TR/CryptZPACK.Gen kako ga se resiti?

[ dragancesu @ 05.02.2010. 08:47 ] @

Ovo se nalazi na flashu i tako ga prepoznaje avira

Patim se vec tri dana, gledao sam google, ima mnogo saveta ali ne uspevam
Nocas je bio pusten i DrWeb iz safe moda, nasao je fajl e:\tmp\bak.exe i obrisao ali kad sam resetovao masinu opet je tu, avira se stalno buni a ne moze da izbrise

Kad pokrenem neki anti malware program iskace prozor sa Windows Protectiopn Error, i u nastavku da je flash read-only

Pokusavao sam remove manual ali ne nalazim te fajlove, procese, kljuceve

Sta predlazete?

[ kristi1 @ 05.02.2010. 08:57 ] @

Skini Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt

[ dragancesu @ 05.02.2010. 09:08 ] @

Evo loga

DDS (Ver_09-12-01.01) - NTFSx86
Run by vob at 10:00:56,56 on pet 05.02.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.333 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\vob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.buvljak.rs/
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = localhost;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\vob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\OUTLOOK.EXE
StartupFolder: c:\docume~1\vob\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\vob\desktop\virus removal tool\setup_9.0.0.722_05.02.2010_09-23\startup.exe
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoCommonGroups = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://vob/forms/jinitiator/jinit.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {CE525F84-3759-4F36-BA87-865954BE0972} = 10.0.2.1,10.250.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vob\applic~1\mozilla\firefox\profiles\ihikrwxx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.buvljak.rs/page1/|http://www.elitesecurity.org/|http://www.blic.rs/|http://www.kurir-info.rs/
FF - plugin: c:\documents and settings\vob\application data\mozilla\firefox\profiles\ihikrwxx.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 97348222;97348222 Boot Guard Driver;c:\windows\system32\drivers\97348222.sys [2010-2-5 37392]
R1 97348221;97348221;c:\windows\system32\drivers\97348221.sys [2010-2-5 128016]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-14 11608]
R1 setup_9.0.0.722_05.02.2010_09-23drv;setup_9.0.0.722_05.02.2010_09-23drv;c:\windows\system32\drivers\9734822.sys [2010-2-5 315408]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-14 56816]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-3 236368]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-10-14 103744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-3 19160]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [2008-6-7 84752]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S3 OracleClientCache80;OracleClientCache80;c:\orant\bin\ONRSD80.EXE [2008-12-1 101136]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]

=============== Created Last 30 ================

2010-02-05 07:36:59 37392 ----a-w- c:\windows\system32\drivers\97348222.sys
2010-02-05 07:36:59 315408 ----a-w- c:\windows\system32\drivers\9734822.sys
2010-02-05 07:36:59 128016 ----a-w- c:\windows\system32\drivers\97348221.sys
2010-02-04 10:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-02-04 08:51:34 98816 ----a-w- c:\windows\sed.exe
2010-02-04 08:51:34 77312 ----a-w- c:\windows\MBR.exe
2010-02-04 08:51:34 261632 ----a-w- c:\windows\PEV.exe
2010-02-04 08:51:34 161792 ----a-w- c:\windows\SWREG.exe
2010-02-03 15:04:13 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-03 15:04:10 0 d-----w- c:\program files\Nokia
2010-02-03 11:51:53 0 d-----w- c:\docume~1\vob\applic~1\Malwarebytes
2010-02-03 11:51:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 11:51:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 11:51:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 11:51:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-27 11:05:12 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-27 11:05:12 1409 ----a-w- c:\windows\QTFont.for
2010-01-27 11:01:29 0 d-----w- c:\docume~1\vob\applic~1\eLanguage
2010-01-27 10:52:11 0 d-----w- c:\docume~1\alluse~1\applic~1\eLanguage
2010-01-27 10:51:09 0 d-----w- c:\program files\eLanguage
2010-01-21 08:13:17 0 d-----w- c:\program files\Microsoft
2010-01-21 08:09:18 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-01-21 08:09:18 0 d-----w- c:\program files\The Weather Channel FW

==================== Find3M ====================

2009-12-18 10:54:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-18 10:54:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-08 07:30:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 08:37:43 20408 ----a-w- c:\windows\system32\tcpipbak.reg

============= FINISH: 10:01:12,89 ===============

[ kristi1 @ 05.02.2010. 09:56 ] @

c:\windows\system32\drivers\9734822.sys

Proveri ovaj drajver na http://www.virustotal.com/ i postavi mi link sa izvestajem

Kopiraj mi CF log vidim da si ga pustao.

[ dragancesu @ 05.02.2010. 11:15 ] @

Ono sam probao da posaljem ali nisam dobio nikakav izvestaj ili bolje reci da i nije jasno sta sam dobio,
a fajlovi su "pobegli" u c:\windows\LastGood\system32\DRIVERS , pa sam ih obrisao

CF log

ComboFix 10-02-03.04 - vob 05.02.2010 11:35:04.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.252 [GMT 1:00]
Running from: c:\documents and settings\vob\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 10:13 . 2010-02-05 10:13 -------- d--h--w- c:\windows\PIF
2010-02-05 09:32 . 2010-02-05 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-05 09:32 . 2010-02-05 10:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-05 09:32 . 2010-02-05 10:06 -------- d-----w- c:\documents and settings\vob\Application Data\SUPERAntiSpyware.com
2010-02-05 07:37 . 2010-02-05 10:25 -------- d-----w- c:\windows\LastGood
2010-02-04 13:42 . 2010-02-04 13:57 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2010-02-04 10:37 . 2010-02-05 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-03 15:08 . 2010-02-03 15:08 -------- d-----w- c:\documents and settings\vob\Application Data\PC Suite
2010-02-03 15:08 . 2010-02-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-03 15:04 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-03 15:04 . 2010-02-04 09:20 -------- d-----w- c:\program files\Nokia
2010-02-03 15:03 . 2010-02-03 15:03 -------- d-----w- c:\documents and settings\vob\Local Settings\Application Data\Opera
2010-02-03 15:02 . 2010-02-04 09:17 -------- d-----w- c:\program files\Opera
2010-02-03 11:53 . 2010-02-03 11:53 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 11:51 . 2010-02-03 11:51 -------- d-----w- c:\documents and settings\vob\Application Data\Malwarebytes
2010-02-03 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 11:51 . 2010-02-03 11:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 11:51 . 2010-02-03 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 11:21 . 2010-01-27 11:21 -------- d-----w- c:\documents and settings\vob\Application Data\Apple Computer
2010-01-27 11:04 . 2010-01-27 11:04 -------- d-----w- c:\program files\QuickTime
2010-01-27 11:03 . 2010-01-27 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-27 11:01 . 2010-01-27 11:01 -------- d-----w- c:\documents and settings\vob\Application Data\eLanguage
2010-01-27 10:52 . 2010-01-27 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\eLanguage
2010-01-27 10:51 . 2010-01-27 10:51 -------- d-----w- c:\program files\eLanguage
2010-01-21 08:13 . 2010-01-21 08:40 -------- d-----w- c:\program files\Microsoft
2010-01-21 08:13 . 2010-01-21 08:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 08:09 . 2010-01-21 08:34 -------- d-----w- c:\documents and settings\vob\Local Settings\Application Data\The Weather Channel
2010-01-21 08:09 . 2010-01-21 08:09 -------- d-----w- c:\program files\The Weather Channel FW
2010-01-21 08:09 . 2006-10-30 10:39 1060864 ----a-w- c:\windows\system32\mfc71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 07:31 . 2009-12-30 07:38 -------- d-----w- c:\program files\palmOne
2010-01-19 07:10 . 2009-02-19 12:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 07:07 . 2009-10-12 07:27 -------- d-----w- c:\program files\Look@LAN
2010-01-14 14:25 . 2009-02-20 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-29 13:17 . 2009-12-29 13:17 28672 ----a-w- c:\documents and settings\All Users\Application Data\Softomotive\WinAutomation\Compiled Jobs\413d6a20-4dcc-41dd-b688-c924aa8e5aa3.dll
2009-12-18 12:10 . 2009-02-19 12:47 68456 ----a-w- c:\documents and settings\vob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 11:19 . 2009-12-18 11:19 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-18 11:19 . 2009-12-18 11:19 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-18 11:18 . 2009-12-16 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2009-12-18 11:11 . 2009-12-18 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-18 11:04 . 2009-12-18 11:04 -------- d-----w- c:\documents and settings\vob\Application Data\Nokia Ovi Suite
2009-12-18 11:04 . 2009-11-12 11:50 -------- d-----w- c:\documents and settings\vob\Application Data\Nokia
2009-12-18 10:54 . 2009-12-18 10:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-18 10:54 . 2009-12-18 10:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-17 15:16 . 2009-12-18 11:18 61789728 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\documents and settings\vob\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 14:47 . 2009-12-17 14:38 -------- d-----w- c:\documents and settings\vob\Application Data\BSplayer
2009-12-17 14:38 . 2009-12-17 14:38 -------- d-----w- c:\documents and settings\vob\Application Data\BSplayer Pro
2009-12-17 14:38 . 2009-12-17 14:38 -------- d-----w- c:\program files\Webteh
2009-12-16 11:43 . 2009-12-16 07:17 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-16 11:43 . 2009-12-16 07:17 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-16 11:43 . 2009-12-16 07:16 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-16 11:43 . 2009-12-16 07:16 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-16 11:43 . 2009-12-16 07:16 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-16 11:43 . 2009-12-16 07:16 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-16 07:14 . 2009-12-16 07:14 94628904 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_PCS_Update.exe
2009-12-08 11:27 . 2009-12-08 11:23 -------- d-----w- c:\documents and settings\vob\Application Data\uTorrent
2009-12-08 08:02 . 2009-12-08 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Softomotive
2009-12-08 07:30 . 2009-10-14 08:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 08:37 . 2009-03-25 09:19 20408 ----a-w- c:\windows\system32\tcpipbak.reg
2009-11-23 07:25 . 2009-11-23 07:25 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-23 07:25 . 2009-11-23 07:25 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-23 07:25 . 2009-11-23 07:25 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-23 07:25 . 2009-11-23 07:25 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-23 07:13 . 2009-11-23 07:25 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-11-12 11:42 . 2009-11-12 11:42 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-12 11:42 . 2009-11-12 11:42 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-12 11:42 . 2009-11-12 11:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-12 11:42 . 2009-11-12 11:42 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-12 09:49 . 2009-11-12 11:42 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-04_09.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 10:25 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\97348222.sys
+ 2010-02-05 10:25 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\97348221.sys
+ 2010-02-05 10:25 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\9734822.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2009-10-02 5636608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vob\Start Menu\Programs\Startup\
Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2006-10-27 12813096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iolo Macro Magic.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Iolo Macro Magic.lnk
backup=c:\windows\pss\Iolo Macro Magic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2008-08-05 14:34 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/14/2009 9:56 AM 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2010 12:51 PM 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2010 12:51 PM 19160]
R4 97348221;97348221;c:\windows\system32\DRIVERS\97348221.sys --> c:\windows\system32\DRIVERS\97348221.sys [?]
S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 2:54 PM 84752]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [12/1/2008 9:30 AM 101136]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 97348221
*NewlyCreated* - 97348222
*NewlyCreated* - FWLYRPOW
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*NewlyCreated* - SETUP_9.0.0.722_05.02.2010_09-23DRV
*Deregistered* - fwlyrpow
*Deregistered* - SASENUM
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\e2.job
- c:\tasks\ev_promet\e2.bat [2010-01-28 08:07]

2010-02-05 c:\windows\Tasks\kb.job
- c:\tasks\kursna_basalt\kb.bat [2009-12-10 13:59]

2010-02-05 c:\windows\Tasks\kl.job
- c:\tasks\kursna_lista\kl.bat [2009-11-24 07:07]

2010-02-05 c:\windows\Tasks\kt.job
- c:\tasks\kt.bat [2009-11-26 13:16]

2010-01-31 c:\windows\Tasks\shutdown weekend.job
- c:\windows\system32\shutdown.exe [2008-04-14 12:00]

2010-01-25 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.buvljak.rs/page1/
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = localhost;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CE525F84-3759-4F36-BA87-865954BE0972} = 10.0.2.1,10.250.0.1
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://bas1.vob.yu/forms/jinitiator/jinit.exe
FF - ProfilePath - c:\documents and settings\vob\Application Data\Mozilla\Firefox\Profiles\ihikrwxx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.buvljak.rs/page1/|http://www.elitesecurity.org/|http://www.blic.rs/|http://www.kurir-info.rs/
FF - plugin: c:\documents and settings\vob\Application Data\Mozilla\Firefox\Profiles\ihikrwxx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 11:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1390067357-838170752-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD87739E-DC04-7BEE-0B3D-44E48DCAF27C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(536)
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
.
Completion time: 2010-02-05 11:41:48
ComboFix-quarantined-files.txt 2010-02-05 10:41
ComboFix2.txt 2010-02-05 08:05
ComboFix3.txt 2010-02-04 09:10

Pre-Run: 21.329.661.952 bytes free
Post-Run: 21.303.054.336 bytes free

- - End Of File - - 10A56E09A400EAE69EDA7F283E32509C

[ kristi1 @ 05.02.2010. 11:26 ] @

Ugasi AV
Skini ovaj fajl na desktop, raspakuj i prevuci na ikonicu Combofixa
Iskopiraj mi log.

[ dragancesu @ 18.02.2010. 14:20 ] @

Probao sam svasta ali sam na kraju formatizovao flash. Ni to nije iz prve hteo da uradi, ali je srecom na sajtu proizvodjaca (transcend) bio program to radi.

[ Aleksandar Maletic @ 20.02.2010. 16:01 ] @

Live CD,nista drugo ti ne treba... :))) Dr.Web ili Avira,moja preporuka...