Pomoc oko brisanja virusa

nemogu da skinem dr web cim probam odma mi zatvara prozor

v_oj-kan, a HijackThis? Rootkit je najverovatnije u pitanju, najbolje je skinuti LiveCD kod nekoga i onda skenirati racunar.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:10 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TELNET.EXE
C:\WINDOWS\system32\TELNET.EXE
C:\WINDOWS\system32\TELNET.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vojkan\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\AirLiveUI.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8146A04-8855-41C5-8279-0A4E9BE0F126}: NameServer = 10.20.31.253 10.20.0.254
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 6183 bytes

ovo mi izadje za log ................

Stiklirajte sledece objekte i kliknite “Fix checked”
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
Posle toga restartujte racunar.

Ako moze log RootRepeal-a
1. Skinite sa http://rootrepeal.googlepages.com/RootRepeal.rar
2. Odradite sve kao na slici prateci postupke po broju

ee a zaboravio sam da kazem....hard mi je brisam skroz i opet sam ins windovs i swe se opet desava dal je to moguce?????????odg please

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/09 15:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA2F1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A5A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hqijog.sys
Image Path: C:\WINDOWS\system32\drivers\hqijog.sys
Address: 0xF8A66000 Size: 5024 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7A23000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Status: Invisible to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5081a5

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5079cc

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5040b0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507013

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa506e90

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa50754a

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa508225

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5044e1

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa504574

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xaa3338b0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xaa333a20

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507c97

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa504307

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa5075d6

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507f99

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa50467d

#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xaa507ef6

==EOF==




ovo izadje za log na rootRepeal

U RootRepeal-u idite na Tools > Wipe, Copy and Delete pa u prazno polje ubacite
C:\WINDOWS\system32\drivers\hqijog.sys
i zatim oznacite "Copy File" pa "Do Operation". Iskopirani fajl zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujte na Rapidshare i posaljite mi link preko PP.

nema brate ovo kod mene u windovsu.......

Moguće, ako koristiš neku neispitanu instalaciju XP-a, skinutu sa torenta pod nekim čudnim nazivom, tipa Black Edition ... i slično.
Da nije to u pitanju?

Ili, ako je instalacija XP-a u redu, da onda dovlačiš malware sa nekog instalacionog diska gde ti se nalaze ostale instalacije.




Koristi Total commander i uključi opciju Show Hidden files

---

A postoje i mesta na disku (MBR) gde se malware moze sakriti i preziveti format - vec smo pisali o tome nekoliko puta ovde na zastiti...

a dao sam disk da ga kill hdd.....obrisan je skroz......pa sta bi trebao da uradim?

ukljucio sam total commander

i ukljucio sakrivene foldere.....a sta sad

Ne znam kome si ga dao i kako ga je taj ubijao, i ne znam sta znaci "obrisan je skroz", ali recimo formatiranje diska ne brise MBR sektor, vec je potrebno odraditi najmanje FIXMBR iz Windowsove Recovery konzole, ili low-level format odgovarajucim alatom proizvodjaca HDD-a...

OK ljudi pošto imam identičan problem, samo ja nemamigrice nego mi prilikom pokretanja CCleanera izbaci taj famozni

R6002 - floating point support not load.

Pratio sam vaše upute, instalirao HijachThis i evo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:41, on 28.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Computer\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [WinSATRestorePower] powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 3475 bytes



Molim vas ako mi neko može pomoći, jer ovo polako dovodi do nervnog rastrojstva. ništa ne pomaže. Ima tu čitava priča da se ispriča! Ovako:
Ovo mi se pojavilo prije 3 - 4 mjeseca na računaru, ali sam mislio da je neki "kvar" u registriju pa nisam puno obraćao pažnju. Ali kad je počelo ići na živce formatirao sam c particiju nadajući se da je stvar riješena. Poslije par dana stvar se ponovila i ja otad hodam ko bez glave. Poslije par dana na sve to crkne mi računar, te sam bio prinuđen da uzmem drugi. Instalirao sam XP više ne razmišljajući o tome jer sam imao drugi komp sa drugom matičnom, drugim procesrorom, ramom, sve drugo.... Možete zamisliti moj šok kad se sve ponovo se vratilo. Užas. Napokon, neki dan instaliram Windows 7 i pogađate... Ljudi, proganja me... Neko se urotio protiv mene.
Ima još. Od tad ne mogu da otvorim ni Google Earth, ne mogu da "okinem" capture na Logithecovoj web kameri, kad pokrenem SuperAnti Spywer nakon skeniranja isto izbaci, pa se ugasi... to je ono što mi trenutno pada napamet.
Inače sam računar je brz, radi stvarno dobro, jedino taj problem...

Molim vas, ljudi, pomozite. Ovo ide do nervnog rastrojstva. Ubija. Očajan sam....

* Skini Combofix program
Poseti ovu stranicu za download link i Uputstvo za koriscenje Combofix programa:
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

* Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html

* Pokreni Combofix!
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Kopiraj taj izvestaj ovde. (tipicna lokacija loga: C:\ComboFix.txt)

---

učinio sve kako je objašnjeno, i na kraju je izbacio ovo:



ComboFix 10-02-05.04 - computer 06.02.2010 17:19:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.703.504 [GMT 1:00]
Running from: c:\documents and settings\computer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\computer\LOCALS~1\Temp\kga3.tmp
c:\documents and settings\computer\Local Settings\Temp\kga3.tmp
c:\windows\kb913800.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\systeminfo.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 11:49 . 2010-02-06 11:49 -------- d-----w- c:\program files\CCleaner
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\documents and settings\computer\Application Data\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-05 23:53 . 2010-02-05 23:53 -------- d-----w- c:\program files\ACD Systems
2010-02-05 23:51 . 2010-02-05 23:51 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Downloaded Installations
2010-02-05 23:04 . 2010-02-05 23:08 -------- d-----w- c:\program files\ApexDC++
2010-02-05 22:57 . 2010-02-05 22:57 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Readon_Technology
2010-02-05 22:53 . 2010-02-05 22:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\program files\Xvid
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\program files\ffdshow
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\documents and settings\computer\Application Data\Winamp
2010-02-05 22:52 . 2010-02-05 22:52 -------- d-----w- c:\program files\Winamp
2010-02-05 16:05 . 2010-02-05 22:51 -------- d-----w- c:\program files\K-Lite Codec Pack(2)
2010-02-05 16:01 . 2010-02-05 22:52 -------- d-----w- c:\program files\Winamp(2)
2010-02-05 16:01 . 2010-02-05 22:52 -------- d-----w- c:\documents and settings\computer\Application Data\Winamp(2)
2010-02-05 02:29 . 2010-02-06 15:42 -------- d-----w- c:\documents and settings\computer\Application Data\vlc
2010-02-05 02:00 . 2010-02-05 22:52 -------- d-----w- c:\program files\DivX
2010-02-05 01:21 . 2010-02-05 01:21 -------- d-----w- c:\program files\Readon Technology
2010-02-05 00:18 . 2010-02-05 00:52 -------- d-----w- c:\documents and settings\computer\Application Data\foobar2000
2010-02-04 23:42 . 2010-02-04 23:42 -------- d-----w- c:\documents and settings\computer\Application Data\JLC's Software
2010-02-04 23:42 . 2010-02-04 23:58 -------- d-----w- c:\program files\JLC's Software
2010-02-04 23:15 . 2010-02-04 23:15 -------- d-----w- c:\program files\Common Files\NSV
2010-02-04 21:57 . 2010-02-04 21:57 -------- d-----w- c:\windows\Sun
2010-02-04 21:57 . 2010-02-04 21:57 503808 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-535091dd-n\msvcp71.dll
2010-02-04 21:57 . 2010-02-04 21:57 499712 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-535091dd-n\jmc.dll
2010-02-04 21:57 . 2010-02-04 21:57 348160 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-535091dd-n\msvcr71.dll
2010-02-04 21:56 . 2010-02-04 21:56 -------- d-----w- c:\program files\Common Files\Java
2010-02-04 21:56 . 2010-02-04 21:56 61440 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42b3eea0-n\decora-sse.dll
2010-02-04 21:56 . 2010-02-04 21:56 12800 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42b3eea0-n\decora-d3d.dll
2010-02-04 21:56 . 2010-02-04 21:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-04 21:56 . 2010-02-04 21:56 -------- d-----w- c:\program files\Java
2010-02-04 21:38 . 2010-02-04 21:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-04 20:46 . 2004-08-03 22:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-02-04 20:39 . 2010-02-04 20:39 -------- d-----w- c:\documents and settings\computer\Application Data\FDRLab
2010-02-04 20:20 . 2010-02-04 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BlazeVideo
2010-02-04 20:19 . 2005-03-25 22:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-04 20:19 . 2005-03-25 22:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-03 16:13 . 2010-02-03 16:13 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Identities
2010-02-03 11:24 . 2010-02-03 11:24 -------- d-----w- c:\program files\IrfanView
2010-02-02 23:07 . 2010-02-02 23:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-02 23:02 . 2010-02-02 23:05 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Temp
2010-02-02 23:02 . 2010-02-02 23:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-02 16:15 . 2010-02-02 16:15 -------- d-----w- c:\program files\QuickTorrentMaker
2010-02-02 10:04 . 2010-02-02 10:04 -------- d-----w- c:\program files\Microsoft
2010-02-02 09:56 . 2010-02-02 10:04 12912 ----a-w- c:\documents and settings\computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 12:32 . 2010-02-01 12:32 -------- d--h--w- c:\windows\PIF
2010-02-01 12:28 . 2010-02-01 12:28 5293538 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 12:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 12:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 12:04 . 2010-02-04 19:52 52224 ----a-w- c:\documents and settings\computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-01 12:03 . 2010-02-04 20:35 117760 ----a-w- c:\documents and settings\computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-01 12:02 . 2010-02-01 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 12:01 . 2010-02-02 09:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 12:01 . 2010-02-01 12:01 -------- d-----w- c:\documents and settings\computer\Application Data\SUPERAntiSpyware.com
2010-02-01 12:01 . 2010-02-01 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-01 11:24 . 2010-02-04 20:07 -------- d-----w- c:\program files\Google
2010-02-01 01:38 . 2010-02-01 01:38 -------- d-----w- c:\program files\uTorrent
2010-02-01 01:37 . 2010-02-01 20:45 -------- d-----w- c:\documents and settings\computer\Application Data\uTorrent
2010-02-01 00:42 . 2010-02-01 00:42 -------- d-----w- c:\documents and settings\computer\Application Data\Malwarebytes
2010-02-01 00:42 . 2010-02-01 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 00:42 . 2010-02-01 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-31 23:49 . 2010-01-31 23:49 -------- d-----w- c:\program files\Foxit Software
2010-01-31 23:49 . 2010-01-31 23:49 -------- d-----w- c:\documents and settings\computer\Application Data\Foxit
2010-01-31 20:55 . 2010-01-31 20:55 -------- d-----w- c:\program files\Screamer Radio
2010-01-31 20:40 . 2010-01-31 20:40 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\LogiShrd
2010-01-31 20:39 . 2010-01-31 20:39 -------- d-----w- c:\documents and settings\computer\Application Data\Leadertech
2010-01-31 20:38 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-01-31 20:38 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-01-31 20:38 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2010-01-31 20:38 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2010-01-31 20:38 . 2009-04-30 22:56 495768 ----a-w- c:\windows\system32\drivers\LV561AV.SYS
2010-01-31 20:38 . 2010-01-31 20:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-31 20:38 . 2010-01-31 20:39 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-31 20:38 . 2010-01-31 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-31 19:58 . 2010-01-31 19:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-31 18:22 . 2010-01-31 23:36 -------- d-----w- c:\program files\Logitech
2010-01-31 09:36 . 2010-01-31 09:36 -------- d-----w- c:\documents and settings\computer\Application Data\MSNInstaller
2010-01-30 23:52 . 2010-02-06 11:13 -------- d-----w- c:\documents and settings\computer\Tracing
2010-01-30 23:47 . 2010-02-02 10:03 -------- d-----w- c:\program files\Windows Live
2010-01-30 23:40 . 2010-01-30 23:40 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-30 22:05 . 2010-01-30 22:05 -------- d-----w- c:\documents and settings\computer\Application Data\Thinstall
2010-01-30 21:57 . 2010-01-30 21:57 -------- d-----w- c:\documents and settings\computer\Application Data\Nero
2010-01-30 21:54 . 2010-01-31 21:05 -------- d-----w- c:\program files\Nero
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-30 21:54 . 2010-01-30 21:54 -------- d-----w- c:\program files\Common Files\Nero
2010-01-30 19:46 . 2010-02-02 23:05 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Google
2010-01-30 19:06 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-30 19:06 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-30 19:05 . 2010-01-28 11:14 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 16:04 . 2010-01-30 18:06 -------- d-----w- c:\documents and settings\computer\Application Data\Skype
2010-02-01 11:58 . 2010-01-30 17:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-31 20:38 . 2010-01-30 18:16 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-31 20:26 . 2010-01-30 17:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-30 19:17 . 2010-01-30 17:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-30 18:44 . 2010-01-30 18:23 -------- d-----w- c:\program files\MV2Player
2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\program files\CyberLink
2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\program files\ASUSTek
2010-01-30 18:22 . 2010-01-30 18:05 -------- d-----r- c:\program files\Skype
2010-01-30 18:05 . 2010-01-30 18:05 -------- d-----w- c:\program files\Common Files\Skype
2010-01-30 18:05 . 2010-01-30 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-30 17:49 . 2010-01-30 17:49 0 ----a-w- c:\windows\nsreg.dat
2010-01-30 17:38 . 2010-01-30 17:38 -------- d-----w- c:\program files\Realtek AC97
2010-01-30 17:35 . 2010-01-30 17:35 -------- d-----w- c:\program files\S3
2010-01-30 17:26 . 2010-01-30 17:26 -------- d-----w- c:\program files\microsoft frontpage
2010-01-30 17:21 . 2010-01-30 17:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-30 17:21 . 2010-01-30 17:21 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-22 21:49 . 2003-08-08 10:53 323584 ----a-w- c:\windows\system32\VTovrlay.dll
2010-01-22 21:49 . 2003-05-07 15:32 214488 ----a-w- c:\windows\system32\VTTimer.exe
2010-01-22 21:49 . 2003-01-07 05:26 251360 ----a-w- c:\windows\system32\VTuninst.exe
2010-01-22 21:49 . 2003-08-11 13:09 265344 ----a-w- c:\windows\system32\drivers\vtmini.sys
2010-01-22 21:49 . 2003-07-31 01:45 225280 ----a-w- c:\windows\system32\VTInfo2.dll
2010-01-22 21:49 . 2003-08-11 13:10 1720320 ----a-w- c:\windows\system32\vticd.dll
2010-01-22 21:49 . 2003-06-18 14:42 290816 ----a-w- c:\windows\system32\VTGamma2.dll
2010-01-22 21:49 . 2003-08-11 13:08 1851904 ----a-w- c:\windows\system32\vtdisp.dll
2010-01-22 21:49 . 2003-08-08 01:41 438272 ----a-w- c:\windows\system32\VTDisply.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^Logitech . Registracija proizvoda.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\Logitech . Registracija proizvoda.lnk
backup=c:\windows\pss\Logitech . Registracija proizvoda.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3917272 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2971104 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 15:07 607192 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 4061666 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 210396 ----a-w- c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 755160 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 424410 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-07-28 09:53 2008538 ------w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2010-01-22 21:49 214488 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 215512 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 10:53 72944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.2.2010 13:24 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.2.2010 13:24 19160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 10:53 7408]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\computer\Application Data\Mozilla\Firefox\Profiles\dlj6e97x.default\
FF - prefs.js: browser.startup.homepage - www.google.com/ncr
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_18.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
MSConfigStartUp-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 17:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\COMRes.dll
.
Completion time: 2010-02-06 17:23:31
ComboFix-quarantined-files.txt 2010-02-06 16:23

Pre-Run: 22.660.866.048 bytes free
Post-Run: 22.642.909.184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"

- - End Of File - - 925BCCE4422CE3821A2C7AC1F4921731

Ovo sad deluje cisto. Reci mi ima li sad poboljsanja?

PS: Instaliraj neki Antivirus.
free: avira,avg,avast5
komercijalne: Kaspersky,BitDefender,Nod32 ...etc

_{[Ovu poruku je menjao magna86 dana 06.02.2010. u 18:15 GMT+1]}

---

Pa, sad ne znam, stvano koliko je čisto. Možda uopšte nije virus.
Upozorenje se i dalje pojavljuje. Evo primjeri sa dva programa:

ApexDC++



CCleaner



A, što se tiče antivirusa, ne znam stvarno. ne vjerujem nijednom, koji god sam imao virusi su ipak ulijetali..
Koji preporučuješ?