Virus blokira update od MS-a

dizao sam sistem 4 puta za poslednja 2 dana i uvek isti problem,nece da pokrene automatic update. pre prvog dizanja sistema poceo je da se pojavljuje ovaj prozorcic kad pokrenem PES 2010



pre toga je sve radilo odlicno par meseci.....
i posle toga poodignem sistem,instaliram drivere,instaliram PES i opet isti problem,onda ukljucim da se odradi update windows-a ali nista se ne desava....
ondah palim gmer i on odradjuje scan i nalazi ovo



odem na delete,restart i opet je sve ostalo kao da nista nisam radio...
skeniram sa Spyboot-om



opet brisem restart i sve je jos tu.....

pokusavam da skeniram sa Malwarebytes' Anti-Malware,i prilikom pokusaja da odradim update programa izbaci mi ovu poruku



posto sam skinuo poslednju verziju nisam se obazirao na ovo i skenirao sam,pronasao je 2 virusa sa istim nazivom kao sto je nasao i Spyboot,iz nekog razloga zaboravio sam da slikam i taj prozorcic....restartovao se i kad sam pokrenuo ponovo Malwarebytes sad nista nije nasao,ali znam da je prokletinja jos uvek u kompu posto opet neodradjuje update windows-a....



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:28:56 PM, on 2/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\Free Pack\PSU\PSU.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\Free Pack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B796EC5E-6369-4208-86F5-B9AB07967FB6}: NameServer = 93.93.192.2,93.93.192.3
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

--
End of file - 3737 bytes

---

ComboFix 10-02-07.08 - Administrator 02/08/2010 17:24:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.369 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNET
-------\Service_SKYNET


((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-08 15:18 . 2010-02-08 15:37 -------- d-----w- C:\$AVG
2010-02-08 15:17 . 2010-02-08 15:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-08 15:17 . 2010-02-08 15:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-08 15:17 . 2010-02-08 15:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-08 15:17 . 2010-02-08 15:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-08 15:17 . 2010-02-08 15:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-08 15:17 . 2010-02-08 15:17 -------- d-----w- c:\program files\AVG
2010-02-08 15:17 . 2010-02-08 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-08 15:17 . 2010-02-08 15:36 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-08 14:28 . 2010-02-08 14:28 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-08 14:28 . 2010-02-08 14:28 -------- d-----w- c:\program files\TrendMicro
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\program files\ACD Systems
2010-02-08 13:36 . 2010-02-08 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-02-08 11:46 . 2010-02-08 11:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2010-02-07 20:28 . 2008-04-13 16:26 36396 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\uninstall.exe
2010-02-07 20:28 . 2007-08-18 08:54 20480 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\ac3config.exe
2010-02-07 20:28 . 2007-08-18 08:53 16384 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\dialog_patch.exe
2010-02-07 20:28 . 2007-07-05 02:33 892928 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\iconv.dll
2010-02-07 20:26 . 2008-12-19 16:15 4338246 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\FFDShow\libavcodec.dll
2010-02-07 20:24 . 2010-02-07 22:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer
2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer Pro
2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\program files\Webteh
2010-02-07 14:50 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-07 14:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-07 14:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-07 14:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-07 14:50 . 2010-02-07 14:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-07 11:46 . 2010-02-07 11:47 -------- d-----w- c:\program files\directX
2010-02-07 11:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-07 11:21 . 2010-02-07 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 11:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-07 11:04 . 2010-02-07 11:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-07 11:04 . 2010-02-07 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-06 22:18 . 2010-02-08 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-06 22:18 . 2010-02-06 22:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 22:05 . 2010-02-06 22:05 -------- d-----w- c:\program files\Girder
2010-02-06 22:02 . 2010-02-06 22:02 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-06 22:00 . 2010-02-06 22:00 -------- d-----w- c:\program files\Free Pack
2010-02-06 21:58 . 2010-02-06 22:09 -------- d-----w- C:\ProgDVB
2010-02-06 21:53 . 2010-02-06 21:53 -------- d-----w- c:\program files\DVBViewerTE
2010-02-06 21:52 . 2010-02-06 21:53 -------- d-----w- c:\program files\TechniSat DVB
2010-02-06 21:51 . 2006-03-14 01:22 349184 ----a-r- c:\windows\system32\drivers\SkyNET.sys
2010-02-06 21:04 . 2010-02-06 20:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-06 20:51 . 2004-08-04 01:07 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-02-06 20:51 . 2010-02-07 22:54 -------- d-----w- c:\program files\JDownloader
2010-02-06 20:51 . 2010-02-08 11:20 -------- d-----w- C:\down
2010-02-06 20:50 . 2004-08-04 01:07 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-06 20:50 . 2010-02-06 20:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-06 20:49 . 2010-02-06 20:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-06 20:49 . 2010-02-06 20:49 -------- d-----w- c:\windows\system32\LogFiles
2010-02-06 20:47 . 2010-02-06 20:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2010-02-06 20:44 . 2010-02-06 20:44 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-06 20:44 . 2010-02-06 20:44 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-06 20:44 . 2010-02-06 20:44 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-06 20:44 . 2010-02-06 20:44 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-06 20:43 . 2010-02-06 20:44 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-06 20:42 . 2010-02-06 20:42 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-06 20:42 . 2010-02-06 20:42 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-06 20:42 . 2010-02-06 20:42 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-06 20:42 . 2010-02-06 20:42 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-06 20:42 . 2010-02-06 20:42 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-06 20:34 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-06 20:34 . 2010-02-06 22:03 -------- d-----w- c:\program files\Java
2010-02-06 20:34 . 2010-02-06 20:34 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-02-06 20:28 . 2010-02-06 20:28 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 20:28 . 2010-02-06 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-06 20:03 . 2010-02-06 20:03 -------- d-----w- c:\windows\system32\Lang
2010-02-06 20:00 . 2005-05-05 18:43 69632 ------r- c:\windows\Alcmtr.exe
2010-02-06 20:00 . 2006-05-06 16:26 2808832 ------r- c:\windows\alcwzrd.exe
2010-02-06 20:00 . 2010-02-06 20:00 -------- d-----w- c:\program files\Realtek
2010-02-06 20:00 . 2010-02-06 20:00 315392 ----a-w- c:\windows\HideWin.exe
2010-02-06 20:00 . 2007-01-14 16:54 520192 ------r- c:\windows\RtlExUpd.dll
2010-02-06 19:51 . 2007-05-08 15:53 143360 ------r- c:\windows\system32\xRaidAPI.dll
2010-02-06 19:51 . 2007-05-08 16:06 1953792 ------r- c:\windows\system32\xRaidSetup.exe
2010-02-06 19:51 . 2007-05-10 17:33 48640 ----a-r- c:\windows\system32\drivers\jraid.sys
2010-02-06 19:51 . 2010-02-06 19:51 -------- d-----w- c:\windows\RaidTool
2010-02-06 19:47 . 2010-02-06 19:47 -------- d-----w- c:\program files\Attansic
2010-02-06 19:47 . 2010-02-06 19:47 -------- d-----w- c:\windows\system32\Attansic
2010-02-06 19:47 . 2007-03-15 22:12 38656 ----a-r- c:\windows\system32\drivers\atl01_xp.sys
2010-02-06 19:44 . 2010-02-06 19:44 -------- d-----w- c:\program files\Intel
2010-02-06 19:41 . 2004-08-13 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-02-06 19:41 . 2006-10-12 11:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-06 19:36 . 2010-02-06 19:36 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-06 19:36 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-06 19:36 . 2010-02-06 19:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-02-06 19:36 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2010-02-06 19:35 . 2010-02-06 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-06 19:35 . 2010-02-06 19:35 -------- d-----w- c:\program files\Lavasoft
2010-02-06 19:31 . 2010-02-06 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo
2010-02-06 19:31 . 2010-02-06 19:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Comodo
2010-02-06 19:31 . 2010-02-06 19:31 79760 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-06 19:31 . 2010-02-06 19:31 143104 ----a-w- c:\windows\system32\guard32.dll
2010-02-06 19:31 . 2010-02-06 19:31 87056 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-06 19:31 . 2010-02-06 19:31 24208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-06 19:31 . 2010-02-06 19:31 -------- d-----w- c:\program files\COMODO
2010-02-06 19:30 . 2010-02-06 19:30 -------- d-----w- c:\program files\CCleaner
2010-02-06 19:29 . 2010-02-06 19:29 -------- d-----w- c:\program files\Foxit Software
2010-02-06 19:29 . 2010-02-06 19:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-06 19:27 . 2010-02-06 19:27 -------- d-----w- c:\program files\CyberLink
2010-02-06 19:22 . 2010-02-06 19:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-06 19:21 . 2010-02-06 19:21 -------- d--h--w- c:\windows\$hf_mig$
2010-02-06 19:19 . 2008-01-22 13:42 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-06 19:19 . 2010-02-06 19:20 -------- d-----w- c:\program files\ATI Technologies
2010-02-06 19:19 . 2010-02-06 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 19:18 . 2010-02-06 19:19 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-06 19:18 . 2010-02-06 19:18 -------- d-----w- C:\ATI
2010-02-06 18:01 . 2010-02-06 18:01 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 11:10 . 2010-02-07 11:10 -------- d-----w- c:\program files\KONAMI
2010-02-07 11:10 . 2010-02-07 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-02-06 22:03 . 2010-02-06 22:03 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-06 22:03 . 2010-02-06 22:03 2002 ---ha-w- c:\documents and settings\All Users\Application Data\ArcSoft\arcsoft-tmt-21-080228-web\acforall.dll
2010-02-06 22:03 . 2010-02-06 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-02-06 22:03 . 2010-02-06 22:03 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-06 20:46 . 2010-02-06 20:46 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-06 20:46 . 2010-02-06 20:46 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-06 20:46 . 2010-02-06 20:46 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-06 20:46 . 2010-02-06 20:46 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-06 20:46 . 2010-02-06 20:46 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-06 20:46 . 2010-02-06 20:46 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\program files\Logitech
2010-02-06 20:46 . 2010-02-06 20:46 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-06 18:20 . 2010-02-06 17:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 17:25 . 2010-02-06 17:25 -------- d-----w- c:\program files\microsoft frontpage
2010-02-06 17:22 . 2010-02-06 17:22 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 01:07 . 2004-08-04 01:07 158658 --sha-r- c:\windows\system32\ytdid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2010-02-06 1655552]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2010-2-6 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\Free Pack\PSU\PSU.EXE [2009-7-16 60081]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-6 809488]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2010-2-6 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-08 15:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5570:TCP"= 5570:TCP:hhueexnj

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2010 8:36 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/8/2010 4:17 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/8/2010 4:17 PM 360584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/6/2010 8:31 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/6/2010 8:31 PM 24208]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2/8/2010 4:17 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/8/2010 4:17 PM 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/6/2010 9:46 PM 10384]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2/6/2010 8:47 PM 38656]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ashqcisz
tmdtzmh
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]
.
.
------- Supplementary Scan -------
.
TCP: {B796EC5E-6369-4208-86F5-B9AB07967FB6} = 93.93.192.2,93.93.192.3
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4u5hjx65.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 17:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3500)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-02-08 17:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 16:30

Pre-Run: 38,402,506,752 bytes free
Post-Run: 38,308,020,224 bytes free

- - End Of File - - B6969B36B85C6C47D67CB097BA88D878

---

racunar ja malo odlepio,kad kliknem na onu ikonicu pored sata za jacinu zvuka izbaci mi ovu poruku



a i sam promeni Appearance sa Windows XP style na Classic style...

---

Ugasi AVG
Skini ovaj fajl na desktop, raspakuj i prevuci misem na ikonicu Combofixa

Postavi log posle ciscenja

Nije kompletan log, iskopiraj ga ovde i klikni send, pa okaci link http://pastebin.com/

http://pastebin.com/m17176437

posle restarta racunara primetio sam ovo



ta poruka je vezana za sky star2 karticu,a pod device manager je ovo

---

Ajde prvo uploaduj sledeci folder preko ovog linka http://www.speedyshare.com/

C:\Qoobox\Quarantine Znaci zipuj ga, uploaduj i postavi mi link (download) na PP da neko slucajno ne dira to.

Onda ugasi antivirus i ponovi postupak sa ovom skriptom

http://pastebin.com/m322c87d7

---

Tek kad si iskljucio AVG, combofix je pokazao sve stavke za brisanje.
Ok ponovicemo jos jednom.

Nazalost moraces da reinstaliras onaj drajver, to je brisao prilikom prvog pustanja i ja ne mogu da ga vratim. Mislim na modem i TV karticu.

http://pastebin.com/m349a16a5

---

@izda, jesi ti prikacen na neku mrezu? Tebi se non stop vraca infekcija, znaci ja je obrisem ona je tu.

na kakvu mrezu? ovo je kucni racunare,komada jedan! mislim da smo pre izvesnog vremena imali slican problem i da si pokusavao da mi pomognes...
ovo je ta tema,izgleda da je dosta slicna situacija http://www.elitesecurity.org/t350050-0-Imam-dve-stetocine

_{[Ovu poruku je menjao izida dana 09.02.2010. u 09:59 GMT+1]}

---

Iskopiraj ovo u notepad pod nazivom CFScript i prevuci misem na combofix.

http://pastebin.com/m735fb5c3

---

Brate ja ne znam sta se ovo kod tebe desava. Znaci svaki put kad obrisem infekcija se ponovo povrati.
Nisam pametan sta vise da radim.

a jel povezano sa onim proslim problemom ili je ovo nesto zasebno posto se meni ovo desava svakih par meseci.

---

Ajde posalji ponovo na uplod quarantine pa mi daj link na pp da vidim o cemu se ovde radi, sta je ovo. jer nigde na netu nema informacije za ove fajlove.
Fajlovi nisu isti kao prosli put, ali se ocigledno radi o istoj infekciji. Nije mi jasno kako se dovlaci kod tebe.

Evo o cemu se radi, to sam i pretpostavio kad sam te pitao da li si povezan na mrezu. Znaci Conficker je u pitanju.

http://www.virustotal.com/anal...4dc669876b31f07354f-1265713345

Uradices sledece:
Skini sa neta ovo http://www.microsoft.com/security/malwareremove/default.aspx
I ovo http://www.microsoft.com/downl...067B73D6A03&displaylang=en

Diskonektuj se sa neta pa tek onda instaliraj oba.
idi run i kucaj mrt.exe enter i neka pocisti sve sto nadje. Javi kakvo je stanje posle ovoga.

Nebi bilo lose posto vidis da Avira ima definicije za ovu varijantu, da je instaliras i skeniras komletan racunar. Naravno obrisi AVG prvo, i pocisti ostatke sa http://www.avg.com/ww-en/download-tools

btw

Evo ti putanja fajla c:\windows\system32\ytdid.dll

Proveri ga u safe mode posle skeniranja da li je jos tu.

skinuo sam sve ovo,diskonektovao se,instalirao ovo prvo,odradio full scan,on je pronasao 8 virusa,u onom meniju sa virusima pokazao mi je 2 konflikera,obrisao sam ih,instalirao onu zakrpu,restart...
ovo nisam radio zato sto sam to uradio kad se instaliralo,posle restarta iskocila je ikonica za update....
izbrisao sam Avg,instalirao ovu Aviru,ona je skenirala i nasla isto to.




ali koliko vidim to se nalazi u folderu od Combofix-a?

---

Ona je nasla to u karantinu i za to ne brini. nadam se da si sve ovo kad si radio imao iskljucen system restore na Xp

---