Provera log-a... sumnjiv rad racunara

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Vezano za proveru log-a, pa desava se cesto da komp sam od sebe 'poludi'...

- Nece da uradi update NOD32 ili nece da startuje System Restore na 'on' (oduvek sam stavljao na 'on'), vec duze vreme je 'off'...

-Ako mozete da proverite log, ako je cisto da znam da cistim pc od nepotrebnih softvera, pa da vidim onda...

***************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11, on 2009-02-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\SpeedFan\speedfan.exe
F:\08 Net Download\03. Torenti\uTorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WinFast\WFDTV\DVBTAP.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Korisnik\Desktop\Trt\TrT iT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe
O4 - Startup: cleantemp.bat
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [Link mogu videti samo ulogovani korisnici]
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of fil***************************************************************e - 10696 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.



Takođe, isključi i MBAM Protection.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-26.02 - Korisnik 2009-02-27 19:47:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2656 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-27 00:45 . 2009-02-27 00:45 <DIR> d-------- c:\program files\InstallShield Installation Information
2009-02-27 00:44 . 2009-02-27 00:44 268 --a------ c:\windows\game.ini
2009-02-26 23:41 . 2009-02-26 23:41 <DIR> d-------- c:\program files\Common Files\ABBYY
2009-02-26 23:38 . 2009-02-26 23:44 <DIR> d-------- c:\program files\ABBYY FineReader 9.0
2009-02-26 18:20 . 2009-02-26 18:20 <DIR> d-------- c:\program files\Foxit Software
2009-02-26 18:20 . 2009-02-26 18:20 <DIR> d-------- c:\program files\AskBarDis
2009-02-26 18:20 . 2009-02-26 18:20 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Foxit
2009-02-26 02:18 . 2009-02-26 02:18 <DIR> d-------- c:\documents and settings\Korisnik\Tracing
2009-02-25 22:08 . 2009-02-25 22:09 <DIR> d-------- C:\Lyrics
2009-02-25 22:07 . 2009-02-26 00:43 <DIR> d-------- c:\program files\Minilyrics
2009-02-25 16:47 . 2009-02-25 16:47 262,144 --a------ C:\ntuser.dat.rmbak
2009-02-25 16:47 . 2009-02-25 16:52 8,192 --a------ C:\ntuser.dat
2009-02-23 23:50 . 2009-02-23 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-20 20:06 . 2009-02-27 13:08 <DIR> d-------- c:\program files\mIRC
2009-02-20 20:06 . 2009-02-27 19:44 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\NoNameScript
2009-02-17 03:58 . 2009-02-17 03:58 <DIR> d-------- c:\program files\PowerISO
2009-02-15 14:42 . 2009-02-15 14:42 278,984 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-15 14:42 . 2009-02-15 14:42 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-15 14:39 . 2009-02-15 14:41 <DIR> d-------- c:\program files\Gravity
2009-02-14 12:55 . 2009-02-14 12:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 12:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 12:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 05:10 . 2009-02-13 05:10 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2009-02-13 05:09 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-13 05:08 . 2009-02-13 05:08 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-13 04:17 . 2009-02-13 04:17 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-12 17:41 . 2002-07-17 09:20 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-02-12 17:41 . 2002-07-17 08:53 16,877 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-02-12 17:41 . 2002-07-17 16:22 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-02-12 17:41 . 2002-07-17 16:22 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-02-12 16:32 . 2009-02-12 16:32 <DIR> d-------- c:\windows\system32\3Planesoft
2009-02-12 16:32 . 2009-02-12 16:32 <DIR> d-------- c:\program files\Lighthouse Point 3D Screensaver
2009-02-12 16:32 . 2009-02-12 16:32 <DIR> d-------- c:\program files\3Planesoft Screensaver Manager
2009-02-12 16:32 . 2008-06-10 12:04 19,237,888 --a------ c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2009-02-12 16:32 . 2008-06-09 17:26 852,480 --a------ c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2009-02-12 16:32 . 2008-03-28 18:08 458,752 --a------ c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-02-12 16:30 . 2009-02-12 16:30 <DIR> d-------- c:\program files\BreakPoint Software
2009-02-11 14:15 . 2009-02-11 14:15 <DIR> d-------- c:\program files\PIS
2009-02-11 14:14 . 2009-02-11 14:17 <DIR> d-------- C:\PIS
2009-02-08 18:18 . 2009-02-08 18:19 <DIR> d-------- c:\program files\AutoGK
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 05:32 . 2009-02-05 05:32 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Canneverbe_Limited
2009-02-05 05:31 . 2009-02-05 05:31 <DIR> d-------- c:\program files\CDBurnerXP
2009-02-04 17:50 . 2009-02-04 17:50 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Samsung
2009-02-04 17:49 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-02-04 17:49 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-02-02 20:01 . 2009-02-25 14:34 <DIR> d-------- c:\program files\vSoft
2009-01-31 23:49 . 2009-01-31 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\3DWA_L
2009-01-31 21:34 . 2009-01-31 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2009-01-29 22:17 . 2009-02-04 03:42 43 --a------ c:\windows\hpfccopy.INI
2009-01-29 00:04 . 2009-01-29 00:04 <DIR> d-------- c:\program files\EuroTalk
2009-01-29 00:04 . 2009-01-29 00:04 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\EuroTalk
2009-01-28 14:58 . 2009-01-28 14:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-27 16:10 . 2009-01-27 16:10 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 18:46 --------- d-----w c:\documents and settings\Korisnik\Application Data\uTorrent
2009-02-27 12:34 --------- d-----w c:\program files\SpeedFan
2009-02-27 02:26 --------- d-----w c:\documents and settings\Korisnik\Application Data\Vso
2009-02-27 02:24 --------- d-----w c:\program files\Warcraft III
2009-02-27 01:46 --------- d-----w c:\program files\Garena
2009-02-26 22:23 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-26 11:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-26 11:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 14:54 --------- d-----w c:\program files\GRETECH
2009-02-25 13:52 --------- d-----w c:\program files\HP
2009-02-25 13:52 --------- d-----w c:\program files\Hewlett-Packard
2009-02-25 05:01 --------- d-----w c:\documents and settings\Korisnik\Application Data\Aegisub
2009-02-23 22:51 --------- d-----w c:\program files\Common Files\Adobe
2009-02-20 19:04 --------- d-----w c:\documents and settings\Korisnik\Application Data\mIRC
2009-02-19 12:12 --------- d-----w c:\program files\GPU-Z 0.2.9
2009-02-13 06:50 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 04:10 --------- d-----w c:\program files\Microsoft
2009-02-13 04:08 --------- d-----w c:\program files\Windows Live
2009-02-12 16:55 --------- d-----w c:\program files\Youdagames
2009-02-12 16:50 --------- d-----w c:\program files\Doblon
2009-02-12 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2009-02-08 17:19 --------- d-----w c:\program files\AviSynth 2.5
2009-02-05 14:31 --------- d-----w c:\program files\Defraggler
2009-02-04 16:48 --------- d-----w c:\program files\Samsung
2009-01-26 17:00 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-26 16:21 --------- d-----w c:\program files\Recuva
2009-01-26 14:45 --------- d-----w c:\documents and settings\Korisnik\Application Data\The Complete Genealogy Reporter - FTB
2009-01-26 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\MyHeritage
2009-01-26 14:25 --------- d-----w c:\program files\MyHeritage
2009-01-26 13:50 --------- d-----w c:\documents and settings\Korisnik\Application Data\MyHeritage
2009-01-25 16:54 --------- d-----w c:\program files\Microsoft WSE
2009-01-25 16:54 --------- d-----w c:\program files\Family Tree Maker 2009
2009-01-25 16:54 --------- d-----w c:\program files\BCL Technologies
2009-01-25 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-22 11:42 --------- d-----w c:\documents and settings\Korisnik\Application Data\Ahead
2009-01-22 11:32 --------- d-----w c:\program files\Common Files\Ahead
2009-01-22 11:31 --------- d-----w c:\program files\Nero
2009-01-22 03:30 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-22 03:18 --------- d-----w c:\program files\Windows Sidebar
2009-01-16 05:36 --------- d-----w c:\program files\Video Watermark Factory
2009-01-16 03:51 --------- d-----w c:\documents and settings\Korisnik\Application Data\Leadertech
2009-01-15 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-01-13 09:48 --------- d-----w c:\program files\Java
2009-01-13 09:48 --------- d-----w c:\program files\Gemplus
2009-01-13 09:47 --------- d-----w c:\program files\Common Files\Java
2009-01-12 15:58 --------- d-----w c:\program files\ScummVM
2009-01-12 15:58 --------- d-----w c:\documents and settings\Korisnik\Application Data\ScummVM
2009-01-12 15:52 --------- d-----w c:\program files\XviD
2009-01-08 15:39 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-04 17:32 --------- d-----w c:\documents and settings\Korisnik\Application Data\smc
2009-01-03 21:54 --------- d-----w c:\program files\JAM Software
2009-01-03 21:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\JAM Software
2009-01-03 14:11 --------- d-----w c:\program files\Sony
2009-01-03 12:31 --------- d-----w c:\documents and settings\Korisnik\Application Data\CyberLink
2009-01-03 12:30 --------- d-----w c:\program files\CyberLink
2009-01-03 12:15 --------- d-----w c:\program files\Smart Projects
2009-01-03 11:40 --------- d-----w c:\documents and settings\Korisnik\Application Data\dvdcss
2009-01-03 09:49 --------- d-----w c:\program files\Cakewalk
2009-01-03 09:49 --------- d-----w c:\documents and settings\Korisnik\Application Data\Cakewalk
2009-01-03 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\Cakewalk
2009-01-03 00:04 --------- d-----w c:\program files\Engleski
2008-12-29 01:14 --------- d-----w c:\documents and settings\Korisnik\Application Data\LucasArts
2008-12-27 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzyPizzaParty
2008-12-27 11:59 --------- d-----w c:\program files\Alawar
2008-12-08 22:14 47,360 ----a-w c:\documents and settings\Korisnik\Application Data\pcouffin.sys
2008-12-08 22:02 81,920 ----a-w c:\documents and settings\Korisnik\Application Data\ezpinst.exe
2008-11-25 17:32 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl0.dat
2008-11-03 16:58 362,625 --sh--r c:\windows\system32\lktglu.exe
2008-11-03 16:58 362,625 --sh--r c:\windows\system32\nkkwgl.exe
2008-10-28 20:33 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-10-28 20:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-10-28 20:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102820081029\index.dat
2008-10-28 20:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2008-09-13 11:28 361600 ce42c0c1c33cebd799056525461c523b c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2008-10-29 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-28 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-10-28 258134]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]

c:\documents and settings\Korisnik\Start Menu\Programs\Startup\
cleantemp.bat [2006-11-05 26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.i263"= i263_32.drv
"vidc.CDV5"= cdv5codc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CDVC"= cdvccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CMIC"= cmiccodc.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Universal Share Downloader"=c:\program files\USDownloader for RapidShare\USDownloader-Lite\USDownloader.exe
"µTorrent"=f:\08 net download\03. Torenti\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"f:\\08 Net Download\\01. [Programi za Download] NE DIRAJ ME\\ApexDC++ 1.1.0\\ApexDC.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Totalcmd v7.2\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\ryzeer85\\counter-strike\\hl.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\GAMES\\WORMS AiO COLLECTION - 9 Games In One\\Games\\Worms Forts Under Siege\\WF.exe"=
"c:\\WINDOWS\\system32\\lktglu.exe"=
"c:\\GAMES\\Odbojka\\VOLLEY.EXE"=
"c:\\GAMES\\Tiny Cars 2 1.01\\tinycars2.exe.dDIE.exe"=
"c:\\WINDOWS\\system32\\nkkwgl.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"f:\\08 Net Download\\03. Torenti\\uTorrent.exe"=
"c:\\GAMES\\Guitar Hero Aerosmith\\Guitar Hero Aerosmith.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-12-02 27704]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2008-11-11 9600]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-28 15424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-13 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-14 179856]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-14 15504]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]
R3 WFFALCON;Leadtek WinFast PVR3000 Series Driver;c:\windows\system32\drivers\wffalcon.sys [2008-10-28 131328]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest Ultimate Edition v.4.60.1509\kerneld.wnt [2008-10-28 23664]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\ZIX37DC.tmp --> c:\docume~1\Korisnik\LOCALS~1\Temp\ZIX37DC.tmp [?]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2009-01-13 61840]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-12-11 36928]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [2008-11-06 98488]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-10-28 9446]
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\Malwarebytes' Scheduled Update for Korisnik.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\306bo8py.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-27 19:56:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest Ultimate Edition v.4.60.1509\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\ZIX37DC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E45732F9-82BA-FAB5-8580-52EE091FDEAE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaopggjmdimghjpjnj"=hex:6b,61,6c,63,61,6f,61,66,63,65,64,68,63,6d,70,64,6a,6f,
61,6b,69,64,00,00
"haiplpnelneefjac"=hex:6b,61,6c,63,61,6f,61,66,63,65,64,68,63,6d,70,64,6a,6f,
61,6b,69,64,00,00
"hakmfbfdealeilaa"=hex:64,61,6c,62,61,66,69,66,00,00
"hakmfbfdfpiaoidl"=hex:6b,62,61,64,61,68,70,63,6b,62,6c,6c,6b,62,64,66,6d,61,
70,68,6e,65,69,6b,61,6f,69,65,67,6b,6e,69,67,6d,65,70,62,68,62,6b,67,6b,69,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1620)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1676)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
.
**************************************************************************
.
Completion time: 2009-02-27 20:00:48 - machine was rebooted [Korisnik]
ComboFix-quarantined-files.txt 2009-02-27 19:00:45

Pre-Run: 93,769,564,160 bytes free
Post-Run: 93,748,506,624 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
343

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prikaži skrivene file-ove: [Link mogu videti samo ulogovani korisnici]


Upload-uj sledeće file-ove:

C:\ntuser.dat.rmbak
C:\ntuser.dat
c:\windows\system32\nkkwgl.exe


preko ovog linka: [Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stavio sam prva dva fajla dok treceg nema (pratio sam upustvar za hide/show files)... nema ga

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\lktglu.exe
c:\windows\system32\nkkwgl.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\lktglu.exe"=-
"c:\\WINDOWS\\system32\\nkkwgl.exe"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo svezeg log-a (tokom rada Combofix je ponudio update programa, nisam prihvatio, nadam se da nisam pogresio)

**************************************************

ComboFix 09-02-26.02 - Korisnik 2009-02-27 23:59:04.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2672 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\lktglu.exe
c:\windows\system32\nkkwgl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Dvbpws.dll
c:\windows\system32\lktglu.exe
c:\windows\system32\nkkwgl.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-27 23:56 . 2009-02-27 23:56 <DIR> d-------- C:\My Media Files
2009-02-27 23:56 . 1999-09-10 12:06 45,056 --a------ c:\windows\system32\WNASPI2K.BAK
2009-02-27 23:56 . 1999-09-10 12:06 25,244 --a------ c:\windows\system32\drivers\ASPI2K.BAK
2009-02-27 23:56 . 1999-09-10 12:06 5,600 --a------ c:\windows\system\WINASPI.BAK
2009-02-27 23:56 . 1999-09-10 12:06 4,672 --a------ c:\windows\system\WOWPOST.BAK
2009-02-27 23:56 . 2009-02-27 23:56 43 --a------ c:\windows\Aurora Media Workshop.INI
2009-02-27 23:55 . 2009-02-27 23:56 <DIR> d-------- c:\program files\Aurora Media Workshop
2009-02-27 23:55 . 2005-11-08 06:32 3,088,384 --a------ c:\windows\system32\erdmpg-4.dll
2009-02-27 23:55 . 1999-06-03 12:47 142,608 --a------ c:\windows\system32\atl.exe
2009-02-27 23:55 . 2004-10-29 21:46 61,440 --a------ c:\windows\system32\smd.dll
2009-02-27 23:33 . 2009-02-27 23:33 <DIR> dr-hs---- C:\sys
2009-02-27 23:32 . 2009-02-27 23:32 <DIR> d-------- c:\program files\DreamLight Photo Editor
2009-02-27 22:35 . 2009-02-27 23:56 <DIR> d-------- c:\windows\LastGood
2009-02-27 22:35 . 2009-02-27 22:35 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-02-27 21:36 . 2009-02-27 21:36 880 --a------ C:\ntuser.dat.rar
2009-02-27 00:45 . 2009-02-27 21:58 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-27 00:44 . 2009-02-27 00:44 268 --a------ c:\windows\game.ini
2009-02-26 23:41 . 2009-02-26 23:41 <DIR> d-------- c:\program files\Common Files\ABBYY
2009-02-26 23:38 . 2009-02-26 23:44 <DIR> d-------- c:\program files\ABBYY FineReader 9.0
2009-02-26 18:20 . 2009-02-26 18:20 <DIR> d-------- c:\program files\Foxit Software
2009-02-26 18:20 . 2009-02-26 18:20 <DIR> d-------- c:\program files\AskBarDis
2009-02-26 18:20 . 2009-02-26 18:20 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Foxit
2009-02-26 02:18 . 2009-02-27 20:01 <DIR> d-------- c:\documents and settings\Korisnik\Tracing
2009-02-25 22:08 . 2009-02-25 22:09 <DIR> d-------- C:\Lyrics
2009-02-25 22:07 . 2009-02-26 00:43 <DIR> d-------- c:\program files\Minilyrics
2009-02-25 16:47 . 2009-02-25 16:47 262,144 --a------ C:\ntuser.dat.rmbak
2009-02-25 16:47 . 2009-02-25 16:52 8,192 --a------ C:\ntuser.dat
2009-02-23 23:50 . 2009-02-23 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-20 20:06 . 2009-02-27 20:01 <DIR> d-------- c:\program files\mIRC
2009-02-20 20:06 . 2009-02-27 23:54 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\NoNameScript
2009-02-17 03:58 . 2009-02-17 03:58 <DIR> d-------- c:\program files\PowerISO
2009-02-15 14:42 . 2009-02-15 14:42 278,984 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-15 14:42 . 2009-02-15 14:42 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-15 14:39 . 2009-02-15 14:41 <DIR> d-------- c:\program files\Gravity
2009-02-14 12:55 . 2009-02-14 12:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 12:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 12:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 05:10 . 2009-02-13 05:10 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2009-02-13 05:09 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-13 05:08 . 2009-02-13 05:08 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-13 04:17 . 2009-02-13 04:17 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-12 17:41 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-02-12 17:41 . 2002-05-06 11:01 17,005 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-02-12 17:41 . 2001-04-19 17:34 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-02-12 17:41 . 2001-04-19 17:34 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-02-12 16:32 . 2009-02-12 16:32 <DIR> d-------- c:\windows\system32\3Planesoft
2009-02-12 16:32 . 2009-02-12 16:32 <DIR> d-------- c:\program files\Lighthouse Point 3D Screensaver
2009-02-12 16:32 . 2009-02-12 16:32 <DIR> d-------- c:\program files\3Planesoft Screensaver Manager
2009-02-12 16:32 . 2008-06-10 12:04 19,237,888 --a------ c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2009-02-12 16:32 . 2008-06-09 17:26 852,480 --a------ c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2009-02-12 16:32 . 2008-03-28 18:08 458,752 --a------ c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-02-12 16:30 . 2009-02-12 16:30 <DIR> d-------- c:\program files\BreakPoint Software
2009-02-11 14:15 . 2009-02-11 14:15 <DIR> d-------- c:\program files\PIS
2009-02-11 14:14 . 2009-02-11 14:17 <DIR> d-------- C:\PIS
2009-02-08 18:18 . 2009-02-08 18:19 <DIR> d-------- c:\program files\AutoGK
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 05:32 . 2009-02-05 05:32 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Canneverbe_Limited
2009-02-05 05:31 . 2009-02-05 05:31 <DIR> d-------- c:\program files\CDBurnerXP
2009-02-04 17:50 . 2009-02-04 17:50 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Samsung
2009-02-04 17:49 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-02-04 17:49 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-02-02 20:01 . 2009-02-25 14:34 <DIR> d-------- c:\program files\vSoft
2009-01-31 23:49 . 2009-01-31 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\3DWA_L
2009-01-31 21:34 . 2009-01-31 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2009-01-29 22:17 . 2009-02-04 03:42 43 --a------ c:\windows\hpfccopy.INI
2009-01-29 00:04 . 2009-01-29 00:04 <DIR> d-------- c:\program files\EuroTalk
2009-01-29 00:04 . 2009-01-29 00:04 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\EuroTalk
2009-01-28 14:58 . 2009-01-28 14:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-27 16:10 . 2009-01-27 16:10 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 22:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\uTorrent
2009-02-27 21:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-27 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 20:09 --------- d-----w c:\program files\Warcraft III
2009-02-27 20:06 --------- d-----w c:\program files\Garena
2009-02-27 12:34 --------- d-----w c:\program files\SpeedFan
2009-02-27 02:26 --------- d-----w c:\documents and settings\Korisnik\Application Data\Vso
2009-02-26 22:23 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-26 11:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-25 14:54 --------- d-----w c:\program files\GRETECH
2009-02-25 13:52 --------- d-----w c:\program files\HP
2009-02-25 13:52 --------- d-----w c:\program files\Hewlett-Packard
2009-02-25 05:01 --------- d-----w c:\documents and settings\Korisnik\Application Data\Aegisub
2009-02-23 22:51 --------- d-----w c:\program files\Common Files\Adobe
2009-02-20 19:04 --------- d-----w c:\documents and settings\Korisnik\Application Data\mIRC
2009-02-19 12:12 --------- d-----w c:\program files\GPU-Z 0.2.9
2009-02-13 06:50 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 04:10 --------- d-----w c:\program files\Microsoft
2009-02-13 04:08 --------- d-----w c:\program files\Windows Live
2009-02-12 16:55 --------- d-----w c:\program files\Youdagames
2009-02-12 16:50 --------- d-----w c:\program files\Doblon
2009-02-12 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2009-02-08 17:19 --------- d-----w c:\program files\AviSynth 2.5
2009-02-05 14:31 --------- d-----w c:\program files\Defraggler
2009-02-04 16:48 --------- d-----w c:\program files\Samsung
2009-01-26 17:00 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-26 16:21 --------- d-----w c:\program files\Recuva
2009-01-26 14:45 --------- d-----w c:\documents and settings\Korisnik\Application Data\The Complete Genealogy Reporter - FTB
2009-01-26 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\MyHeritage
2009-01-26 14:25 --------- d-----w c:\program files\MyHeritage
2009-01-26 13:50 --------- d-----w c:\documents and settings\Korisnik\Application Data\MyHeritage
2009-01-25 21:10 179,200 ----a-w c:\windows\system32\xvidvfw.dll
2009-01-25 16:54 --------- d-----w c:\program files\Microsoft WSE
2009-01-25 16:54 --------- d-----w c:\program files\Family Tree Maker 2009
2009-01-25 16:54 --------- d-----w c:\program files\BCL Technologies
2009-01-25 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-22 11:42 --------- d-----w c:\documents and settings\Korisnik\Application Data\Ahead
2009-01-22 11:32 --------- d-----w c:\program files\Common Files\Ahead
2009-01-22 11:31 --------- d-----w c:\program files\Nero
2009-01-22 03:30 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-22 03:18 --------- d-----w c:\program files\Windows Sidebar
2009-01-16 05:36 --------- d-----w c:\program files\Video Watermark Factory
2009-01-16 03:51 --------- d-----w c:\documents and settings\Korisnik\Application Data\Leadertech
2009-01-15 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-01-13 09:48 --------- d-----w c:\program files\Java
2009-01-13 09:48 --------- d-----w c:\program files\Gemplus
2009-01-13 09:47 --------- d-----w c:\program files\Common Files\Java
2009-01-12 15:58 --------- d-----w c:\program files\ScummVM
2009-01-12 15:58 --------- d-----w c:\documents and settings\Korisnik\Application Data\ScummVM
2009-01-12 15:52 --------- d-----w c:\program files\XviD
2009-01-08 23:01 629,760 ----a-w c:\windows\system32\xvidcore.dll
2009-01-08 15:39 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-04 17:32 --------- d-----w c:\documents and settings\Korisnik\Application Data\smc
2009-01-03 21:54 --------- d-----w c:\program files\JAM Software
2009-01-03 21:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\JAM Software
2009-01-03 14:11 --------- d-----w c:\program files\Sony
2009-01-03 12:31 --------- d-----w c:\documents and settings\Korisnik\Application Data\CyberLink
2009-01-03 12:30 --------- d-----w c:\program files\CyberLink
2009-01-03 12:15 --------- d-----w c:\program files\Smart Projects
2009-01-03 11:40 --------- d-----w c:\documents and settings\Korisnik\Application Data\dvdcss
2009-01-03 09:49 --------- d-----w c:\program files\Cakewalk
2009-01-03 09:49 --------- d-----w c:\documents and settings\Korisnik\Application Data\Cakewalk
2009-01-03 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\Cakewalk
2009-01-03 00:04 --------- d-----w c:\program files\Engleski
2008-12-29 01:14 --------- d-----w c:\documents and settings\Korisnik\Application Data\LucasArts
2008-12-28 22:48 2,330,643 ----a-w c:\windows\system32\x264vfw.dll
2008-12-27 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzyPizzaParty
2008-12-27 11:59 --------- d-----w c:\program files\Alawar
2008-12-21 21:46 351,744 ----a-w c:\windows\system32\avisynth.dll
2008-12-17 02:05 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-08 22:14 47,360 ----a-w c:\documents and settings\Korisnik\Application Data\pcouffin.sys
2008-12-08 22:02 81,920 ----a-w c:\documents and settings\Korisnik\Application Data\ezpinst.exe
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-07 16:40 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-12-07 16:40 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-12-07 16:40 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-12-01 23:47 30,720 ----a-w c:\windows\system32\pavedius.dll
2008-11-25 17:32 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl0.dat
2008-10-28 20:33 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-10-28 20:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-10-28 20:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102820081029\index.dat
2008-10-28 20:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2008-09-13 11:28 361600 ce42c0c1c33cebd799056525461c523b c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-24 02:26:58 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-02-27 21:37:38 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-02-24 02:26:59 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-02-27 21:37:39 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-02-24 02:26:59 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-02-27 21:37:39 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-02-24 02:26:47 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:33 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:50 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:35 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:51 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:35 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:52 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:35 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:53 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:36 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:54 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:36 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:54 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:37 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:55 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:37 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:26:56 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:37 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:27:00 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-27 21:37:39 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 02:27:00 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-02-27 21:37:39 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-02-24 02:27:00 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-02-27 21:37:40 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-02-24 02:27:00 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-02-27 21:37:40 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-02-24 02:27:01 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-02-27 21:37:40 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-02-24 02:26:57 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-27 21:37:38 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-14 12:00:00 58,880 ----a-w c:\windows\LastGood\system32\atl.dll
+ 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\LastGood\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\LastGood\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\LastGood\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00 1,374,232 ----a-w c:\windows\LastGood\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\LastGood\system32\D3DCompiler_37.dll
+ 2008-06-05 13:53:42 1,491,992 ----a-w c:\windows\LastGood\system32\D3DCompiler_38.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\LastGood\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 ----a-w c:\windows\LastGood\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\LastGood\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34 444,776 ----a-w c:\windows\LastGood\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\LastGood\system32\d3dx10_37.dll
+ 2008-06-05 13:53:40 467,984 ----a-w c:\windows\LastGood\system32\d3dx10_38.dll
+ 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\LastGood\system32\d3dx9_24.dll
+ 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\LastGood\system32\d3dx9_25.dll
+ 2005-05-26 14:34:52 2,297,552 ----a-w c:\windows\LastGood\system32\d3dx9_26.dll
+ 2005-07-22 18:59:04 2,319,568 ----a-w c:\windows\LastGood\system32\d3dx9_27.dll
+ 2005-12-05 17:09:18 2,323,664 ----a-w c:\windows\LastGood\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 ----a-w c:\windows\LastGood\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w c:\windows\LastGood\system32\d3dx9_30.dll
+ 2006-09-28 15:05:20 2,414,360 ----a-w c:\windows\LastGood\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w c:\windows\LastGood\system32\d3dx9_32.dll
+ 2007-03-12 15:42:30 3,495,784 ----a-w c:\windows\LastGood\system32\d3dx9_33.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w c:\windows\LastGood\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\LastGood\system32\d3dx9_35.dll
+ 2007-10-12 14:14:00 3,734,536 ----a-w c:\windows\LastGood\system32\d3dx9_36.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\LastGood\system32\D3DX9_37.dll
+ 2008-06-05 13:53:44 3,850,760 ----a-w c:\windows\LastGood\system32\D3DX9_38.dll
+ 2006-02-03 07:41:26 14,032 ----a-w c:\windows\LastGood\system32\x3daudio1_0.dll
+ 2007-03-05 11:42:18 15,128 ----a-w c:\windows\LastGood\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16 17,928 ----a-w c:\windows\LastGood\system32\x3daudio1_2.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\LastGood\system32\X3DAudio1_3.dll
+ 2008-05-30 13:17:00 25,608 ----a-w c:\windows\LastGood\system32\X3DAudio1_4.dll
+ 2006-02-03 07:42:06 230,096 ----a-w c:\windows\LastGood\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w c:\windows\LastGood\system32\xactengine2_1.dll
+ 2007-10-22 02:39:54 267,272 ----a-w c:\windows\LastGood\system32\xactengine2_10.dll
+ 2006-05-31 06:24:16 230,168 ----a-w c:\windows\LastGood\system32\xactengine2_2.dll
+ 2006-07-28 08:30:32 236,824 ----a-w c:\windows\LastGood\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 ----a-w c:\windows\LastGood\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 ----a-w c:\windows\LastGood\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 ----a-w c:\windows\LastGood\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 ----a-w c:\windows\LastGood\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 ----a-w c:\windows\LastGood\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w c:\windows\LastGood\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\LastGood\system32\xactengine3_0.dll
+ 2008-05-30 13:18:52 238,088 ----a-w c:\windows\LastGood\system32\xactengine3_1.dll
+ 2008-05-30 13:17:30 65,032 ----a-w c:\windows\LastGood\system32\XAPOFX1_0.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\LastGood\system32\XAudio2_0.dll
+ 2008-05-30 13:19:18 507,400 ----a-w c:\windows\LastGood\system32\XAudio2_1.dll
+ 2006-03-31 11:39:24 62,672 ----a-w c:\windows\LastGood\system32\xinput1_1.dll
+ 2006-07-28 08:30:14 62,744 ----a-w c:\windows\LastGood\system32\xinput1_2.dll
+ 2007-04-04 17:53:42 81,768 ----a-w c:\windows\LastGood\system32\xinput1_3.dll
+ 2005-12-05 17:07:30 61,136 ----a-w c:\windows\LastGood\system32\xinput9_1_0.dll
- 2001-09-05 21:00:58 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
+ 2001-08-23 15:00:00 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
- 2007-04-30 15:50:50 903,072 ----a-w c:\windows\system32\msidcrl40.dll
+ 2007-08-27 14:41:22 1,089,440 ----a-w c:\windows\system32\msidcrl40.dll
- 2009-02-27 12:07:52 72,456 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-27 18:59:19 72,456 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-27 12:07:52 444,690 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-27 18:59:19 444,690 ----a-w c:\windows\system32\perfh009.dat
- 2007-11-26 20:56:20 10,155,840 ----a-w c:\windows\system32\xlive.dll
+ 2008-10-22 04:29:02 14,303,392 ----a-w c:\windows\system32\xlive.dll
- 2007-11-26 20:56:20 13,653,824 ----a-w c:\windows\system32\xlivefnt.dll
+ 2008-10-22 04:29:02 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2008-10-29 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-28 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-10-28 258134]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]

c:\documents and settings\Korisnik\Start Menu\Programs\Startup\
cleantemp.bat [2006-11-05 26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.i263"= i263_32.drv
"vidc.CDV5"= cdv5codc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CDVC"= cdvccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CMIC"= cmiccodc.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Universal Share Downloader"=c:\program files\USDownloader for RapidShare\USDownloader-Lite\USDownloader.exe
"µTorrent"=f:\08 net download\03. Torenti\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"f:\\08 Net Download\\01. [Programi za Download] NE DIRAJ ME\\ApexDC++ 1.1.0\\ApexDC.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Totalcmd v7.2\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\ryzeer85\\counter-strike\\hl.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\GAMES\\WORMS AiO COLLECTION - 9 Games In One\\Games\\Worms Forts Under Siege\\WF.exe"=
"c:\\GAMES\\Odbojka\\VOLLEY.EXE"=
"c:\\GAMES\\Tiny Cars 2 1.01\\tinycars2.exe.dDIE.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"f:\\08 Net Download\\03. Torenti\\uTorrent.exe"=
"c:\\GAMES\\Guitar Hero Aerosmith\\Guitar Hero Aerosmith.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\GAMES\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\GAMES\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-12-02 27704]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2008-11-11 9600]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-28 15424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-13 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-14 15504]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]
R3 WFFALCON;Leadtek WinFast PVR3000 Series Driver;c:\windows\system32\drivers\wffalcon.sys [2008-10-28 131328]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-14 179856]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-08-10 26144]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest Ultimate Edition v.4.60.1509\kerneld.wnt [2008-10-28 23664]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2009-01-13 61840]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-12-11 36928]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [2008-11-06 98488]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-10-28 9446]
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\Malwarebytes' Scheduled Update for Korisnik.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\306bo8py.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-28 00:02:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest Ultimate Edition v.4.60.1509\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E45732F9-82BA-FAB5-8580-52EE091FDEAE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaopggjmdimghjpjnj"=hex:6b,61,6c,63,61,6f,61,66,63,65,64,68,63,6d,70,64,6a,6f,
61,6b,69,64,00,00
"haiplpnelneefjac"=hex:6b,61,6c,63,61,6f,61,66,63,65,64,68,63,6d,70,64,6a,6f,
61,6b,69,64,00,00
"hakmfbfdealeilaa"=hex:64,61,6c,62,61,66,69,66,00,00
"hakmfbfdfpiaoidl"=hex:6b,62,61,64,61,68,70,63,6b,62,6c,6c,6b,62,64,66,6d,61,
70,68,6e,65,69,6b,61,6f,69,65,67,6b,6e,69,67,6d,65,70,62,68,62,6b,67,6b,69,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1620)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1676)
c:\windows\system32\imon.dll
.
Completion time: 2009-02-28 0:05:55
ComboFix-quarantined-files.txt 2009-02-27 23:05:53
ComboFix2.txt 2009-02-27 19:00:48

Pre-Run: 77,295,144,960 bytes free
Post-Run: 77,281,497,088 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
450

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sada izgleda čisto.

Koliko vidim, System Restore je funkcionalan, NOD32 je ažuriran.


Postoji li trenutno neki konkretan problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pravo da ti kazem, sada PC radi znatno brze.
System restore radi, a NOD32 skida update.
Sve u svemu, hvala ti za veliku pomoc

P.S. Kad sam gledao logove video sam da imam neke toolbarove, pokusao sam da ih izbrises add/remove - revo unistaller nisam uspeo, jer postoji mogucnost kroz registri.

Hvala jos jednom.

Problemi su reseni

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Svi toolbar-ovi koje imaš su legitimni, tako da... Ja ne bih trebao da ti ih uklanjam.


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve...