E ovako gospodo, imam nekih problemcica oko racunara, zapravo sa nekim file-ovima koji se pojavljuju na usb fleshkama. Naime, trenutno se nalazim u radnoj sredini okruzen sa par racunara koji se grupno koriste, svi zivi ubacuju fleske unutra, a to samo po sebi povlaci da u njima svega ima. Nazalost, zbog posla, I ja sam prinudjen da  ponekad koristim doticne racunare, jer ponekad dio posla moram da prebacim  I na svoj laptop, pa se za njegovo zdravlje najvise pribojavam. Inace, koristim kaspersky internet security 2010, version: 9.0.0.736 (a.b.c.d.e.f), (naravno pirate) ali updateujem ga redovno koliko mogu jer pristup internetu nemam bas cesto(trenutno sam up to date 07/10/2010 sto I nije tako staro-6 dana). Full scan racunara javlja da je sve u redu I da nema zaraze(da napomenem da sam radio scan my computer I u safe modu I dobio sam isti rezultat). Ali, postajem sumnjicav koliko mogu da mu vjerujem, zbog cega, reci cu malo kasnije.

Osim kis-a prije 10-ak dana sam skinuo I malwarebytes, updateovao ga I odradio scan sa njime, ali ni on nije pronasao nista opasno. Evo loga, scan iz safe mode (mada ni u obicnom modu nije nista pronasao):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4758

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/13/2010 10:28:14 AM
mbam-log-2010-10-13 (10-28-14).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 298144
Time elapsed: 39 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




E sada, ono sto mene kopka, tj fileovi koji me muce su sledeci:

Autorun.inf koji ostaje na flesci posle ubacivanja u kolektivne racunare, ali njega kaspersky identifikuje kao

virus p2p.worm.win32.palevo.avww

I nekada javlja da moze da ga regulise, nekada ne, mada na flesci ga nema posle intervencije, tako da mislim da kis uspijeva da izadje na kraj sa njim.

Drugi problematican folder-file ima malo smijesno ime, ali sta da mu radim, na flesku se kopira folder sa imenom MARNUO a u njemu se pojavi ms-dos izvrsna datoteka po imenu  GUZU.EXE, e sada, kada kis skenira ovo, javlja da nema opasnosti, malwarebytes takodje, ali cim se on sam kopira, nesto nije  u redu. A inace, doticni folder je vidljiv samo kada se u folder options strikira

show hidden files and folders i odcekira
Hide protected operating system files

sto ga meni cini jos sumnjivijim. Jedan moj kolega tvrdi da je u pitanju worm a ja ne znam sta da mislim. Takodje, doticni folder ne moze da se obrise opcijom delete jer javlja da neki process koristi doticni folder/file. Ali formatiranje fleske jos uvijek radi, I onda se sve pobrise.


Dakle, ima li nekih teorija, misljenja, savjeta kako da uklonim doticne uljeze? Takodje bi mi valjao savjet kako da ocistim brodske kompjutere na kojima je kaspersky for workstations verzija 5.0 i 6.0  koji tesko uspijeva da izadje na kraj sa autorun-om, a kamoli sa marnuo-m, mada ga je jedan racunar prepoznao kao invader.

Bio bih zahvalan ako bi se izbjegli suvisni nepotrebni I neumjesni komentari zbog naziva datoteke i unapred hvala na pomoci. Kao attachment cu priloziti malo screenshot-ova, da vidite sa cime se mucim.

I da, hijack this trenutno nemam kod sebe, ali skinucu ga I ubrzo kacim I njegov log.

Unapred zahvalan.

Sporni fajl otvori sa najobicnijim Notepadom, i ako su mu prva dva slova MZ znaci da je fajl izvrsan (program) a to 100% znaci da je neki virus! Ako su mu prva 2 slova DJ ili DI znaci da je neka baza/arhiva (bezopasan fajl). Umesto Notepada moze i Word, a moj omiljeni je Lister od Total commandera. Takodje, ako imas Autorun.inf njega desnim dugmetom pa Edit, otvorice ti se u Notepadu, stavi njegov sadrzaj ovde na forum, moze biti od velike pomoci

ne moze da otvori ni jedan ni drugi, javlja ili acces denied ili da je proces vec zauzet, jbg, jos par screen-ova

Poseti ovu stranicu i preuzmi program MCShield
U njegovom Control Panelu oznaci:
Always show log if malware hase been faund

Sad prikljuci fleske i postavi dobijeni log ovde.

ukoliko zelis postaviti neko pitanje autoru programa to mozes obaviti ovde

@genije1, sad cu da skinem, i da okacim log, a evo ga i hijack this log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:47 AM, on 10/14/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Nokia\Nokia Internet Modem\wellphone2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7085 bytes

Samo ti preuzmi taj program. 
On ce da skenira svaki USB uredjaj i ako pronadje malware uklonice ga.

Malicoznan autorun ce ga disable-ovati tako sto ce mu promeniti eksteziju.
sa autoran.inf u autorun.inf.blocked.

Kako si gore stvari opisao,to je ono sto tebi treba.

HJT log je cist. MBAM & KIS ne nalazi nista. No to ne znaci da ti sistem nije inficiran. ...ili da jeste 
Ako smatras da je potrebno,mozemo proveriti system...ali kasnije. Trenuto sam zauzet
Ti se izjasni i dopusti da program ocisti fleske. 

Skini Program DDS na desktop  http://download.bleepingcomputer.com/sUBs/dds.scr
                                    ili      http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt

trebalo bi da je ovo to sta si trazio



DDS (Ver_10-10-10.03) - NTFSx86 
Run by Ivan at 11:22:29.57 on Thu 10/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3071.1957 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Nokia\Nokia Internet Modem\wellphone2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\Program Files\Opera\opera.exe
C:\Users\Ivan\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm
IE: Translate with Di dictionary -
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {30534241-F368-45DE-BF08-C5D412B1E55B} = 202.45.84.68 202.45.84.67
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ivan\appdata\roaming\mozilla\firefox\profiles\36hcym0f.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np32dsw.dll
FF - plugin: c:\users\ivan\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 176128]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-6-29 50688]
R3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [2009-8-5 27648]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-6-29 27320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BMserDiag;Global Wireless Application Port2;c:\windows\system32\drivers\BMserDiag.sys [2008-12-25 87424]
S3 BMserNmea;Global Wireless Application Port3;c:\windows\system32\drivers\BMserNmea.sys [2008-12-25 87424]
S3 BMusbmdm;Global Wireless USB Driver;c:\windows\system32\drivers\BMusbmdm.sys [2008-12-25 87424]
S3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\drivers\nokiacpo.sys [2009-8-5 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]

=============== Created Last 30 ================

2010-10-14 07:54:21   --------   d-----w-   c:\users\ivan\appdata\roaming\MCShield
2010-10-14 07:54:21   --------   d-----w-   c:\program files\MCShield
2010-10-14 07:51:47   6084944   ----a-w-   c:\progra~2\microsoft\windows defender\definition updates\{132cbefd-91ab-46ba-a149-1cbf4234b903}\mpengine.dll
2010-10-14 07:28:51   388096   ----a-r-   c:\users\ivan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-14 07:28:51   --------   d-----w-   c:\program files\Trend Micro
2010-10-06 19:49:29   --------   d-----w-   c:\users\ivan\appdata\roaming\Malwarebytes
2010-10-06 19:46:34   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 19:46:33   --------   d-----w-   c:\progra~2\Malwarebytes
2010-10-06 19:46:19   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-10-06 19:46:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-10-06 19:44:27   --------   d-----w-   c:\program files\Malware Removal Tool
2010-10-03 01:00:38   190976   ----a-w-   c:\windows\system32\drivers\ks.sys
2010-10-03 01:00:38   146304   ----a-w-   c:\windows\system32\drivers\usbvideo.sys
2010-10-02 01:00:02   316928   ----a-w-   c:\windows\system32\spoolsv.exe
2010-10-02 00:59:48   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-10-01 23:49:55   13312   ----a-w-   c:\program files\internet explorer\iecompat.dll
2010-09-22 16:10:52   103864   ----a-w-   c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-22 10:18:24   --------   d-----w-   c:\program files\Microsoft Encarta
2010-09-22 09:46:37   --------   d-----w-   c:\windows\system\1976\ocx\1993\sol
2010-09-22 09:46:24   --------   d-----w-   c:\windows\system\1976\ocx\1993\psl
2010-09-22 09:46:23   --------   d-----w-   c:\windows\system\1976\ocx\1993\Database
2010-09-22 09:46:20   --------   d-----w-   c:\windows\system\1976\ocx\1993\images
2010-09-22 09:45:45   --------   d-----w-   c:\windows\system\1976\ocx\1993\illustrations
2010-09-22 09:45:22   --------   d-----w-   c:\windows\system\1976\ocx\1993\ebooks
2010-09-22 09:45:22   --------   d-----w-   c:\windows\system\1976\ocx\1993\default
2010-09-22 09:45:17   --------   d-----w-   c:\windows\system\1976\ocx\1993\ocxs
2010-09-22 09:45:17   --------   d-----w-   c:\windows\system\1976\ocx\1993
2010-09-22 09:45:17   --------   d-----w-   c:\windows\system\1976\ocx
2010-09-22 09:45:17   --------   d-----w-   c:\windows\system\1976
2010-09-22 09:45:15   --------   d-----w-   c:\program files\PJMCC DeckReviewer
2010-09-17 11:00:37   --------   d-----w-   c:\windows\Lhsp
2010-09-17 11:00:29   685056   ----a-w-   c:\windows\system32\rtl60.bpl
2010-09-17 11:00:29   22016   ----a-w-   c:\windows\system32\Borlndmm.dll
2010-09-17 11:00:29   1497088   ----a-w-   c:\windows\system32\cc3260mt.dll
2010-09-17 11:00:29   148992   ----a-w-   c:\windows\system32\adortl60.bpl
2010-09-17 11:00:29   1412608   ----a-w-   c:\windows\system32\cc3260.dll
2010-09-17 11:00:29   1326080   ----a-w-   c:\windows\system32\vcl60.bpl
2010-09-17 11:00:27   --------   d-----w-   c:\program files\Di recnik

==================== Find3M  ====================

2010-07-29 06:30:49   197632   ----a-w-   c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34   82944   ----a-w-   c:\windows\system32\iccvid.dll

============= FINISH: 11:23:28.14 ===============

log je ovo izbacio

10/14/2010 11:33:32 AM > Checking G: ( ~8 GB, FAT32 removable drive )...

>>> G:\autorun.inf > Suspicious > Renamed.



a za ovaj drugi nista, a i on je prisutan sigurno.  a kako provjeriti da li je sistem zarazen?

nadam se nekim odgovorima, hvala u svakom slucaju, vjerovatno cu na netu biti opet tek za nekih 5-6 dana, pozdrav

Nije ti zarazen sistem, mozes rucno obrisati taj autorun.inf.vir  sada je vidljiv i onesposobljen, verovatno ostatak od nekog crva.