Upomoc?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Maj 2009 19:08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:58, on 28.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Office Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Barbika\Desktop\Novi Folder\novi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Restore Service srserviceRDSessMgr (srserviceRDSessMgr) - Unknown owner - C:\WINDOWS\system32\1037l.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7541 bytes

Dopuna: 28 Maj 2009 21:04

Ja se zaista ne razumem mnogo u sve ovo, nadam se da sam odradila sve kako treba, a kada sam ga skenirala nodom pisalo je da je u pitanju Agentodg virus.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 29 Maj 2009 21:18

ComboFix 09-05-28.09 - Barbika 29.05.2009 21:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1708 [GMT 2:00]
Running from: c:\documents and settings\Barbika\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\20080128135518500_Samsung_PC_Studio_321_HA4.exe
c:\documents and settings\Download programs\GameHouse-Installer_am-escaperosecliffislandtm_gamehouse.exe
c:\windows\system32\drivers\UACmeyxwhkdpkmrqqf.sys
c:\windows\system32\UACdpxenteruhpaxrd.db
c:\windows\system32\UACeevlidkyvbucbtq.log
c:\windows\system32\UACfbdedbnuigsnjnv.dll
c:\windows\system32\UACflnstcomufxjexg.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiudfwiljxgbrlkt.dll
c:\windows\system32\UACkgyjkqbrshlpdnt.log
c:\windows\system32\UAClvmpomtrskoqvrh.dll
c:\windows\system32\UAClwopavohjjhfosb.dll
c:\windows\system32\UACmpktsjnrcxpsihx.dll
c:\windows\system32\UACoewswvbvxwuiwah.dll
c:\windows\system32\UACthtfuwdvaespnii.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-28 11:22 . 2009-05-28 11:22 -------- d-----w c:\documents and settings\Dragana\Application Data\Malwarebytes
2009-05-28 00:20 . 2009-05-28 00:20 -------- d-----w c:\documents and settings\Barbika\Application Data\Malwarebytes
2009-05-27 23:49 . 2009-05-27 23:49 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-27 23:49 . 2009-05-29 18:51 -------- d-----w c:\program files\12345
2009-05-27 23:24 . 2009-03-30 08:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-27 23:24 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-27 23:24 . 2009-02-13 10:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-27 23:24 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-27 23:24 . 2009-05-27 23:24 -------- d-----w c:\program files\Avira
2009-05-27 23:24 . 2009-05-27 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-27 14:32 . 2009-05-27 18:19 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-27 14:32 . 2009-05-27 17:04 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-26 18:09 . 2004-08-05 13:58 65536 ----a-w c:\windows\system32\NeroCo.dll
2009-05-26 18:09 . 2004-08-04 12:19 2031616 ------w c:\windows\UNNeroBurnRights.exe
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2009-05-22 21:40 . 2009-05-22 21:40 -------- d-----w c:\program files\Be Rich
2009-05-22 21:30 . 2009-05-22 21:30 -------- d-----w c:\windows\Be Rich
2009-05-22 21:18 . 2009-05-22 21:21 -------- d-----w c:\documents and settings\Download programs\Big Fish Games - Be Rich + Adnan_Boy 2008 + Pre(zabranjeno)ed
2009-05-22 21:18 . 2009-05-22 21:18 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-22 20:40 . 2000-06-26 08:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-05-22 20:40 . 2004-07-20 14:24 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-05-22 20:40 . 2004-07-09 06:43 364544 ------w c:\windows\system32\TwnLib4.dll
2009-05-22 20:40 . 2004-07-20 14:24 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-05-22 20:40 . 2004-07-20 14:24 262144 ------w c:\windows\system32\ImagXR7.dll
2009-05-22 20:40 . 2004-07-20 14:24 1568768 ------w c:\windows\system32\ImagX7.dll
2009-05-22 20:40 . 2001-06-26 05:15 38912 ------w c:\windows\system32\picn20.dll
2009-05-22 20:40 . 2009-05-22 20:40 -------- d-----w c:\program files\Common Files\Ahead
2009-05-22 20:40 . 2001-07-09 08:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-22 20:40 . 2009-05-26 18:09 -------- d-----w c:\program files\Ahead
2009-05-20 15:48 . 2009-05-20 15:48 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\Microsoft Help
2009-05-20 14:18 . 2006-04-27 23:51 29968 ----a-w c:\windows\system32\mdimon.dll
2009-05-20 14:15 . 2009-05-20 14:15 -------- d-----w c:\documents and settings\Dragana\Local Settings\Application Data\Microsoft Help
2009-05-20 14:15 . 2009-05-22 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-20 00:12 . 2009-05-20 00:12 -------- d-----w c:\program files\Dream Chronicles - The Chosen Child
2009-05-18 20:11 . 2009-05-18 20:11 0 ----a-w c:\windows\nsreg.dat
2009-05-18 20:11 . 2009-05-18 20:11 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\Mozilla
2009-05-18 19:06 . 2009-05-18 19:06 -------- d-----w c:\documents and settings\Dragana\Application Data\Yahoo!
2009-05-18 19:06 . 2009-05-18 19:06 -------- d-----w c:\documents and settings\Dragana\Local Settings\Application Data\Winamp Toolbar
2009-05-15 23:19 . 2009-05-15 23:27 -------- d-----w c:\documents and settings\All Users\Application Data\VirtualFarm
2009-05-14 22:25 . 2009-05-14 23:16 144124179 ----a-w c:\documents and settings\Download programs\Fairy Godmother Tycoon.zip
2009-05-14 22:21 . 2009-05-14 22:21 -------- d-----w c:\documents and settings\Barbika\Application Data\ShinyTales
2009-05-14 22:17 . 2009-05-14 22:17 -------- d-----w c:\program files\Wonderburg
2009-05-14 22:17 . 2009-05-14 22:17 -------- d-----w c:\windows\Wonderburg
2009-05-14 21:08 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\DivoGames
2009-05-14 21:05 . 2009-05-14 21:11 -------- d-----w c:\documents and settings\Download programs\Big Fish Games - Wonderburg + Adnan_Boy 2008 + Pre(zabranjeno)ed
2009-05-13 13:57 . 2009-05-13 13:57 -------- d-----w c:\documents and settings\Download programs\Angels & Demons 2009 TeleSync.DivX.Eng.no subs
2009-05-13 13:45 . 2009-05-13 13:45 -------- d-----w c:\documents and settings\Download programs\Angels & Demons 2009 [DVDrip] [Xvid] [CLEAR RELEASE]-BeastieClock
2009-05-12 14:55 . 2009-05-12 14:55 -------- d-----w c:\documents and settings\Barbika\Application Data\Enchanted Katya
2009-05-12 02:11 . 2009-05-12 14:55 -------- d-----w c:\program files\Enchanted Katya and the Mystery of the Lost Wizard
2009-05-10 13:15 . 2009-05-10 13:15 -------- d-----w c:\windows\Wandering Willows
2009-05-10 13:15 . 2009-05-10 13:15 -------- d-----w c:\program files\Wandering Willows
2009-05-10 13:00 . 2009-05-10 13:00 -------- d-----w c:\documents and settings\Download programs\Reflexive Games - Wandering Willows + Adnan_Boy 2008
2009-05-10 00:54 . 2009-05-10 00:54 -------- d-----w c:\program files\Romopolis
2009-05-10 00:22 . 2009-05-10 00:22 -------- d-----w c:\program files\The Legend of Crystal Valley
2009-05-10 00:14 . 2009-05-10 00:14 -------- d-----w c:\documents and settings\Barbika\Application Data\Boomzap
2009-05-10 00:00 . 2009-05-10 00:01 -------- d-----w c:\program files\Frogs in Love
2009-05-09 23:57 . 2009-05-09 23:57 -------- d-----w c:\documents and settings\Barbika\Application Data\TikGames
2009-05-09 23:57 . 2009-05-09 23:57 -------- d-----w c:\documents and settings\All Users\Application Data\TikGames
2009-05-09 23:54 . 2009-05-09 23:54 -------- d-----w c:\program files\Wild Tribe
2009-05-09 23:40 . 2009-05-09 23:40 -------- d-----w c:\documents and settings\Barbika\Application Data\Playrix Entertainment
2009-05-09 22:46 . 2009-05-09 22:47 -------- d-----w c:\program files\Fishdom H2O - Hidden Odyssey
2009-05-09 21:18 . 2009-05-09 21:18 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\Astar Games
2009-05-09 20:24 . 2009-05-09 20:25 -------- d-----w c:\program files\Laura Jones and the Secret Legacy of Nikola Tesla
2009-05-09 20:16 . 2009-05-09 20:16 -------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-05-09 20:06 . 2009-05-10 12:49 -------- d-----w c:\documents and settings\Download programs\Reflexive - Flower Paradise - New Match 3 - Wendy99
2009-05-09 20:05 . 2009-05-09 20:08 -------- d-----w c:\program files\Adventure Chronicles - The Search for Lost Treasure
2009-05-08 19:48 . 2009-05-08 19:48 -------- d-----w c:\documents and settings\Download programs\BigFish Games - Flux Family Secrets The Ripple Effect with Strategy Guide - New HOG Puzzle - Wendy99
2009-05-07 19:33 . 2009-05-07 19:33 -------- d-----w c:\windows\Flux Family Secrets - The Ripple Effect
2009-05-07 17:13 . 2009-05-07 17:14 -------- d-----w c:\program files\Pocahontas - Princess of Powhatan
2009-05-07 17:13 . 2009-05-07 17:13 -------- d-----w c:\windows\Pocahontas - Princess of Powhatan
2009-05-07 16:51 . 2009-05-07 16:56 -------- d-----w c:\documents and settings\Download programs\Big Fish Games - Pocahontas - Princess of Powhatan + Adnan_Boy 2008
2009-05-07 00:00 . 2009-05-07 00:00 -------- d-----w c:\documents and settings\Barbika\Application Data\Skunk Studios
2009-05-06 23:59 . 2009-05-08 19:45 -------- d-----w c:\program files\Flux Family Secrets - The Ripple Effect
2009-05-06 22:34 . 2009-05-06 22:34 -------- d-----w c:\documents and settings\Barbika\Application Data\Twintale Entertainment
2009-05-06 22:11 . 2009-05-06 22:34 -------- d-----w c:\program files\Pocahontas - Princess of the Powhatan
2009-05-05 01:56 . 2009-05-05 01:57 -------- d-----w c:\documents and settings\Barbika\Application Data\HiT-MM
2009-05-05 01:02 . 2009-05-11 23:11 0 ----a-w c:\windows\system32\drivers\472a45fa.sys
2009-05-03 21:06 . 2009-05-03 21:06 -------- d-----w c:\documents and settings\Download programs\Betoven-_J_
2009-05-03 15:57 . 2009-05-03 15:57 -------- d-----w c:\documents and settings\Dragana\WINDOWS
2009-05-03 15:49 . 2009-05-03 16:03 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-03 15:49 . 2009-05-03 16:03 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-03 15:49 . 2009-05-03 16:03 12067 ----atw c:\windows\system32\SIntf16.dll
2009-05-03 15:45 . 2009-05-03 15:45 -------- d-----w c:\program files\Sierra On-Line
2009-05-03 15:08 . 2009-05-10 12:55 -------- d-----w c:\program files\Games
2009-05-03 14:57 . 2009-05-03 14:59 -------- d-----w c:\documents and settings\Download programs\Cradle of Rome - Match 3 (Requested) [h33t][Wendy99]
2009-05-03 14:11 . 1998-01-23 10:22 304128 ----a-w c:\windows\IsUninst.exe
2009-05-03 13:35 . 2009-05-03 13:35 -------- d-----w c:\documents and settings\Barbika\WINDOWS
2009-05-03 12:43 . 2009-05-03 13:34 -------- d-----w c:\documents and settings\Download programs\Zeus - Master of Olympus
2009-04-30 21:08 . 2009-04-30 21:08 -------- d-----w c:\program files\WildGames
2009-04-30 20:27 . 2009-04-30 20:48 -------- d-----w c:\documents and settings\Download programs\WildGames - National Geographic - Herod's Lost Tomb - RaBBiT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 18:52 . 2008-11-19 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-28 00:08 . 2009-03-26 15:40 -------- d-----w c:\program files\Mystery of Shark Island
2009-05-27 16:36 . 2009-03-26 15:29 -------- d-----w c:\program files\Hide And Secret
2009-05-27 15:01 . 2008-10-20 20:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 16:14 . 2008-10-08 11:18 69840 ----a-w c:\documents and settings\Dragana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 14:57 . 2009-04-22 14:55 261 --s-a-w c:\windows\system32\2698396479.dat
2009-05-22 21:28 . 2008-12-02 22:39 -------- d-----w c:\documents and settings\Barbika\Application Data\uTorrent
2009-05-22 21:12 . 2008-10-26 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-22 20:51 . 2008-10-11 20:05 69840 ----a-w c:\documents and settings\Barbika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 00:13 . 2008-10-22 18:58 -------- d-----w c:\documents and settings\Barbika\Application Data\PlayFirst
2009-05-13 11:50 . 2009-02-06 10:43 -------- d-----w c:\documents and settings\Dragana\Application Data\uTorrent
2009-05-10 00:52 . 2009-03-26 15:47 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-05-05 00:55 . 2008-10-23 23:51 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-05-01 02:03 . 2008-12-02 22:39 -------- d-----w c:\program files\uTorrent
2009-04-23 14:56 . 2008-10-28 21:37 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-18 19:00 . 2009-04-01 19:53 -------- d-----w c:\program files\Cradle Of Persia
2009-04-18 19:00 . 2009-01-09 20:41 -------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-17 10:54 . 2009-04-17 10:53 -------- d-----w c:\program files\All Mortal Combat PC Games Collection
2009-04-14 17:17 . 2009-04-14 17:17 -------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-04-10 17:10 . 2008-10-07 21:14 -------- d-----w c:\program files\Opera
2009-04-09 22:23 . 2009-04-09 22:23 -------- d-----w c:\program files\Opera 10 Preview
2009-04-04 20:01 . 2009-04-04 20:01 -------- d-----w c:\documents and settings\Dragana\Application Data\PC Suite
2009-04-04 14:13 . 2008-10-21 18:53 -------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2009-04-04 14:04 . 2009-02-23 17:15 -------- d-----w c:\program files\GameHouse
2009-04-04 14:04 . 2008-11-19 20:07 -------- d-----w c:\program files\Google
2009-04-04 14:03 . 2009-04-04 14:03 -------- d-----w c:\program files\Big City Adventure SF
2009-04-04 14:02 . 2009-04-04 14:02 -------- d-----w c:\documents and settings\Barbika\Application Data\funkitron
2009-04-04 14:01 . 2009-04-04 14:01 -------- d-----w c:\documents and settings\Barbika\Application Data\EA
2009-04-04 14:01 . 2009-04-04 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\EA
2009-04-04 13:54 . 2009-04-04 13:54 -------- d-----w c:\documents and settings\Barbika\Application Data\Incredible Ink
2009-04-04 13:52 . 2009-04-04 13:52 -------- d-----w c:\documents and settings\Barbika\Application Data\pixelStorm
2009-04-04 13:47 . 2009-04-04 13:47 -------- d-----w c:\documents and settings\Barbika\Application Data\GameBlend
2009-04-04 13:47 . 2009-04-04 13:47 -------- d-----w c:\documents and settings\All Users\Application Data\GameBlend
2009-04-01 20:02 . 2009-04-01 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\Awem
2009-03-31 02:03 . 2009-03-26 15:41 -------- d-----w c:\program files\Mystery Case Files Huntsville
2009-03-31 00:59 . 2009-03-26 15:37 -------- d-----w c:\program files\Paradise Pet Salon
2009-03-30 19:45 . 2009-01-09 20:41 -------- d-----w c:\documents and settings\Barbika\Application Data\Audacity
2009-03-30 01:56 . 2008-12-01 17:29 30 ----a-w c:\windows\popcinfo.dat
2009-03-26 15:37 . 2009-03-26 15:37 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-26 15:37 . 2009-03-26 15:37 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-08 14:11 . 2009-03-08 14:07 23510720 ----a-w c:\documents and settings\Barbika\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2009-03-08 14:03 . 2009-03-08 14:03 249856 ------w c:\windows\Setup1.exe
2009-03-08 14:03 . 2009-03-08 14:03 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-06 14:44 . 2002-08-29 03:41 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 23:19 . 2009-03-05 23:07 39892192 ----a-w c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F2863T1L1\setup_gF2863T1L1_d457044967_l1_s1.exe
2009-03-05 20:17 . 2009-03-05 20:17 8192 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-03-05 20:17 . 2009-03-05 20:17 61440 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-03-05 20:17 . 2009-03-05 20:17 10240 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-03-05 20:16 . 2009-03-05 20:17 33642704 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-03-11 13520896]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-03-11 86016]
"WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\Office Keyboard Driver\StartAutorun.exe" [2005-11-30 94208]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-11-07 73728]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"PMCS"="c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2005-11-08 65536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-11 1626112]

c:\documents and settings\Dragana\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-11 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.5.2009 1:24 108289]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [11.10.2008 18:12 827008]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [7.10.2008 22:08 36864]
S1 472a45fa;472a45fa;c:\windows\system32\drivers\472a45fa.sys [5.5.2009 3:02 0]
S2 srserviceRDSessMgr;System Restore Service srserviceRDSessMgr;c:\windows\system32\1037l.exe srv --> c:\windows\system32\1037l.exe srv [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\PMCS_Wakeup633791306738593750.job
- c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2008-10-11 07:41]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Barbika\Application Data\Mozilla\Firefox\Profiles\ytx9lkcj.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-29 21:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,35,3a,f2,60,68,
c9,8b,a7,2e,e8,e1,00,eb,16,2b,de,35,9b,5e,9c,25,5f,43,76,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,25,f9,41,df,9d,
f3,7c,8b,46,47,15,b0,92,4b,c7,ef,fe,2b,5a,9a,cd,b0,bc,f9,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,db,75,b0,c5,6f,
b5,b6,d3,7a,45,05,fd,91,e8,6f,31,b7,91,03,e2,9d,e6,80,b8,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,87,3f,8b,c6,36,
10,91,19,6b,65,49,6a,7e,99,74,f7,85,9e,57,b9,db,e9,36,54,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,9c,d5,35,d3,52,
bb,f9,06,e9,02,6c,fa,fb,1d,47,57,f2,c0,11,1b,e3,5e,82,0e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ea,7e,27,19,89,
80,c7,56,50,93,e5,ab,ec,6a,4e,ab,ef,5e,3e,0b,e5,e2,01,44,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,bd,d3,a9,07,7d,
5f,55,79,97,20,4e,9a,c7,f1,35,ee,31,ec,5e,90,86,fc,78,ad,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,55,b3,1f,68,bd,
cf,9e,fb,aa,52,c6,00,84,3c,26,64,37,fe,b8,22,4f,ae,74,22,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,37,2d,61,7d,96,
8f,3c,24,b2,46,9a,e2,1b,fe,1b,94,18,15,cd,2b,b6,1b,47,1f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3d,59,90,ed,26,
72,7f,f2,37,a4,aa,c3,a6,15,56,0a,d4,90,b4,14,a8,a1,36,4b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,56,16,18,5f,77,
a4,92,4d,f8,31,0f,a9,5f,a0,ec,fb,df,3c,a9,ef,8c,14,6b,51,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,4d,bf,43,76,98,
c5,44,a1,05,73,21,dd,54,d8,4a,c5,c3,2a,8d,b9,36,e0,96,1f,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-05-29 21:13
ComboFix-quarantined-files.txt 2009-05-29 19:13

Pre-Run: 131.149.725.696 bytes free
Post-Run: 135.187.722.240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

331 --- E O F --- 2009-04-16 01:01

Dopuna: 29 Maj 2009 21:21

Ovo je izvestaj, potpun je, sada cu da pokrenem anivirus da vidim sta smo uradili.

Dopuna: 29 Maj 2009 21:38

Malwarebytes' Anti-Malware 1.37
Database version: 2193
Windows 5.1.2600 Service Pack 2

29.5.2009 21:30:14
mbam-log-2009-05-29 (21-30-14).txt

Scan type: Quick Scan
Objects scanned: 90562
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ovo je izvestaj, lepo kaze nema nista, ljudi pa vi ste kraljevi, nemam pojma kako da vam se zahvalim.......
Hvalaaaaaaaaaaaaaaa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovo ces da iskljucis antivirus

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\472a45fa.sys
c:\windows\system32\1037l.exe

Driver::
472a45fa
srserviceRDSessMgr

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-28.09 - Barbika 31.05.2009 20:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1408 [GMT 2:00]
Running from: c:\documents and settings\Barbika\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Barbika\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\1037l.exe"
"c:\windows\system32\drivers\472a45fa.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\472a45fa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SRSERVICERDSESSMGR
-------\Service_472a45fa
-------\Service_srserviceRDSessMgr


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 13:34 . 2009-05-31 15:49 -------- d-----w c:\documents and settings\Download programs\Night At The Museum Battle Of The Smithsonian 2009 TELESYNCpl-team
2009-05-31 07:16 . 2009-05-31 13:26 -------- d-----w c:\documents and settings\Download programs\Angels.And.Demons.TS.XviD-HOMEMADE.[www.FilmsBT.com]
2009-05-31 07:11 . 2009-05-31 07:11 -------- d-----w c:\documents and settings\Download programs\Night At The Museum 2 Battle Of The Smithsonian 2009 UNCROPPED CAM-STG (Kingdom-KvCD by Dingie)
2009-05-29 20:03 . 2009-05-29 20:03 33808 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-29 20:03 . 2009-05-29 20:03 206088 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-29 20:03 . 2009-05-29 20:03 226832 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-29 19:38 . 2009-05-29 20:03 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-29 19:38 . 2009-05-29 20:03 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-29 19:37 . 2009-05-31 19:00 401440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-29 19:37 . 2009-05-31 19:00 2268704 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-29 19:37 . 2009-05-29 19:37 -------- d-----w c:\program files\Kaspersky Lab
2009-05-28 11:22 . 2009-05-28 11:22 -------- d-----w c:\documents and settings\Dragana\Application Data\Malwarebytes
2009-05-28 00:20 . 2009-05-28 00:20 -------- d-----w c:\documents and settings\Barbika\Application Data\Malwarebytes
2009-05-27 23:49 . 2009-05-27 23:49 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-27 23:49 . 2009-05-31 19:01 -------- d-----w c:\program files\12345
2009-05-27 23:24 . 2009-03-30 08:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-27 23:24 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-27 23:24 . 2009-02-13 10:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-27 23:24 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-27 23:24 . 2009-05-27 23:24 -------- d-----w c:\program files\Avira
2009-05-27 23:24 . 2009-05-27 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-27 14:32 . 2009-05-31 12:30 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-27 14:32 . 2009-05-27 17:04 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-26 18:09 . 2004-08-05 13:58 65536 ----a-w c:\windows\system32\NeroCo.dll
2009-05-26 18:09 . 2004-08-04 12:19 2031616 ------w c:\windows\UNNeroBurnRights.exe
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2009-05-22 21:40 . 2009-05-22 21:40 -------- d-----w c:\program files\Be Rich
2009-05-22 21:30 . 2009-05-22 21:30 -------- d-----w c:\windows\Be Rich
2009-05-22 21:18 . 2009-05-22 21:21 -------- d-----w c:\documents and settings\Download programs\Big Fish Games - Be Rich + Adnan_Boy 2008 + Pre(zabranjeno)ed
2009-05-22 21:18 . 2009-05-22 21:18 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-22 20:40 . 2000-06-26 08:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-05-22 20:40 . 2004-07-20 14:24 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-05-22 20:40 . 2004-07-09 06:43 364544 ------w c:\windows\system32\TwnLib4.dll
2009-05-22 20:40 . 2004-07-20 14:24 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-05-22 20:40 . 2004-07-20 14:24 262144 ------w c:\windows\system32\ImagXR7.dll
2009-05-22 20:40 . 2004-07-20 14:24 1568768 ------w c:\windows\system32\ImagX7.dll
2009-05-22 20:40 . 2001-06-26 05:15 38912 ------w c:\windows\system32\picn20.dll
2009-05-22 20:40 . 2009-05-22 20:40 -------- d-----w c:\program files\Common Files\Ahead
2009-05-22 20:40 . 2001-07-09 08:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-22 20:40 . 2009-05-26 18:09 -------- d-----w c:\program files\Ahead
2009-05-20 15:48 . 2009-05-20 15:48 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\Microsoft Help
2009-05-20 14:18 . 2006-04-27 23:51 29968 ----a-w c:\windows\system32\mdimon.dll
2009-05-20 14:15 . 2009-05-20 14:15 -------- d-----w c:\documents and settings\Dragana\Local Settings\Application Data\Microsoft Help
2009-05-20 14:15 . 2009-05-22 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-20 00:12 . 2009-05-20 00:12 -------- d-----w c:\program files\Dream Chronicles - The Chosen Child
2009-05-18 20:11 . 2009-05-18 20:11 0 ----a-w c:\windows\nsreg.dat
2009-05-18 20:11 . 2009-05-18 20:11 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\Mozilla
2009-05-18 19:06 . 2009-05-18 19:06 -------- d-----w c:\documents and settings\Dragana\Application Data\Yahoo!
2009-05-18 19:06 . 2009-05-18 19:06 -------- d-----w c:\documents and settings\Dragana\Local Settings\Application Data\Winamp Toolbar
2009-05-15 23:19 . 2009-05-15 23:27 -------- d-----w c:\documents and settings\All Users\Application Data\VirtualFarm
2009-05-14 22:25 . 2009-05-14 23:16 144124179 ----a-w c:\documents and settings\Download programs\Fairy Godmother Tycoon.zip
2009-05-14 22:21 . 2009-05-14 22:21 -------- d-----w c:\documents and settings\Barbika\Application Data\ShinyTales
2009-05-14 22:17 . 2009-05-14 22:17 -------- d-----w c:\program files\Wonderburg
2009-05-14 22:17 . 2009-05-14 22:17 -------- d-----w c:\windows\Wonderburg
2009-05-14 21:08 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\DivoGames
2009-05-14 21:05 . 2009-05-14 21:11 -------- d-----w c:\documents and settings\Download programs\Big Fish Games - Wonderburg + Adnan_Boy 2008 + Pre(zabranjeno)ed
2009-05-13 13:57 . 2009-05-13 13:57 -------- d-----w c:\documents and settings\Download programs\Angels & Demons 2009 TeleSync.DivX.Eng.no subs
2009-05-13 13:45 . 2009-05-13 13:45 -------- d-----w c:\documents and settings\Download programs\Angels & Demons 2009 [DVDrip] [Xvid] [CLEAR RELEASE]-BeastieClock
2009-05-12 14:55 . 2009-05-12 14:55 -------- d-----w c:\documents and settings\Barbika\Application Data\Enchanted Katya
2009-05-12 02:11 . 2009-05-12 14:55 -------- d-----w c:\program files\Enchanted Katya and the Mystery of the Lost Wizard
2009-05-10 13:15 . 2009-05-10 13:15 -------- d-----w c:\windows\Wandering Willows
2009-05-10 13:15 . 2009-05-10 13:15 -------- d-----w c:\program files\Wandering Willows
2009-05-10 13:00 . 2009-05-10 13:00 -------- d-----w c:\documents and settings\Download programs\Reflexive Games - Wandering Willows + Adnan_Boy 2008
2009-05-10 00:54 . 2009-05-10 00:54 -------- d-----w c:\program files\Romopolis
2009-05-10 00:22 . 2009-05-10 00:22 -------- d-----w c:\program files\The Legend of Crystal Valley
2009-05-10 00:14 . 2009-05-10 00:14 -------- d-----w c:\documents and settings\Barbika\Application Data\Boomzap
2009-05-10 00:00 . 2009-05-10 00:01 -------- d-----w c:\program files\Frogs in Love
2009-05-09 23:57 . 2009-05-09 23:57 -------- d-----w c:\documents and settings\Barbika\Application Data\TikGames
2009-05-09 23:57 . 2009-05-09 23:57 -------- d-----w c:\documents and settings\All Users\Application Data\TikGames
2009-05-09 23:54 . 2009-05-09 23:54 -------- d-----w c:\program files\Wild Tribe
2009-05-09 23:40 . 2009-05-09 23:40 -------- d-----w c:\documents and settings\Barbika\Application Data\Playrix Entertainment
2009-05-09 22:46 . 2009-05-09 22:47 -------- d-----w c:\program files\Fishdom H2O - Hidden Odyssey
2009-05-09 21:18 . 2009-05-09 21:18 -------- d-----w c:\documents and settings\Barbika\Local Settings\Application Data\Astar Games
2009-05-09 20:24 . 2009-05-09 20:25 -------- d-----w c:\program files\Laura Jones and the Secret Legacy of Nikola Tesla
2009-05-09 20:16 . 2009-05-09 20:16 -------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-05-09 20:06 . 2009-05-10 12:49 -------- d-----w c:\documents and settings\Download programs\Reflexive - Flower Paradise - New Match 3 - Wendy99
2009-05-09 20:05 . 2009-05-09 20:08 -------- d-----w c:\program files\Adventure Chronicles - The Search for Lost Treasure
2009-05-08 19:48 . 2009-05-08 19:48 -------- d-----w c:\documents and settings\Download programs\BigFish Games - Flux Family Secrets The Ripple Effect with Strategy Guide - New HOG Puzzle - Wendy99
2009-05-07 19:33 . 2009-05-07 19:33 -------- d-----w c:\windows\Flux Family Secrets - The Ripple Effect
2009-05-07 17:13 . 2009-05-07 17:14 -------- d-----w c:\program files\Pocahontas - Princess of Powhatan
2009-05-07 17:13 . 2009-05-07 17:13 -------- d-----w c:\windows\Pocahontas - Princess of Powhatan
2009-05-07 16:51 . 2009-05-07 16:56 -------- d-----w c:\documents and settings\Download programs\Big Fish Games - Pocahontas - Princess of Powhatan + Adnan_Boy 2008
2009-05-07 00:00 . 2009-05-07 00:00 -------- d-----w c:\documents and settings\Barbika\Application Data\Skunk Studios
2009-05-06 23:59 . 2009-05-08 19:45 -------- d-----w c:\program files\Flux Family Secrets - The Ripple Effect
2009-05-06 22:34 . 2009-05-06 22:34 -------- d-----w c:\documents and settings\Barbika\Application Data\Twintale Entertainment
2009-05-06 22:11 . 2009-05-06 22:34 -------- d-----w c:\program files\Pocahontas - Princess of the Powhatan
2009-05-05 01:56 . 2009-05-05 01:57 -------- d-----w c:\documents and settings\Barbika\Application Data\HiT-MM
2009-05-03 21:06 . 2009-05-03 21:06 -------- d-----w c:\documents and settings\Download programs\Betoven-_J_
2009-05-03 15:57 . 2009-05-03 15:57 -------- d-----w c:\documents and settings\Dragana\WINDOWS
2009-05-03 15:49 . 2009-05-03 16:03 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-03 15:49 . 2009-05-03 16:03 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-03 15:49 . 2009-05-03 16:03 12067 ----atw c:\windows\system32\SIntf16.dll
2009-05-03 15:45 . 2009-05-03 15:45 -------- d-----w c:\program files\Sierra On-Line
2009-05-03 15:08 . 2009-05-10 12:55 -------- d-----w c:\program files\Games
2009-05-03 14:57 . 2009-05-03 14:59 -------- d-----w c:\documents and settings\Download programs\Cradle of Rome - Match 3 (Requested) [h33t][Wendy99]
2009-05-03 14:11 . 1998-01-23 10:22 304128 ----a-w c:\windows\IsUninst.exe
2009-05-03 13:35 . 2009-05-03 13:35 -------- d-----w c:\documents and settings\Barbika\WINDOWS
2009-05-03 12:43 . 2009-05-03 13:34 -------- d-----w c:\documents and settings\Download programs\Zeus - Master of Olympus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 19:00 . 2009-05-29 19:37 2452 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-31 19:00 . 2009-05-29 19:37 19852 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-31 18:27 . 2008-12-02 22:39 -------- d-----w c:\documents and settings\Barbika\Application Data\uTorrent
2009-05-29 20:03 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-29 18:52 . 2008-11-19 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-28 00:08 . 2009-03-26 15:40 -------- d-----w c:\program files\Mystery of Shark Island
2009-05-27 16:36 . 2009-03-26 15:29 -------- d-----w c:\program files\Hide And Secret
2009-05-27 15:01 . 2008-10-20 20:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 16:14 . 2008-10-08 11:18 69840 ----a-w c:\documents and settings\Dragana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 14:57 . 2009-04-22 14:55 261 --s-a-w c:\windows\system32\2698396479.dat
2009-05-22 21:12 . 2008-10-26 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-22 20:51 . 2008-10-11 20:05 69840 ----a-w c:\documents and settings\Barbika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 00:13 . 2008-10-22 18:58 -------- d-----w c:\documents and settings\Barbika\Application Data\PlayFirst
2009-05-13 11:50 . 2009-02-06 10:43 -------- d-----w c:\documents and settings\Dragana\Application Data\uTorrent
2009-05-10 00:52 . 2009-03-26 15:47 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-05-05 00:55 . 2008-10-23 23:51 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-05-01 02:03 . 2008-12-02 22:39 -------- d-----w c:\program files\uTorrent
2009-04-30 21:08 . 2009-04-30 21:08 -------- d-----w c:\program files\WildGames
2009-04-23 14:56 . 2008-10-28 21:37 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-18 19:00 . 2009-04-01 19:53 -------- d-----w c:\program files\Cradle Of Persia
2009-04-18 19:00 . 2009-01-09 20:41 -------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-17 10:54 . 2009-04-17 10:53 -------- d-----w c:\program files\All Mortal Combat PC Games Collection
2009-04-14 17:17 . 2009-04-14 17:17 -------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-04-10 17:10 . 2008-10-07 21:14 -------- d-----w c:\program files\Opera
2009-04-09 22:23 . 2009-04-09 22:23 -------- d-----w c:\program files\Opera 10 Preview
2009-04-04 20:01 . 2009-04-04 20:01 -------- d-----w c:\documents and settings\Dragana\Application Data\PC Suite
2009-04-04 14:13 . 2008-10-21 18:53 -------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2009-04-04 14:04 . 2009-02-23 17:15 -------- d-----w c:\program files\GameHouse
2009-04-04 14:04 . 2008-11-19 20:07 -------- d-----w c:\program files\Google
2009-04-04 14:03 . 2009-04-04 14:03 -------- d-----w c:\program files\Big City Adventure SF
2009-04-04 14:02 . 2009-04-04 14:02 -------- d-----w c:\documents and settings\Barbika\Application Data\funkitron
2009-04-04 14:01 . 2009-04-04 14:01 -------- d-----w c:\documents and settings\Barbika\Application Data\EA
2009-04-04 14:01 . 2009-04-04 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\EA
2009-04-04 13:54 . 2009-04-04 13:54 -------- d-----w c:\documents and settings\Barbika\Application Data\Incredible Ink
2009-04-04 13:52 . 2009-04-04 13:52 -------- d-----w c:\documents and settings\Barbika\Application Data\pixelStorm
2009-04-04 13:47 . 2009-04-04 13:47 -------- d-----w c:\documents and settings\Barbika\Application Data\GameBlend
2009-04-04 13:47 . 2009-04-04 13:47 -------- d-----w c:\documents and settings\All Users\Application Data\GameBlend
2009-04-01 20:02 . 2009-04-01 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\Awem
2009-03-30 01:56 . 2008-12-01 17:29 30 ----a-w c:\windows\popcinfo.dat
2009-03-26 15:37 . 2009-03-26 15:37 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-26 15:37 . 2009-03-26 15:37 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-08 14:11 . 2009-03-08 14:07 23510720 ----a-w c:\documents and settings\Barbika\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2009-03-08 14:03 . 2009-03-08 14:03 249856 ------w c:\windows\Setup1.exe
2009-03-08 14:03 . 2009-03-08 14:03 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-06 14:44 . 2002-08-29 03:41 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 23:19 . 2009-03-05 23:07 39892192 ----a-w c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F2863T1L1\setup_gF2863T1L1_d457044967_l1_s1.exe
2009-03-05 20:17 . 2009-03-05 20:17 8192 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-03-05 20:17 . 2009-03-05 20:17 61440 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-03-05 20:17 . 2009-03-05 20:17 10240 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-03-05 20:16 . 2009-03-05 20:17 33642704 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-11 17:58 . 2008-11-11 17:58 25601 c:\windows\system32\drivers\klopp.dat
+ 2008-04-30 15:06 . 2008-04-30 15:06 24592 c:\windows\system32\drivers\klim5.sys
+ 2008-03-13 16:02 . 2008-03-13 16:02 26640 c:\windows\system32\drivers\klfltdev.sys
- 2008-10-07 20:00 . 2009-05-16 22:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-07 20:00 . 2009-05-31 09:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-07 20:00 . 2009-05-31 09:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-07 20:00 . 2009-05-16 22:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-07 20:00 . 2009-05-16 22:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-07 20:00 . 2009-05-31 09:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-11 18:00 . 2008-11-11 18:00 218376 c:\windows\system32\klogon.dll
+ 2009-05-29 19:37 . 2009-05-29 20:03 226832 c:\windows\system32\drivers\klif.sys
+ 2008-07-21 15:34 . 2008-07-21 15:34 121872 c:\windows\system32\drivers\kl1.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-03-11 13520896]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-03-11 86016]
"WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\Office Keyboard Driver\StartAutorun.exe" [2005-11-30 94208]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-11-07 73728]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"PMCS"="c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2005-11-08 65536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-29 206088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-11 1626112]

c:\documents and settings\Dragana\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-11 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 17:29 33808]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.5.2009 1:24 108289]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [11.10.2008 18:12 827008]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [7.10.2008 22:08 36864]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.3.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.4.2008 17:06 24592]
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-19 23:29]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Barbika\Application Data\Mozilla\Firefox\Profiles\ytx9lkcj.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-31 21:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,35,3a,f2,60,68,
c9,8b,a7,2e,e8,e1,00,eb,16,2b,de,35,9b,5e,9c,25,5f,43,76,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,25,f9,41,df,9d,
f3,7c,8b,46,47,15,b0,92,4b,c7,ef,fe,2b,5a,9a,cd,b0,bc,f9,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,db,75,b0,c5,6f,
b5,b6,d3,7a,45,05,fd,91,e8,6f,31,b7,91,03,e2,9d,e6,80,b8,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,87,3f,8b,c6,36,
10,91,19,6b,65,49,6a,7e,99,74,f7,85,9e,57,b9,db,e9,36,54,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,9c,d5,35,d3,52,
bb,f9,06,e9,02,6c,fa,fb,1d,47,57,f2,c0,11,1b,e3,5e,82,0e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ea,7e,27,19,89,
80,c7,56,50,93,e5,ab,ec,6a,4e,ab,ef,5e,3e,0b,e5,e2,01,44,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,bd,d3,a9,07,7d,
5f,55,79,97,20,4e,9a,c7,f1,35,ee,31,ec,5e,90,86,fc,78,ad,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,55,b3,1f,68,bd,
cf,9e,fb,aa,52,c6,00,84,3c,26,64,37,fe,b8,22,4f,ae,74,22,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,37,2d,61,7d,96,
8f,3c,24,b2,46,9a,e2,1b,fe,1b,94,18,15,cd,2b,b6,1b,47,1f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3d,59,90,ed,26,
72,7f,f2,37,a4,aa,c3,a6,15,56,0a,d4,90,b4,14,a8,a1,36,4b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,56,16,18,5f,77,
a4,92,4d,f8,31,0f,a9,5f,a0,ec,fb,df,3c,a9,ef,8c,14,6b,51,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,4d,bf,43,76,98,
c5,44,a1,05,73,21,dd,54,d8,4a,c5,c3,2a,8d,b9,36,e0,96,1f,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Office Keyboard Driver\PS2USBKbdDrv.exe
c:\program files\Multimedia Mouse Driver\MouseDrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-31 21:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 19:05
ComboFix2.txt 2009-05-29 19:13

Pre-Run: 131.083.087.872 bytes free
Post-Run: 131.153.780.736 bytes free

375 --- E O F --- 2009-04-16 01:01

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imas dva antivirusa na kompu, odakle sad Kaspersky? Moras da deinstaliras jedan, odluci se koji ces da ostavis.

Stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ostavila sam samo Malwarebytes, a evo i loga:
Malwarebytes' Anti-Malware 1.37
Database version: 2202
Windows 5.1.2600 Service Pack 2

31.5.2009 21:34:47
mbam-log-2009-05-31 (21-34-47).txt

Scan type: Quick Scan
Objects scanned: 92233
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jao ubicu te pa jel imas sad neki antivirus na kompu, malwarebytes nije antivirus. Mozes i njega da zadrzis, ali antivirus moras da imas, ali samo jedan. Kazi mi kakvo je stanje sada. Imas li jos uvek problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Xe, Xe pa nisam znala da Malwarebytes nije antivirus, pa ja sam ti totalni laik. Evo instaliram Kaspersky za sada. Komp mi radi brze, mognpr da defragmentujem hd (sto nisam mogla), ali me Nero i dalj zeza, evo loga:
Dada

1A20-020E-0000-1349-1210-6697*

Windows XP 5.1
IA32
WinAspi: -
ahead WinASPI: File 'C:\Program Files\Ahead\nero\Wnaspi32.dll': Ver=2.0.1.68, size=160016 bytes, created 22.7.2004 16:33:44
Nero version: 6.3.1.26 (Nero Express)
Recorder: < Image Recorder> Version: Not available - HA -1 TA 0 - 6.3.1.26
Adapter driver: <Virtual Device> HA -1
Drive buffer :
CD-ROM: <HL-DT-ST DVDRAM GH20NS15 >Version: IL00 - HA 1 TA 1 - 6.3.1.26
Adapter driver: <atapi> HA 1

=== Scsi-Device-Map ===
DiskPeripheral : WDC WD5000AAKS-00YGA0 atapi Port 1 ID 0 DMA: On
CdRomPeripheral : HL-DT-ST DVDRAM GH20NS15 atapi Port 1 ID 1 DMA: On

=== CDRom-Device-Map ===
HL-DT-ST DVDRAM GH20NS15 D: CDRom0
=======================

AutoRun : 1
Excluded drive IDs:
WriteBufferSize: 83886080 (0) Byte
ShowDrvBufStat : 0
BUFE : 0
Physical memory : 2047MB (2096236kB)
Free physical memory: 1527MB (1564412kB)
Memory in use : 25 %
Uncached PFiles: 0x0
Use Static Write Speed Table: 0
Use Inquiry : 1
Global Bus Type: default (0)
Check supported media : Disabled (0)

31.5.2009
ISO compilation
21:43:29 #1 Text 0 File Isodoc.cpp, Line 6083
Iso document burn settings
------------------------------------------
Determine maximum speed : FALSE
Simulate : FALSE
Write : TRUE
Finalize CD : TRUE
Multisession : FALSE
Burning mode : DAO
Mode : 1
ISO Level : 1 (Max. of 11 = 8 + 3 char)
Character set : ISO 9660
Joliet : TRUE
Allow pathdepth more than 8 directories : FALSE
Allow more than 255 characters in path : FALSE
Write ISO9660 ;1 file extensions : TRUE

21:43:29 #2 Text 0 File Reader.cpp, Line 126
Reader running

21:43:29 #3 ISO9660GEN -11 File geniso.cpp, Line 3899
First writeable address = 0 (0x00000000)

21:43:29 #4 Text 0 File Burncd.cpp, Line 3152
Turn on Disc-at-once, using DVD media

21:43:29 #5 Text 0 File DlgWaitCD.cpp, Line 247
Last possible write address on media: 2147483646 (477218:35.21, 4194303MB)
Last address to be written: 1435487 (318:59.62, 2803MB)

21:43:29 #6 Text 0 File DlgWaitCD.cpp, Line 259
Write in overburning mode: NO (enabled: CD)

21:43:29 #7 Text 0 File DlgWaitCD.cpp, Line 2162
Recorder: Image Recorder;
CD type reading failed
ATIP Data: ?

21:43:29 #8 Text 0 File DlgWaitCD.cpp, Line 420
>>> Protocol of DlgWaitCD activities: <<<
=========================================

21:43:29 #9 Text 0 File ThreadedTransferInterface.cpp, Line 813
Setup items (after recorder preparation)
0: TRM_DATA_MODE1 (CTransferItem)
2 indices, index0 (150) not provided
original disc pos #0 + 1435488 (1435488-) = #1435488/318:59.63
relocatable, disc pos for caching/writing not required/required, no patch infos
-> TRM_DATA_MODE1, 2048, config 0, wanted index0 0 blocks, length 1435488 blocks [ Image Recorder ]
--------------------------------------------------------------

21:43:31 #10 Phase 40 File dlgbrnst.cpp, Line 1855
Aborted by user


Existing drivers:
File 'Drivers\CDRALW2K.SYS': Ver=8.0.0.212 , size=9464 bytes, created 2.2.2007 3:00:00
File 'Drivers\PXHELP20.SYS': Ver=3.00.56a, size=43528 bytes, created 29.3.2007 3:00:00 (Prassi/Veritas driver for win 2K)
File 'Drivers\atapi.sys': Ver=5.1.2600.2180 (xpsp_sp2_rtm.040803-2158-), size=95360 bytes, created 3.8.2004 22:59:44 (Adapter driver for src)

Registry Keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\AllocateCDROMs : 0 (Security Option)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako stoje stvari, sto se tice malware-a sve je cisto i mi smo ovde zavrsili.
Vrati se na Windows forum i napisi da je sve ok sto se malware-a tice i da problem sa Nerom ostaje, tako da ljudi znaju, i neko ce ti vec pomoci.
Ostaje samo da deinstaliras Combofix.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.