Autorun virus - kako da ga eliminisem?

kao sto tema govori, imam taj virus. odem kod frenda ocistim flash disk, dodjem ponovo na svoj komp i opet to imam. tako sam zakljucio da mi je na compu! pregledao sam slicne teme o ovome i nisam nista razumio, zato vas molim da pomognete. imam nod32 i on kaze da nema nista. e ne moze cojk biti pametan.skino sam neki remover za ovaj virus i on kaze da nema nista na c: i e: diskovima, a da na flash disku ima.. dali da ovo rucno brisem? da li ima kakav remover za ovo? pozzdrav.ima li ko kakav prijedlog.unaprijed hvala.

evo ako treba:
Logfile of HijackThis v1.99.1
Scan saved at 21:23:31, on 12.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\UpsPilot\Winpower.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\UpsPilot\monitor.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\UpsPilot\wpRMI.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Korisnik\Programi\Programi\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{9100B1AB-6EA4-46BF-9AB5-A2FDBADB4D81}: NameServer = 195.222.32.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe

formatiraj flesku pa javi imas li i dalje problem.
i molim te reci mi tacan naziv tog programa sa kim si pokusao ubiti taj virus

PS:avast AV ima definicije za njega

---

zove se autorun virus remover v2.3

pa flesh sam formatiro, i opet imam to, pa sam na osnovu toga zakljucio da je problem na pc-u.

avast av??? de mi pojasni malo, ja samo u nod vjerujem hehehe. imas li link da skinem? hvala sto si se javio.poz.
stoo je najgore pomocu tog flesh sam i laptop zarazio.

mozes li mi na Privatnu Poruku poslati Link sa koje si lokacije skinuo taj program? hvala

da se vratimo problemu .

Avast AntiVirus
http://www.avast.com/

no nemoras da skidas,odradi sledece:

Privremeno iskljuci svoj Nod32 AntiVirus program

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

note: Ako vec imas ComboFix u kompjuteru,obrisi tu i skini noviju verziju sa datih linkova radi update-a


Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu.

Kada zavrsi,pojavice se log (C:\ComboFix.txt)

*postavi ComboFix logfile

---

e evo kad je poso skenirat kaze mi da je nod ukljucen iako sam ga ja izgasio. dalje kad sam ga izgasio na task manager i on se opet pokrene, dakle opet se pojavi u task manageru.i kad mi izbaci eror podje mi moj UPS da svira. dje ba zapelo ?

prvo restartuj komp pa na ovaj nacin iskljuci AV

Otvori Nod32 Control Center
ides na AMON iz Threat Protection grupe
sa desne strane destikliraj opciju File system monitor (AMON) enabled.
sad bi Control Center-a iz zelene trebao preci u crvenu

ponovo skini ComboFix (novi) skeniraj i postavi log

---

evo ga. magna mozes li malo brze odgovarat majke ti.hehehe. sto mi ups zasviro kad je ovoaj skeniro ?

ComboFix 09-01-11.04 - user 2009-01-12 22:20:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.621 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\UpsPilot\classes\com\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\launcher\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\management\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\management\transport\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\servlets\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\beans\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\corba\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\ejb\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\mibs\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\mibs\mibparser\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\rmi\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\sas\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\snmp2\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\snmp2\usm\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\snmp2\vacm\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\ui\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\ui\images\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\utils\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\utils\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\utils\images\_desktop.ini
c:\program files\UpsPilot\classes\java\_desktop.ini
c:\program files\UpsPilot\classes\java\io\_desktop.ini
c:\program files\UpsPilot\help\en\images\_desktop.ini
c:\program files\UpsPilot\Icon\_desktop.ini
c:\program files\UpsPilot\images\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\snmp\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\snmp\snmp2\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\snmp\snmp2\usm\_desktop.ini
c:\program files\UpsPilot\sounds\_desktop.ini
c:\windows\install.exe
c:\windows\system32\mpg4c32.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-12 11:26 . 2009-01-12 12:29 <DIR> d-------- c:\program files\AutorunRemover
2009-01-05 10:33 . 2009-01-05 10:33 <DIR> d-------- c:\documents and settings\user\Application Data\AVSMedia
2009-01-05 10:33 . 2009-01-05 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-05 10:24 . 2009-01-05 11:09 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-05 10:24 . 2007-02-27 19:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-01-05 10:24 . 2007-02-27 19:36 974,848 --a------ c:\windows\system32\mfc70.dll
2009-01-05 10:24 . 2007-02-27 19:36 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-01-05 10:24 . 2007-02-27 19:36 156,910 --a------ c:\windows\WMSysPr8.prx
2009-01-05 10:24 . 2007-02-27 19:36 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-01-05 10:23 . 2009-01-05 10:23 <DIR> d-------- c:\program files\AVSMedia
2009-01-05 10:23 . 2007-02-27 19:36 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2009-01-05 10:23 . 2007-02-27 19:36 221,215 --a------ c:\windows\system32\divxdec.ax
2009-01-05 10:23 . 2007-02-27 19:36 82,944 --a------ c:\windows\system32\vct3216.acm
2009-01-05 10:23 . 2007-02-27 19:36 53,248 --a------ c:\windows\system32\xvid.ax
2009-01-05 10:23 . 2007-02-27 19:36 38,912 --a------ c:\windows\system32\alf2cd.acm
2009-01-05 10:23 . 2007-02-27 19:36 13,239 --a------ c:\windows\system32\Scg726.acm
2009-01-04 11:09 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys
2009-01-04 11:09 . 2004-08-03 22:58 100,992 --a--c--- c:\windows\system32\dllcache\bthpan.sys
2008-12-26 10:10 . 2008-12-26 10:10 <DIR> d-------- c:\windows\Sun
2008-12-18 19:07 . 2008-12-18 19:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\CyberLink
2008-12-18 11:00 . 2008-12-18 11:28 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-18 10:55 . 2008-12-18 10:55 <DIR> d-------- c:\documents and settings\user\Application Data\Publish Providers
2008-12-18 10:54 . 2008-12-18 10:54 <DIR> d-------- c:\documents and settings\user\Application Data\Sony
2008-12-18 10:30 . 2008-12-18 10:30 <DIR> d-------- c:\program files\Sony Setup
2008-12-18 10:30 . 2008-12-18 10:30 <DIR> d-------- c:\documents and settings\user\Application Data\Sony Setup
2008-12-16 16:45 . 2009-01-05 09:27 <DIR> d-------- c:\documents and settings\user\Shared
2008-12-16 16:45 . 2009-01-05 09:51 <DIR> d-------- c:\documents and settings\user\Incomplete
2008-12-16 16:45 . 2008-12-19 12:07 <DIR> d-------- c:\documents and settings\user\Application Data\LimeWire
2008-12-16 16:44 . 2009-01-05 09:57 <DIR> d-------- c:\program files\LimeWire
2008-12-12 18:17 . 2008-12-12 18:17 <DIR> d--hs---- c:\windows\ftpcache
2008-12-12 11:36 . 2008-12-12 11:36 <DIR> d-------- c:\program files\Zeallsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 18:46 --------- d-----w c:\program files\UpsPilot
2008-12-19 11:11 --------- d-----w c:\program files\ESET
2008-12-03 12:58 --------- d-----w c:\documents and settings\user\Application Data\Media Player Classic
2008-11-29 23:08 --------- d-----w c:\program files\MessengerDiscovery
2008-11-29 23:07 --------- d-----w c:\program files\MSN Messenger
2008-11-28 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-28 08:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 08:11 --------- d-----w c:\program files\Bonjour
2008-11-28 08:01 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-26 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-26 10:24 --------- d-----w c:\program files\CyberLink
2008-11-26 10:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 08:17 --------- d-----w c:\program files\AviSynth 2.5
2008-11-26 08:14 --------- d-----w c:\program files\eRightSoft
2008-11-21 22:43 --------- d-----w c:\program files\Windows Live
2008-11-20 11:19 --------- d-----w c:\documents and settings\user\Application Data\CyberLink
2008-11-20 11:10 --------- d-----w c:\program files\Toshiba
2008-11-20 09:15 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-11-20 09:15 298,104 ----a-w c:\windows\system32\imon.dll
2008-11-20 09:15 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-11-20 09:09 --------- d-----w c:\program files\FLVPlayer
2008-11-20 09:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-20 09:04 --------- d-----w c:\program files\Hewlett-Packard
2008-11-20 09:03 --------- d--h--w c:\program files\Zenographics
2008-11-20 08:59 --------- d-----w c:\documents and settings\user\Application Data\Lavasoft
2008-11-20 08:54 --------- d-----w c:\program files\Logitech
2008-11-20 08:53 --------- d-----w c:\program files\Common Files\Labtec
2008-11-20 08:48 60,156 ----a-w c:\windows\system32\jspWinNm.DLL
2008-11-20 08:48 56,320 ----a-w c:\windows\system32\smemory.dll
2008-11-20 08:48 53,248 ----a-w c:\windows\system32\jspWinRni.DLL
2008-11-20 08:48 51,200 ----a-w c:\windows\system32\TrayIcon12.dll
2008-11-20 08:48 45,056 ----a-w c:\windows\system32\jspWin.dll
2008-11-20 08:48 35,992 ----a-w c:\windows\system32\jspWinRnia.DLL
2008-11-20 08:47 --------- d--h--w c:\program files\Zero G Registry
2008-11-20 08:38 --------- d-----w c:\program files\ASUS
2008-11-20 08:33 --------- d-----w c:\program files\mIRC
2008-11-20 08:10 --------- d-----w c:\documents and settings\user\Application Data\Talkback
2008-11-20 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2006-11-03 14:55 35,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2006-11-03 14:55 544 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

2004-09-01 09:00 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys

2004-09-01 09:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"Winpower"="c:\program files\UpsPilot\Winpower.exe" [2008-11-20 114688]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-11-20 949376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-01 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.enc"= ITIG726.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-20 15424]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-11-20 2831232]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPODSERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a09b282-b737-11dd-918e-0015f22d95ce}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9100B1AB-6EA4-46BF-9AB5-A2FDBADB4D81} = 195.222.32.10
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\gc2t8t4o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 22:23:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\imon.dll
.
Completion time: 2009-01-12 22:24:45
ComboFix-quarantined-files.txt 2009-01-12 21:24:26

Pre-Run: 17,309,626,368 bytes free
Post-Run: 17,445,859,328 bytes free

227

Posto je magna otisao na spavanjac ja cu nastaviti
Kakvo je sada stanje, da li se problem i dalje pojavljuje?

aha znaci to je to ? ? ?? trebalo bi da radi??? cekaj fok formatiram flash pa cu ti javit. ok ?? ? malo brze, i daj budi magnu ;) rijesim li ovo idemo na pice ;)

ok sad sve radi. znaci combo je rijesenje? daj odgovori da sam siguran.he poz.

odma da pitam. vidis li ista cudno u ovom mom hijack ? ?

Odradi jos ovo
Start\ run\ ukucaj Combofix /u enter i sacekaj da se deinstalacija Combofixa zavrsi.
Nemas nista u HJT logu, sve je ok.

ok super hvala tebi i magni, nego koliko ja vidim ovaj nod je beze sta mi ti preporucujes ?

kad idem na ovo start run i tipkam ovo, izbaci mi eror. da li si ti napiso kako treba ?

Napisao sam kako treba, da li si stavio razmak izmedju Combofix i /
Ako nece obrisi foldere
C:\QooBox
C:\Combofix
Iskljuci System Restore restartuj, ukljuci System Restore

imas pp

Ok problem resen.