puuuuuuuuuuuuuuunooooooooooooooo!!!!!!!!!!!!!!!!!

[ kristi1 @ 21.12.2009. 13:15 ] @

Bilo mi je zadovoljstvo da radim sa nekim ko u potpunosti ispostuje uputsva. Pozz.
Ima jos jedna mala caka. skinuces ovaj fajl, pokreni ga, klikni br. 1 enter\ enter i to je sve.

[ neri86 @ 21.12.2009. 14:50 ] @

odradila sve, hvala jos jednom, pozzz

[ magna86 @ 21.12.2009. 17:04 ] @

Citat:

kristi1: Bilo mi je zadovoljstvo da radim sa nekim ko u potpunosti ispostuje uputsva.

imao si srece kristi,to je danas retkost :)