Nestajanje memorije na hard discu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Navilog 1 mi je rekao da koristim jedan prijatelj,jer pc mi sporo radi,a i on je imao taj problem,pa ga je riješio s navilogom1.evo formatirao sam usb,a ovo je log što mi je izbacio combofix

ComboFix 08-03-14.4 - xx 2008-03-16 13:01:25.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.264 [GMT 1:00]
Running from: D:\Documents and Settings\xx\Desktop\ATF CLEANER\ComboFix.exe
Command switches used :: D:\Documents and Settings\xx\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\system32\google.dll
D:\WINDOWS\system32\msnserv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\google.dll
D:\WINDOWS\system32\msnserv.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-15 21:01 . 2008-03-15 21:01 <DIR> d-------- D:\Program Files\Sports Mogul
2008-03-15 13:13 . 2008-03-15 13:13 <DIR> d-------- D:\Documents and Settings\xx\Application Data\The Complete Genealogy Reporter - FTB
2008-03-15 13:13 . 2002-03-07 01:19 454,656 --a------ D:\WINDOWS\system32\PaintX.dll
2008-03-15 13:13 . 2003-07-06 14:07 372,736 --a------ D:\WINDOWS\system32\ijl15.dll
2008-03-15 13:13 . 1998-06-24 00:00 137,000 --a------ D:\WINDOWS\system32\msmapi32.ocx
2008-03-15 13:13 . 2008-03-15 13:21 250 --a------ D:\WINDOWS\MyHeritage.INI
2008-03-15 13:12 . 2008-03-15 13:13 <DIR> d-------- D:\Program Files\MyHeritage
2008-03-15 10:45 . 2008-03-15 11:03 <DIR> d-------- D:\Program Files\Navilog1
2008-03-13 13:21 . 2008-03-13 13:56 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager 2007 Demo
2008-03-13 00:53 . 2008-03-13 00:53 <DIR> d-------- D:\Documents and Settings\xx\EurekaLog
2008-03-13 00:32 . 2008-03-13 00:53 <DIR> d-------- D:\Program Files\GISConverter
2008-03-13 00:32 . 2008-03-13 00:32 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Softplicity
2008-03-11 13:44 . 2008-03-11 13:44 <DIR> d-------- D:\Program Files\Creative
2008-03-11 13:44 . 2002-06-06 14:38 139,264 --a------ D:\WINDOWS\system32\eax.dll
2008-03-11 12:06 . 2002-08-08 05:11 319,488 -ra------ D:\WINDOWS\system32\MafiaSetup.exe
2008-03-08 23:56 . 2008-03-08 23:56 8 --a------ D:\WINDOWS\LHM_info.dat
2008-03-08 23:51 . 2008-03-10 20:48 <DIR> d-------- D:\Program Files\LHM2006
2008-03-07 19:26 . 2008-03-07 19:28 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager
2008-03-07 19:26 . 2008-03-07 19:29 <DIR> d-------- D:\Program Files\HandballManager
2008-03-02 18:06 . 2008-03-03 19:41 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-03-01 23:25 . 2008-03-08 03:46 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-03-01 17:58 . 2008-03-16 13:08 6,189,600 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 17:58 . 2008-03-16 13:08 257,312 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 17:58 . 2008-03-16 11:34 85,052 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 17:58 . 2008-03-16 11:34 25,424 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 17:50 . 2008-03-06 17:40 91,700 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-03-01 17:50 . 2008-03-01 17:50 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-03-01 17:46 . 2008-03-01 17:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-23 18:25 . 2008-02-23 18:25 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Talkback
2008-02-23 18:25 . 2008-02-23 18:25 0 --a------ D:\WINDOWS\nsreg.dat
2008-02-23 18:21 . 2008-02-23 18:21 <DIR> d-------- D:\Program Files\Common Files\xing shared
2008-02-23 18:20 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Real
2008-02-23 18:18 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Common Files\Real
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer Pro
2008-02-23 16:29 . 2008-02-25 22:46 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer
2008-02-23 12:03 . 2008-02-23 12:08 <DIR> d-------- D:\Program Files\Moyea
2008-02-23 12:03 . 2008-03-13 00:55 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Moyea
2008-02-23 03:22 . 2008-02-23 03:22 <DIR> d-------- D:\Program Files\FLVPlayer
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Riva
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 10:36 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-12 22:46 --------- d-----w D:\Program Files\MSN Messenger
2008-03-10 17:13 --------- d-----w D:\Documents and Settings\xx\Application Data\MegauploadToolbar
2008-03-10 16:59 --------- d-----w D:\Program Files\XoftSpySE
2008-03-08 22:52 --------- d-----w D:\Documents and Settings\xx\Application Data\GetRightToGo
2008-03-01 18:52 314,368 ----a-w D:\WINDOWS\uninst.exe
2008-03-01 17:35 --------- d-----w D:\Program Files\bfgclient
2008-03-01 16:52 --------- d-----w D:\Program Files\Kaspersky Lab
2008-02-23 17:18 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-02-23 17:18 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
2008-02-13 17:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 14:05 --------- d-----w D:\Program Files\Winamp
2008-02-12 13:14 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-02-11 22:27 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 00:47 --------- d-----w D:\Documents and Settings\xx\Application Data\CyberLink
2008-02-07 15:40 --------- d-----w D:\Program Files\Soccerland2001
2008-02-05 15:38 --------- d-----w D:\Program Files\MegauploadToolbar
2008-01-18 20:09 --------- d-----w D:\Program Files\ProtectDisc Driver Installer
2008-01-04 13:20 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE
2007-11-03 14:45 13 ----a-w D:\Documents and Settings\xx\Verinfo.dat
2007-11-03 14:44 1,024 ----a-w D:\Documents and Settings\xx\Config.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\MSOCache ----

2008-03-01 18:17 620088 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
2005-12-22 14:43 91858 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZV561401.CAB
2005-12-22 14:43 86994 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZI5614CP.CAB
2005-12-22 14:43 763821 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZE561406.CAB
2005-12-22 14:43 668276 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZQ561401.CAB
2005-12-22 14:43 63208 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YM561403.CAB
2005-12-22 14:43 6291 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZZ561401.CAB
2005-12-22 14:43 603105 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YO561431.CAB
2005-12-22 14:43 47824 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZG561401.CAB
2005-12-22 14:43 441429 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZS561401.CAB
2005-12-22 14:43 353051 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZT561401.CAB
2005-12-22 14:43 347917 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZY5614F7.CAB
2005-12-22 14:43 310133 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZO561437.CAB
2005-12-22 14:43 27451 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZR561439.CAB
2005-12-22 14:43 274001 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZN561401.CAB
2005-12-22 14:43 2679261 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZC561424.CAB
2005-12-22 14:43 243555 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZH561461.CAB
2005-12-22 14:43 2248811 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZF561402.CAB
2005-12-22 14:43 2138970 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YL561471.CAB
2005-12-22 14:43 192632 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZA561401.CAB
2005-12-22 14:43 18438 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZU561475.CAB
2005-12-22 14:43 1692636 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZD561402.CAB
2005-12-22 14:43 147457 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZK561401.CAB
2005-12-22 14:43 14446 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YT561401.CAB
2005-12-22 14:43 1440029 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YI561401.CAB
2005-12-22 14:43 107454 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZM561401.CAB
2005-12-22 14:43 103723 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\ZJ561401.CAB
2005-12-22 14:42 947433 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\LV561444.CAB
2005-12-22 14:42 9298714 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\X2561401.CAB
2005-12-22 14:42 9272985 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YA5614D4.CAB
2005-12-22 14:42 915570 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\MG561460.CAB
2005-12-22 14:42 883593 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\MO561403.CAB
2005-12-22 14:42 8019461 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YB5614CQ.CAB
2005-12-22 14:42 788002 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\W45614C2.CAB
2005-12-22 14:42 740402 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\E4561468.CAB
2005-12-22 14:42 6308882 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\W25614DH.CAB
2005-12-22 14:42 629782 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\MA561443.CAB
2005-12-22 14:42 614643 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YC561403.CAB
2005-12-22 14:42 611657 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CS561401.CAB
2005-12-22 14:42 5755051 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PR103369.CAB
2005-12-22 14:42 5671270 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\P3561401.CAB
2005-12-22 14:42 547194 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\Q4561475.CAB
2005-12-22 14:42 5382284 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\E25614DK.CAB
2005-12-22 14:42 50808 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\M2561466.CAB
2005-12-22 14:42 471375 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\P4561402.CAB
2005-12-22 14:42 466445 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\GV561440.CAB
2005-12-22 14:42 4475718 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\YH561403.CAB
2005-12-22 14:42 4312407 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PR104065.CAB
2005-12-22 14:42 38260 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\IS561401.CAB
2005-12-22 14:42 377410 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PR207409.CAB
2005-12-22 14:42 3563686 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\M9561403.CAB
2005-12-22 14:42 3237881 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\E35614CH.CAB
2005-12-22 14:42 3061659 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\Q25614DI.CAB
2005-12-22 14:42 3041702 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\M35614J8.CAB
2005-12-22 14:42 30137 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\O0561401.CAB
2005-12-22 14:42 300700 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\L9561423.CAB
2005-12-22 14:42 2948275 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\WV561445.CAB
2005-12-22 14:42 28704941 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\P2561464.CAB
2005-12-22 14:42 2808469 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\W35614CN.CAB
2005-12-22 14:42 2531817 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\MT561470.CAB
2005-12-22 14:42 2427307 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\Q35614DR.CAB
2005-12-22 14:42 2374394 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\MH561401.CAB
2005-12-22 14:42 2372548 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\TR103113.CAB
2005-12-22 14:42 2268146 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\MC5614E9.CAB
2005-12-22 14:42 2164117 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\EV561474.CAB
2005-12-22 14:42 2057146 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\V3561403.CAB
2005-12-22 14:42 1980026 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\L35614BZ.CAB
2005-12-22 14:42 1767662 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\TR104017.CAB
2005-12-22 14:42 1740699 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PA561401.CAB
2005-12-22 14:42 1681241 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\G35614D8.CAB
2005-12-22 14:42 1526334 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PR105003.CAB
2005-12-22 14:42 13650283 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\IU561401.CAB
2005-12-22 14:42 13418642 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\O15614M4.CAB
2005-12-22 14:42 13272537 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\M45614J7.CAB
2005-12-22 14:42 1256026 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\QV561473.CAB
2005-12-22 14:42 1255537 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PV561401.CAB
2005-12-22 14:42 12137368 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PR103196.CAB
2005-12-22 14:42 107046 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\IJ561401.CAB
2005-12-22 14:42 10655659 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\L25614EF.CAB
2005-12-22 14:42 1054732 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\L45614CN.CAB
2005-12-22 14:42 1013663 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\X3561401.CAB
2005-12-22 14:41 7644765 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\SKU011.CAB
2005-12-22 14:41 706243 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CL561401.CAB
2005-12-22 14:41 5675627 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\A3561405.CAB
2005-12-22 14:41 3580152 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\A2561405.CAB
2005-12-22 14:41 323898 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CD561401.CAB
2005-12-22 14:41 3032343 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\A4561405.CAB
2005-12-22 14:41 2487448 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CP561401.CAB
2005-12-22 14:41 2306744 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CR561401.CAB
2005-12-22 14:41 2071027 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CF561401.CAB
2005-12-22 14:41 1952821 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\AV561403.CAB
2005-12-22 14:41 1681457 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CC561401.CAB
2005-12-22 14:41 1232028 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\CM561401.CAB
2005-12-22 14:39 89136 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
2005-12-22 14:39 58408 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE
2005-12-22 14:39 5812736 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PRO11.MSI
2005-12-22 14:39 494120 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCORE.OPC
2005-12-22 14:39 39992 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWDCW20.DLL
2005-12-22 14:39 36710 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\WINDOWS\INF\AER_1050.ADM
2005-12-22 14:39 34880 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
2005-12-22 14:39 34066 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\WINDOWS\INF\AER_1033.ADM
2005-12-22 14:39 316378 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\SKU011.XML
2005-12-22 14:39 288054 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\SETUP.CHM
2005-12-22 14:39 223784 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLEAN.DLL
2005-12-22 14:39 1615 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\OCLNINTL.OPC
2005-12-22 14:39 13275 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCUST.OPC
2005-12-22 14:39 11275 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\PSS10R.CHM
2005-12-22 14:39 110632 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1050\DWINTL20.DLL
2005-12-22 14:39 11031 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\PSS10O.CHM
2005-12-22 14:39 109120 --a------ C:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1033\DWINTL20.DLL

---- Directory of D:\MSOCache ----

2007-08-20 12:27 89136 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
2007-08-20 12:27 656440 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
2007-08-20 12:27 58408 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE
2007-08-20 12:27 5812736 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\PRO11.MSI
2007-08-20 12:27 494120 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCORE.OPC
2007-08-20 12:27 39992 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWDCW20.DLL
2007-08-20 12:27 36710 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\WINDOWS\INF\AER_1050.ADM
2007-08-20 12:27 34880 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
2007-08-20 12:27 34066 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\WINDOWS\INF\AER_1033.ADM
2007-08-20 12:27 316378 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\SKU011.XML
2007-08-20 12:27 288054 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\SETUP.CHM
2007-08-20 12:27 223784 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLEAN.DLL
2007-08-20 12:27 1615 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\OCLNINTL.OPC
2007-08-20 12:27 13275 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCUST.OPC
2007-08-20 12:27 11275 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\PSS10R.CHM
2007-08-20 12:27 110632 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1050\DWINTL20.DLL
2007-08-20 12:27 11031 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1050\PSS10O.CHM
2007-08-20 12:27 109120 --a------ D:\MSOCache\All Users\9000041a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1033\DWINTL20.DLL


------- Sigcheck -------

2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\svchost.exe
2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\dllcache\user32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\ws2_32.dll
2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\dllcache\ws2_32.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\drivers\tcpip.sys

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\winlogon.exe
2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\system32\ntoskrnl.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\explorer.exe
2008-03-01 18:10 1033216 97bd6515465659ff8f3b7be375b2ea87 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2008-03-01 20:00 1033216 7712df0cdde3a5ac89843e61cd5b3658 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-11_11.18.37.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-01 18:53:07 306,688 ----a-w D:\WINDOWS\IsUninst.exe
+ 1998-10-29 15:45:06 306,688 ----a-w D:\WINDOWS\IsUninst.exe
+ 2008-03-16 11:58:13 16,088 ----a-w D:\WINDOWS\SoftwareDistribution\EventCache\{9C427B76-3309-4CB1-82D9-44FD70690F39}.bin
- 2008-01-30 09:27:30 259,048 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-16 10:31:56 259,840 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-03 22:56:44 1,392,671 ----a-w D:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 19:42:40 1,386,496 ----a-w D:\WINDOWS\system32\msvbvm60.dll
+ 2007-04-30 09:50:30 417,792 ----a-w D:\WINDOWS\uninstall\Handball Manager 2007 Demo\setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 20:38 68856]
"ares"="D:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51 218376]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 18:18 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 09:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"D:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17380:TCP"= 17380:TCP:NortonAV
"13806:TCP"= 13806:TCP:NortonAV
"15789:TCP"= 15789:TCP:NortonAV

R2 acedrv10;acedrv10;D:\WINDOWS\system32\drivers\acedrv10.sys [2007-07-24 08:45]
R2 acehlp10;acehlp10;D:\WINDOWS\system32\drivers\acehlp10.sys [2007-07-11 09:20]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"D:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0693c984-53cc-11dc-97c0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c66ad34-5006-11dc-9bda-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b0244f4-55f5-11dc-bcb3-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa86754-5574-11dc-b7bc-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{693805c0-65fd-11dc-8ec8-a8783cb692d6}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e4-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e5-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb9ccf0-4f1f-11dc-a32d-c62ea26f04d2}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a6ba4-5394-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed8d4574-5175-11dc-a4e0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2abfc4-56b2-11dc-b76a-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 11:59:00 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 17:00:00 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
"2008-03-16 10:35:49 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-23 02:00:01 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-16 13:08:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 13:11:13
ComboFix-quarantined-files.txt 2008-03-16 12:11:02
ComboFix2.txt 2008-03-15 19:38:59
ComboFix3.txt 2008-03-14 13:58:15
ComboFix4.txt 2008-03-11 19:21:57
ComboFix5.txt 2008-03-11 18:47:32
.
2008-03-11 15:32:03 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Proverićemo još nešto...


Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Save ... dugme ispod i sačuvaj logfile.
Priloži sačuvani logfile uz poruku (koristi opciju Prikači fajl)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pokušavao sam s gmerom,al se bojim dalje,jer mi svaki put padne sistem i prijavi mi fatalnu grešku,pa se bojim dalje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Znači, kompjuter se restartuje u toku rada Gmer-a?
Događa se... Ništa strašno.

Reci ti meni kakvo je sada stanje? Kako radi PC?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pa spor je,inače ne gubi memoriju,al je prilično spor.ne kao prije,al je spor.ne znam što raditi..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovde nema malware-a, tako da...
Isprati ono uputstvo za deinstalaciju ComboFix-a.

Što se tiče brzine rada...

- obriši privremene file-ove
- defragmentuj hard disk

Nakon ovoga ćeš verovatno primetiti neka poboljšanja.

Dalje... Vidim da ti se Ares pokreće sa Windows-om - treba da znaš da svi p2p programi, pa tako i Ares, dok su aktivni (download/upload), gutaju gomilu RAM memorije i značajno usporavaju rad kompjutera. To je jedna vrlo bitna stvar koju treba da imaš na umu.



To je to...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

HVALA DOKTORE!POZZ