evo kopiro sam hijackthis

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:03, on 31.12.2008
Platform: Windows XP SP3, v.3180 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sinisa\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcAQGYq.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - C:\WINDOWS\system32\fncgkffy.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {894B1340-1251-4D83-B645-873920E59DAE} - C:\WINDOWS\system32\pmnnLBsq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - srtest.com/srl_bin/sysreqlab_srl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: efcAQGYq - C:\WINDOWS\SYSTEM32\efcAQGYq.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9332 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skinuo sam sa te prve adrese combofix , i pritisnuo sam run , on jepoceo da skenira nesto i onda se pojavilo kao da on nalazi antivirus nod 32 2.5 i da ga trebam da iskljucim , ja sam ga iskljucio ali on idalje ga nalazi i kaze ako hocu da nastavim da moze da dodje do ostecenja i da idem na svoj rizik i ja sam ga tu iskljucio posto imam dosta nekih podataka u kompjuteru koji mi trebaju , znas li jeli ja trebam da izbrisem skroz ovaj nod32 ili samo da ja pritiskam ok kada mi bude izbacivao ove gore navedene poruke

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

NOD32 ces da iskljucis na sledeci nacin:

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-12-31.01 - Sinisa 2009-01-01 19:38:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1157 [GMT 1:00]
Running from: c:\documents and settings\Sinisa\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *On-access scanning disabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\efcAQGYq.dll
c:\windows\system32\fncgkffy.dll
c:\windows\system32\iymaibbp.ini
c:\windows\system32\pbbiamyi.dll
c:\windows\system32\pmnnLBsq.dll
c:\windows\system32\qsBLnnmp.ini
c:\windows\system32\qsBLnnmp.ini2

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-30 20:36 . 2008-12-30 20:37 83,968 --a------ C:\nksn.exe
2008-12-30 00:08 . 2008-12-30 00:08 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-30 00:05 . 2008-12-30 00:05 <DIR> d-------- c:\windows\system32\xlive
2008-12-30 00:05 . 2008-12-30 20:40 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-29 18:49 . 2008-12-29 19:20 <DIR> d-------- c:\program files\InterVideo
2008-12-29 18:49 . 2001-12-10 18:42 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2008-12-29 18:49 . 2001-12-10 18:42 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2008-12-29 18:49 . 2001-12-10 18:42 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2008-12-29 18:49 . 2001-12-10 18:42 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2008-12-29 18:49 . 2001-12-10 18:42 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2008-12-29 18:49 . 2001-12-10 18:42 20,480 --a------ c:\windows\system32\IVIresize.dll
2008-12-27 00:21 . 2008-12-27 00:21 <DIR> d-------- c:\documents and settings\Sinisa\Application Data\Network Associates
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\program files\Common Files\Network Associates
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Network Associates
2008-12-26 22:13 . 2008-12-27 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2008-12-26 22:06 . 2008-12-26 22:07 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-24 19:54 . 2004-08-30 21:00 366,080 --a------ c:\windows\system32\doskeys.exe
2008-12-24 19:54 . 2008-12-24 19:54 52,736 --a------ c:\windows\system32\dllhosts.exe
2008-12-24 19:54 . 2008-12-24 19:54 37,888 --a------ c:\windows\system32\rar.exe
2008-12-20 23:47 . 2008-12-20 23:47 <DIR> d--hs---- C:\WinDVRHistory
2008-12-20 22:55 . 2008-12-20 22:55 <DIR> d-------- c:\documents and settings\Sinisa\Application Data\MMToolz
2008-12-03 14:50 . 2008-12-03 14:50 <DIR> d-------- c:\program files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 18:43 --------- d-----w c:\documents and settings\Sinisa\Application Data\BitTorrent
2008-12-30 19:35 --------- d-----w c:\program files\ESET
2008-12-29 22:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 18:55 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-12-20 21:10 --------- d-----w c:\program files\KMPlayer
2008-11-22 23:06 --------- d-----w c:\documents and settings\Sinisa\Application Data\Azureus
2008-11-22 23:03 --------- d-----w c:\program files\AskBarDis
2008-11-22 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-22 17:02 --------- d-----w c:\documents and settings\Sinisa\Application Data\Leadertech
2008-11-21 16:12 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-19 13:26 --------- d-----w c:\documents and settings\Sinisa\Application Data\DNA
2008-11-18 13:23 --------- d-----w c:\program files\DNA
2008-11-03 11:34 --------- d-----w c:\documents and settings\Sinisa\Application Data\Nokia Multimedia Player
2008-11-01 15:32 --------- d-----w c:\program files\Nokia
2008-11-01 15:32 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-01 15:32 --------- d-----w c:\program files\Common Files\Nokia
2008-11-01 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-10-29 21:14 22,328 ----a-w c:\documents and settings\Sinisa\Application Data\PnkBstrK.sys
2008-08-08 14:15 88 --sha-r c:\windows\system32\A3D6196DB1.sys
2008-08-08 14:15 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-07-06 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 22:37 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-07-06 11:44 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-19 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BitTorrent"="d:\program files\BitTorrent\bittorrent.exe" [2008-09-27 634672]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-01 917504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 111928]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
"WINSCHEDULER"="c:\progra~1\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 139264]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="dllhosts.exe" [2008-12-24 c:\windows\system32\dllhosts.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-12-29 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TGbox\\Gbox Control\\webinterface\\bin\\apache\\mapache.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PES 09\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6168:TCP"= 6168:TCP:Gbox
"6168:UDP"= 6168:UDP:gbox

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-23 464264]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2008-04-01 19616]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1d63573-d6ac-11dd-9bc9-001bfceab0d5}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1213910032.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2009-01-01 c:\windows\Tasks\tejtitfx.job
- c:\windows\system32\rundll32.exe [2007-07-19 05:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{77AB5974-55A3-4737-9FD5-B93C64307F78} - c:\windows\system32\fncgkffy.dll
BHO-{894B1340-1251-4D83-B645-873920E59DAE} - c:\windows\system32\pmnnLBsq.dll
HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe
HKLM-Run-SunJavaUpdateSched - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-01 19:44:47
Windows 5.1.2600 Service Pack 3, v.3180 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\N*NULL*e*NULL*e*NULL*d*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*S*NULL*p*NULL*e*NULL*e*NULL*d*NULL*"! *NULL*M*NULL*o*NULL*s*NULL*t*NULL* *NULL*W*NULL*a*NULL*n*NULL*t*NULL*e*NULL*d*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,b4,05,00,00,01,00,00,00,0a,00,00,00,8a,00,\
00,00,00,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,32,\
00,49,00,00,00,af,38,cc,6b,20,00,43,48,45,43,4b,46,7e,31,2e,55,52,4c,00,00,\
40,00,03,00,04,00,ef,be,af,38,cc,6b,43,39,75,4c,14,00,00,00,43,00,68,00,65,\
00,63,00,6b,00,20,00,46,00,6f,00,72,00,20,00,55,00,70,00,64,00,61,00,74,00,\
65,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
00,1c,00,00,00,00,00,00,00,00,00,7c,00,00,00,01,00,00,00,6e,00,00,00,41,75,\
67,4d,02,00,00,00,01,00,00,00,5c,00,32,00,75,03,00,00,af,38,cc,6b,20,00,45,\
41,53,59,49,4e,7e,31,2e,4c,4e,4b,00,00,32,00,03,00,04,00,ef,be,af,38,cc,6b,\
43,39,75,4c,14,00,00,00,45,00,41,00,73,00,79,00,20,00,49,00,6e,00,66,00,6f,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,98,00,00,00,02,00,00,00,8a,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,78,00,32,00,81,03,00,00,af,38,cc,6b,20,00,45,4c,\
45,43,54,52,7e,31,2e,4c,4e,4b,00,00,4e,00,03,00,04,00,ef,be,af,38,cc,6b,43,\
39,76,4c,14,00,00,00,45,00,6c,00,65,00,63,00,74,00,72,00,6f,00,6e,00,69,00,\
63,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,03,00,00,00,88,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,03,03,00,00,af,38,cc,6b,20,00,\
4d,49,43,52,4f,53,7e,31,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,af,38,cc,\
6b,43,39,76,4c,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
74,00,20,00,44,00,69,00,72,00,65,00,63,00,74,00,58,00,20,00,45,00,55,00,4c,\
00,41,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,a0,00,00,00,04,00,00,00,92,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,80,00,32,00,a8,03,00,00,af,38,cc,6b,20,00,\
4e,45,45,44,46,4f,7e,31,2e,4c,4e,4b,00,00,56,00,03,00,04,00,ef,be,af,38,cc,\
6b,43,39,76,4c,14,00,00,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,00,72,00,\
20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,00,4d,00,6f,00,73,00,74,00,20,\
00,57,00,61,00,6e,00,74,00,65,00,64,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,b2,00,00,\
00,05,00,00,00,a4,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,92,00,32,00,\
6c,03,00,00,af,38,cd,6b,20,00,4e,45,45,44,46,4f,7e,32,2e,4c,4e,4b,00,00,68,\
00,03,00,04,00,ef,be,af,38,cd,6b,43,39,76,4c,14,00,00,00,4e,00,65,00,65,00,\
64,00,20,00,66,00,6f,00,72,00,20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,\
00,4d,00,6f,00,73,00,74,00,20,00,57,00,61,00,6e,00,74,00,65,00,64,00,20,00,\
53,00,61,00,66,00,65,00,6d,00,6f,00,64,00,65,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
78,00,00,00,06,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,\
00,32,00,13,03,00,00,af,38,cc,6b,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,\
00,00,2e,00,03,00,04,00,ef,be,af,38,cc,6b,43,39,76,4c,14,00,00,00,52,00,65,\
00,61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,07,\
00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,fe,03,\
00,00,af,38,cc,6b,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,\
00,04,00,ef,be,af,38,cc,6b,43,39,76,4c,14,00,00,00,54,00,65,00,63,00,68,00,\
6e,00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,b4,00,00,00,08,00,00,00,a6,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,94,00,32,00,be,03,00,00,af,38,cc,6b,20,00,55,4e,\
49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,6a,00,03,00,04,00,ef,be,af,38,cc,6b,43,\
39,76,4c,14,00,00,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
20,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,00,72,00,20,00,53,00,70,00,65,\
00,65,00,64,00,22,21,20,00,4d,00,6f,00,73,00,74,00,20,00,57,00,61,00,6e,00,\
74,00,65,00,64,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,6a,00,00,00,09,00,00,00,5c,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4a,00,32,00,e8,00,00,00,af,38,cd,\
6b,20,00,57,65,62,2e,6c,6e,6b,00,26,00,03,00,04,00,ef,be,af,38,cd,6b,43,39,\
76,4c,14,00,00,00,57,00,65,00,62,00,2e,00,6c,00,6e,00,6b,00,00,00,16,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,16,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\N*NULL*e*NULL*e*NULL*d*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*S*NULL*p*NULL*e*NULL*e*NULL*d*NULL*"! *NULL*U*NULL*n*NULL*d*NULL*e*NULL*r*NULL*c*NULL*o*NULL*v*NULL*e*NULL*r*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,3c,03,00,00,01,00,00,00,06,00,00,00,8c,00,\
00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
00,3f,00,00,00,76,39,38,88,20,00,43,48,45,43,4b,46,7e,31,2e,55,52,4c,00,00,\
42,00,03,00,04,00,ef,be,76,39,38,88,9b,37,2c,75,14,00,00,00,43,00,68,00,65,\
00,63,00,6b,00,20,00,66,00,6f,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,\
65,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,01,00,00,00,8a,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,84,07,00,00,76,39,38,88,20,\
00,45,4c,45,43,54,52,7e,31,2e,4c,4e,4b,00,00,4e,00,03,00,04,00,ef,be,76,39,\
38,88,9b,37,2c,75,14,00,00,00,45,00,6c,00,65,00,63,00,74,00,72,00,6f,00,6e,\
00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,00,\
69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9e,00,00,00,02,00,00,00,90,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,00,83,06,00,00,76,39,38,\
88,20,00,4e,45,45,44,46,4f,7e,31,2e,4c,4e,4b,00,00,54,00,03,00,04,00,ef,be,\
76,39,38,88,9b,37,2c,75,14,00,00,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,\
00,72,00,20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,00,55,00,6e,00,64,00,\
65,00,72,00,63,00,6f,00,76,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,\
00,00,03,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,\
00,c4,02,00,00,76,39,38,88,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,\
2e,00,03,00,04,00,ef,be,76,39,38,88,9b,37,2c,75,14,00,00,00,52,00,65,00,61,\
00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,04,00,00,\
00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,5d,03,00,00,\
76,39,38,88,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,\
00,ef,be,76,39,38,88,9b,37,2c,75,14,00,00,00,54,00,65,00,63,00,68,00,6e,00,\
69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,6a,00,00,00,05,00,00,00,5c,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,4a,00,32,00,2b,00,00,00,76,39,38,88,20,00,57,65,62,2e,\
75,72,6c,00,26,00,03,00,04,00,ef,be,76,39,38,88,9b,37,2c,75,14,00,00,00,57,\
00,65,00,62,00,2e,00,75,00,72,00,6c,00,00,00,16,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,16,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\N*NULL*e*NULL*e*NULL*d*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*S*NULL*p*NULL*e*NULL*e*NULL*d*NULL*"! *NULL*P*NULL*r*NULL*o*NULL*S*NULL*t*NULL*r*NULL*e*NULL*e*NULL*t*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,d0,02,00,00,01,00,00,00,05,00,00,00,8c,00,\
00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
00,48,00,00,00,f2,38,13,80,20,00,43,48,45,43,4b,46,7e,31,2e,55,52,4c,00,00,\
42,00,03,00,04,00,ef,be,f2,38,13,80,51,39,18,aa,14,00,00,00,43,00,68,00,65,\
00,63,00,6b,00,20,00,66,00,6f,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,\
65,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,01,00,00,00,8a,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,84,00,00,00,f2,38,13,80,20,\
00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,4e,00,03,00,04,00,ef,be,f2,38,\
13,80,51,39,18,aa,14,00,00,00,45,00,6c,00,65,00,63,00,74,00,72,00,6f,00,6e,\
00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,00,\
69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,00,00,02,00,00,00,8e,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,00,53,07,00,00,f2,38,13,\
80,20,00,4e,45,45,44,46,4f,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,be,\
f2,38,13,80,51,39,18,aa,14,00,00,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,\
00,72,00,20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,00,50,00,72,00,6f,00,\
53,00,74,00,72,00,65,00,65,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,\
03,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,9e,\
03,00,00,f2,38,13,80,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,\
03,00,04,00,ef,be,f2,38,13,80,51,39,18,aa,14,00,00,00,52,00,65,00,61,00,64,\
00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,04,00,00,00,7e,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,7d,04,00,00,f2,38,\
13,80,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,\
be,f2,38,12,80,51,39,18,aa,14,00,00,00,54,00,65,00,63,00,68,00,6e,00,69,00,\
63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,2e,00,6c,\
00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"

[HKEY_USERS\S-1-5-21-1960408961-179605362-725345543-1003\Software\SecuROM\License information*NULL*]
@Security="Inherited"
"datasecu"=hex:fd,54,8e,6e,3a,f0,3b,b8,a4,29,7f,db,4b,b7,50,48,5c,e2,cb,05,7b,\
40,21,02,2b,e6,69,fb,cf,36,1e,ed,b5,f8,5d,c7,75,ef,18,92,3d,83,b0,fd,c0,1e,\
d6,38,fb,d0,64,77,d6,ff,a2,9f,3e,3a,6f,fc,cf,12,f8,87,99,65,0a,0d,4f,ed,23,\
37,de,f8,90,b2,64,9a,90,45,ac,61,36,65,ef,77,9d,f6,95,9e,d7,37,aa,09,19,52,\
b1,de,65,ae,c4,13,c1,aa,dd,07,f7,64,7b,2e,e4,a5,2f,31,a8,fa,be,70,dc,40,9a,\
5c,12,d3,c5,9e,bc,fd,e2,a2,b7,f4,cb,17,44,10,28,3c,43,cc,c9,da,95,01,72,e3,\
a8,be,83,3a,2f,71,6e,50,36,84,50,b2,99,e9,0c,aa,c6,4a,9c,a8,ff,05,99,2f,7f,\
8e,e4,7c,24,3b,f5,56,8f,2e,3f,70,ea,7d,59,aa,1c,34,bd,db,bc,16,01,f4,a3,12,\
86,63,11,2c,99,46,29,fc,b0,6b,bf,b4,b9,e5,df,9a,b3,9e,fc,a0,d1,41,58,3b,e5,\
bc,0d,99,1e,c0,86,7f,60,f3,ca,7e,db,4a,be,3e,0a,5b,c8,5d,6b,7f,cf,bb,1c,af,\
11,d2,31,fc,dc,64,fd,14,a7,35,7d,da,b3,a2,29,95,b7,e4,8d,be,22,c5,9b,7b,4d,\
af,f2,03,75,74,df,4c,a9,44,54,f0,65,04,26,54,86,a2,a0,2d,bb,e0,69,0d,b7,d9,\
43,fd,4a,0a,46,01,e3,6f,d7,35,f6,7f,71,e6,dd,55,29,eb,72,36,4b,5f,2c,a7,24,\
b4,2b,82,ec,45,e7,4d,3e,0e,19,b3,2b,71,2e,ff,e4,e6,2a,52,b2,08,90,9a,e9,1e,\
96,cd,03,06,bd,07,3e,30,f0,79,fd,76,54,3c,9e,0e,b1,b0,b3,a1,11,e1,7a,1a,69,\
76,2d,93,05,e7,ab,87,0a,8b,26,6c,16,83,38,22,c9,59,fb,03,01,fd,33,42,a1,80,\
fe,0d,46,61,63,b3,e6,70,0e,1e,5a,6b,b9,51,b4,44,c9,49,93,45,4f,ec,f5,50,4a,\
47,b3,0d,7d,d5,a6,2d,5f,bb,84,55,5e,6b,15,0c,51,b4,d7,be,6a,77,ac,29,84,e0,\
33,e3,82,77,0d,78,5c,74,35,e3,5b,23,37,b7,ba,f0,1c,70,86,12,7a,c2,95,37,41,\
5f,aa,0e,fa,92,6f,f8,9e,78,db,65,96,d0,92,4f,37,67,03,d2,6b,d5,a1,46,50,ed,\
96,48,6d,17,76,fe,7c,19,f6,34,a5,0c,4f,5e,62,3d,8e,14,93,99,5f,fe,3c,24,70,\
a9,4f,ca,cc,f2,5c,93,5b,5e,ff,4e,41,bb,d5,8f,61,99,ec,ff,dd,38,a7,c1,12,5a,\
85,12,06,af,d4,77,d1,70,9f,dc,c0,cd,8a,d5,ec,da,bb,f7,f1,9a,18,e3,9c,ca,43,\
1d,35,88,d2,00,96,41,76,9e,2a,ca,4a,b9,3a,df,5d,e4,d1,a7,dc,d6,62,34,78,1f,\
bf,97,d9,66,2f,7a,11,c3,2f,cf,27,a8,3e,3f,c8,6a,1b,dc,1c,2f,06,9d,e2,2d,01,\
4b,db,69,b7,25,37,6a,5e,a8,58,7c,8c,09,60,90,a4,70,5a,31,52,eb,63,8e,04,c0,\
ec,9c,99,a0,c6,14,9e,cb,25,ab,20,c4,51,c2,f8,96,d5,85,c1,32,ee,ad,f2,e9,99,\
92,eb,74,a5,3f,45,93,1f,58,52,cb,32,fe,75,b7,61,96,ae,2b,7c,2f,50,21,ae,70,\
35,d5,5a,89,11,14,f8,4a,66,13,e6,60,34,f5,ff,ed,01,3a,aa,cb,ed,83,d9,94,3c,\
44,94,6f,44,65,54,14,19,18,e9,6b,8e,fa,57,9e,e2,63,4a,d5,18,41,0d,dd,40,92,\
b4,62,9e,25,b2,eb,b6,75,2f,e8,eb,aa,3b,11,8e,92,65,92,82,5a,eb,17,df,69,92,\
cb,fa,51,45,43,50,5d,3f,ef,4a,e6,90,26,38,48,a7,f2,ed,15,8b,35,b1,db,e2,c5,\
1a,3d,af,e5,10,1a,3a,17,01,a3,e4,89,fb,34,e3,d9,c1,b5,c8,49,7a,78,21,5f,53,\
7a,7a,fa,0b,69,50,65,83,5f,01,81,1a,66,10,bf,80,9a,4a,02,ae,03,b8,39,a5,f6,\
24,e3,a3,0a,77,7b,58,44,44,df,55,c3,bb,1c,6d,d7,e2,fe,44,82,2d,06,24,c8,1e,\
75,6b,e5,0e,02,6a,33,7e,a5,23,59,4e,e5,cc,e0,7f,22,12,d6,b6,9f,32,86,94,c6,\
c0,f5,7f,17,26,00,27,05,c3,ca,76,2e,b7,26,71,24,98,9e,11,3f,87,c4,9a,53,09,\
58,15,2c,7a,9b,63,2b,bf,2b,a4,61,64,a9,f8,fc,a0,e1,b1,aa,33,c2,cc,fe,87,6f,\
a7,06,e9,f3,9d,2e,a1,33,f0,e2,11,35,a6,e5,67,4c,55,19,e0,df,b4,dc,9a,96,b2,\
f1,5e,64,71,28,37,af,7a,d2,8e,35,2f,48,c3,13,b6,a0,79,c4,f0,94,ce,96,47,8b,\
de,7f,59,91,43,c3,92,84,db,f5,69,7e,98,8e,70,94,5a,7c,84,a1,e4,e0,57,fa,bb,\
2a,20,dd,93,67,19,82,63,e8,1f,91,67,ea,aa,3b,ed,9b,8b,57,c0,a3,cd,54,aa,cc,\
ed,65,2a,fc,6d,d1,ce,b5,35,d3,aa,80,e8,bd,1a,3d,e2,a2,e7,d8,bc,e4,f5,2f,75,\
7f,ad,65,30,e6,8a,67,71,3e,ba,c2,b4,a0,ad,2a,6b,47,05,18,88,bc,1d,33,12,ff,\
47,dc,36,3d,64,3d,80,54,b3,0d,fa,27,56,bb,91,b2,8d,a0,37,27,4e,b4,15,1f,ad,\
af,ae,53,4c,74,cc,e5,34,01,91,a6,eb,12,ef,85,3b,1f,73,1e,d2,62,82,dc,df,8e,\
fe,11,0d,87,28,39,81,4a,89,34,97,72,8b,28,18,1b,21,73,4c,22,71,cb,21,b9,7d,\
dd,5c,af,8d,88,85,17,9e,50,44,11,55,a0,be,40,12,2d,53,71,a8,25,59,20,f0,33,\
89,0b,fe,52,2c,ef,5f,43,07,ae,21,fa,bc,c9,46,fe,40,fd,2e,ca,73,26,9a,e5,56,\
db,51,1d,43,50,96,78,c0,52,76,17,27,41,e5,40,84,90,bb,78,36,8f,95,13,32,e0,\
d5,19,7f,e4,ff,bc,f1,ec,35,9d,9a,db,fe,3b,eb,ed,14,b7,0f,53,b5,2d,12,59,3f,\
d7,b7,29,c3,20,78,1a,6a,f3,84,3c,8b,6f,53,9c,1f,f4,0c,2c,5f,75,bf,cc,3f,53,\
94,cd,57,ec,f5,58,81,88,c0,f4,ad,6b,de,be,cb,77,20,1f,10,80,19,14,e1,e1,1f,\
ed,fe,ac,bd,1b,3c,3d,c9,2a,57,fc,f0,f2,ba,42,da,0d,a6,05,c7,3c,b8,45,5f,31,\
78,ba,69,40,7f,6b,04,83,83,8f,9e,fb,dc,5d,b4,5e,61,4d,1f,8d,81,0f,7d,3a,3e,\
ac,df,6e,61,6e,45,45,14,7b,99,64,7f,24,a8,99,cd,e0,46,ac,11,98,cc,55,59,8d,\
e5,13,a2,c6,aa,55,39,3b,7c,bc,a0,15,a0,be,bf,a3,31,84,f2,37,d7,3c,6c,54,ee,\
67,e7,39,98,e9,99,09,f0,f2,89,49,70,75,4a,c2,47,76,68,58,51,da,d4,d0,a2,64,\
a9,5e,12,10,69,b0,2c,17,80,81,ab,bf,ef,df,10,6b,13,5d,d6,bf,d8,99,fa,19,0d,\
fd,2e,3b,80,bb,40,fc,b9,4f,e2,66,ab,d8,d1,82,a6,ce,b7,2c,f4,97,a0,fd,85,0a,\
8a,25,3d,a1,cd,aa,64,dd,b6,e8,95,b4,f4,16,ec,ac,14,f8,e4,9f,46,1e,44,7e,f7,\
92,02,2c,b4,f8,97,45,06,14,64,f5,c1,08,49,29,d1,6f,0d,8f,0a,ee,d5,17,f8,ac,\
d2,32,21,c6,ca,01,81,a5,13,f7,48,91,df,b8,03,02,73,b8,e2,ea,e2,47,15,f0,d9,\
81,85,17,68,57,99,73,58,1a,c3,80,4f,a1,17,4b,ad,04,da,11,6f,70,6a,18,b8,4d,\
d6,44,26,e7,b4,25,f4,07,27,8e,18,62,24,ec,14,c9,49,5e,47,f8,11,62,b8,93,a6,\
22,37,be,65,27,c8,93,83,bc,7b,0c,00,07,d3,c1,3c,73,d8,e7,eb,fd,10,de,d7,49,\
5a,98,18,74,b5,a1,1d,ed,06,7a,a7,c2,27,e5,e1,f4,cc,6e,e1,02,84,3b,55,27,fe,\
ce,13,5b,84,68,e0,bf,ac,da,d8,a0,9a,b4,dd,be,88,62,49,b6,93,cc,22,89,e7,c6,\
4b,56,6a,13,3e,db,87,47,b3,76,13,06,40,eb,d2,24,6e,01,2f,b2,40,17,e2,84,28,\
e9,6c,fd,8c,8d,f3,97,de,d2,eb,41,6a,1a,9d,d5,62,e9,7a,82,d6,9a,de,b0,93,35,\
97,6d,02,e9,92,8c,b1,9b,33,84,88,d5,b8,84,c7,09,37,ca,52,81,8c,9d,0a,53,e7,\
ca,70,48,f3,ce,4d,40,b8,e2,71,ac,9a,c5,c7,14,51,ae,d5,c6,64,e6,f7,c9,58,ec,\
81,7c,a9,2e,53,21,c3,d0,a3,34,8b,38,fa,ca,6a,f1,79,1b,03,1e,71,56,03,e9,48,\
d5,09,27,b0,5b,58,3c,7a,d9,3c,bd,07,bc,4e,dd,19,40,00,83,74,2b,fc,bb,8a,2e,\
58,d3,51,55,21,0d,bd,f6,91,30,c9,6c,d2,ae,96,e3,2c,ea,7c,10,2c,47,16,e2,d9,\
5a,31,7a,df,45,1d,8b,f4,01,85,e7,39,10,3b,31,d2,8f,d1,51,4a,be,4f,ee,44,2c,\
05,a0,aa,31,aa,f7,15,d9,4a,37,5c,48,df,e1,f5,c2,e4,25,80,fe,9a,db,e8,b7,ff,\
90,54,45,76,74,07,c1,08,4b,d0,e9,79,27,66,81,d9,7b,2d,0d,0e,9b,e6,73,4e,5b,\
d3,ed,6d,27,ee,62,00,70,9b,46,89,b2,a9,21,72,0e,4a,c5,64,73,03,c8,82,9a,03,\
dc,5a,f4,5e,2a,be,09,57,a9,d9,2b,3e,ef,52,f7,ff,53,3c,f3,ea,5b,d9,03,4f,cd,\
b8,fa,20,38,3a,d8,5f,d0,53,67,93,55,28,96,98,39,2b,3c,b2,46,a4,00,1e,19,a3,\
ef,44,43,e1,1e,4d,9a,21,73,f8,4b,6f,9a,98,4e,36,a1,a1,90,55,ad,6c,f1,7e,82,\
fe,e5,ea,16,38,e8,4a,7a,4f,4e,21,04,2c,94,79,47,61,c7,05,a9,4f,40,f3,4a,b6,\
86,44,03,dd,ee,97,a2,ae,87,70,c9,c8,a7,c7,62,91,b8,f2,fa,84,26,c9,79,70,bc,\
d5,ed,d8,4e,5f,8c,04,cc,41,3e,c2,2f,f4,74,2a,12,76,c7,fa,c9,04,f2,cc,aa,f5,\
09,9c,6d,e9,7d,b4,74,b9,14,be,02,b2,8a,3d,5b,b4,44,0b,3b,97,e2,55,32,70,2c,\
a9,21,c7,b3,e4,ea,23,e8,67,b5,5f,9d,25,97,2e,81,f2,88,25,eb,89,cd,50,3a,ad,\
ae,c8,28,61,e6,e6,01,d7,0a,6b,78,3b,27,1e,24,25,b9,e0,bf,1e,35,9c,b6,23,47,\
e6,5e,36,a3,a1,c3,87,1d,37,92,be,30,1a,8a,7b
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\*NULL*u�|·*NULL*]
@Security="Inherited"
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="?_\09"
"ReinstallString"="8.430.0.0000"
"DeviceInstanceIds"=multi:"e:\\install\\driver\\xp_inf\\cx_54361.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\ESET\nod32krn.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\progra~1\INTERV~1\WinDVR\WinScheduler.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-01-01 19:48:04 - machine was rebooted [Sinisa]
ComboFix-quarantined-files.txt 2009-01-01 18:48:02

Pre-Run: 10.718.789.632 bytes free
Post-Run: 11,043,946,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

464 --- E O F --- 2008-06-21 10:55:33

Dopuna: 01 Jan 2009 20:03

eto ja sam ti sve kopirao iz log - notepad , a dok mi je skenirao pri kraju je pisalo na ekranu da ce se kompjuter restartovati ali kada se upalio na onome je pisalo kao da ne otvaram ni jedne programe ali su mi se upalili i nod32 i msn i oni neki programi koji su namjesteni da se sami upale pa ja neznam jeli mu zasmetalo u skeniranju , a evo sada kada sam usao u ie nije mi se otvorio onu stranisu sa antivirus 2009 i tako to

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Daj mi sledece fajlove da ih proverim:
c:\windows\system32\doskeys.exe
c:\windows\system32\dllhosts.exe
c:\windows\system32\rar.exe
C:\nksn.exe

Spakuj ih u jedan ZIP ili RAR i uploaduj mi ih preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Nemoj da restartujes komp dok cekas na moja dalja upustva. Resicemo ovo za najvise sat vremena.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo poslao sam ti sve osim ovoga c:\windows\system32\dllhosts.exe posto mi neda da ga prebacim , pise da se nemoze kopirati jer se vec kao negdje koristi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\doskeys.exe
c:\windows\system32\dllhosts.exe
c:\windows\system32\rar.exe
C:\nksn.exe
c:\windows\Tasks\tejtitfx.job

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"=-

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-12-31.01 - Sinisa 2009-01-02 1:02:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1514 [GMT 1:00]
Running from: c:\documents and settings\Sinisa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sinisa\Desktop\CFScript.txt
AV: Eset NOD32 antivirus system 2.50 *On-access scanning disabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Created a new restore point

FILE ::
C:\nksn.exe
c:\windows\system32\dllhosts.exe
c:\windows\system32\doskeys.exe
c:\windows\system32\rar.exe
c:\windows\Tasks\tejtitfx.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\nksn.exe
c:\windows\system32\dllhosts.exe
c:\windows\system32\doskeys.exe
c:\windows\system32\rar.exe
c:\windows\Tasks\tejtitfx.job

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-30 00:08 . 2008-12-30 00:08 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-30 00:05 . 2008-12-30 00:05 <DIR> d-------- c:\windows\system32\xlive
2008-12-30 00:05 . 2008-12-30 20:40 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-29 18:49 . 2008-12-29 19:20 <DIR> d-------- c:\program files\InterVideo
2008-12-29 18:49 . 2001-12-10 18:42 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2008-12-29 18:49 . 2001-12-10 18:42 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2008-12-29 18:49 . 2001-12-10 18:42 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2008-12-29 18:49 . 2001-12-10 18:42 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2008-12-29 18:49 . 2001-12-10 18:42 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2008-12-29 18:49 . 2001-12-10 18:42 20,480 --a------ c:\windows\system32\IVIresize.dll
2008-12-27 00:21 . 2008-12-27 00:21 <DIR> d-------- c:\documents and settings\Sinisa\Application Data\Network Associates
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\program files\Common Files\Network Associates
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-26 22:13 . 2008-12-26 22:13 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Network Associates
2008-12-26 22:13 . 2008-12-27 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2008-12-26 22:06 . 2008-12-26 22:07 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-20 23:47 . 2008-12-20 23:47 <DIR> d--hs---- C:\WinDVRHistory
2008-12-20 22:55 . 2008-12-20 22:55 <DIR> d-------- c:\documents and settings\Sinisa\Application Data\MMToolz
2008-12-03 14:50 . 2008-12-03 14:50 <DIR> d-------- c:\program files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 23:58 --------- d-----w c:\documents and settings\Sinisa\Application Data\BitTorrent
2009-01-01 23:56 --------- d-----w c:\documents and settings\Sinisa\Application Data\DNA
2009-01-01 19:15 --------- d-----w c:\program files\DNA
2008-12-30 19:35 --------- d-----w c:\program files\ESET
2008-12-29 22:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 18:55 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 18:54 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-20 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-12-20 21:10 --------- d-----w c:\program files\KMPlayer
2008-11-23 15:54 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-22 23:06 --------- d-----w c:\documents and settings\Sinisa\Application Data\Azureus
2008-11-22 23:03 --------- d-----w c:\program files\AskBarDis
2008-11-22 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-22 17:02 --------- d-----w c:\documents and settings\Sinisa\Application Data\Leadertech
2008-11-21 16:12 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-03 11:34 --------- d-----w c:\documents and settings\Sinisa\Application Data\Nokia Multimedia Player
2008-10-29 21:14 22,328 ----a-w c:\documents and settings\Sinisa\Application Data\PnkBstrK.sys
2008-10-29 21:14 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 20:47 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-03 20:47 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-08-08 14:15 88 --sha-r c:\windows\system32\A3D6196DB1.sys
2008-08-08 14:15 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-07-06 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 22:37 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-07-06 11:44 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-19 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BitTorrent"="d:\program files\BitTorrent\bittorrent.exe" [2008-09-27 634672]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-01 917504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 111928]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
"WINSCHEDULER"="c:\progra~1\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 139264]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-12-29 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TGbox\\Gbox Control\\webinterface\\bin\\apache\\mapache.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PES 09\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6168:TCP"= 6168:TCP:Gbox
"6168:UDP"= 6168:UDP:gbox

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-23 464264]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2008-04-01 19616]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1d63573-d6ac-11dd-9bc9-001bfceab0d5}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1213910032.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-02 01:03:36
Windows 5.1.2600 Service Pack 3, v.3180 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\imon.dll
.
Completion time: 2009-01-02 1:04:27
ComboFix-quarantined-files.txt 2009-01-02 00:04:12
ComboFix2.txt 2009-01-01 18:48:06

Pre-Run: 11.021.824.000 bytes free
Post-Run: 11,022,630,912 bytes free

203 --- E O F --- 2008-06-21 10:55:33

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kazi mi ima li sada jos nekih simptoma na koje bi se pozalio?