Mis prestao da radi, ne mogu da pokrenem OTL

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 26 Feb 2010 12:45

Sinoc je mis prestao da funkcionise, prebacila sam sa ps2 na usb, ali ni tad nije funkcionisao, stavila sam drugi mis, ali ni on nije radilo, jedino sto radi je lampica na misu kad ga ukljucim, ali kursor nije moguce pomerati.

Pretpostavljam da je racunar zarazen jer je brat prikljucivao neke neproverene usb stickove, premda je nakon toga radio defragment i neposredno nakon zavrsetka toga, mis je otkazao.

Skinula sam OTL i pokrenula program, ali skeniranje ne mogu da pokrenem, pozicioniram na Run Scan, kliknem enter, ali ne funkcionise, kao da nista nisam ni kliknula. S obzirom da ne mogu da ga iskljucim ni na Alt+F4, pretpostavljam da ne reaguje na uobicajene komande.

Sta da radim?

Dopuna: 26 Feb 2010 13:06

Uspela sam! Fajl okacen.
https://www.mycity.rs/must-login.png




OTL logfile created on: 2/26/2010 12:37:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\zerocool\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 102.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 12.42 Gb Free Space | 33.33% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 11.72 Gb Free Space | 31.45% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 498.99 Mb Total Space | 435.27 Mb Free Space | 87.23% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZEROCOOL-919457
Current User Name: zerocool
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/26 12:32:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zerocool\Desktop\OTL.exe
PRC - [2010/02/04 18:48:30 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 12:47:26 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] () -- C:\WINDOWS\sqlexec64.exe
PRC - [2007/11/22 22:21:16 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/09/19 14:00:50 | 000,639,488 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2007/05/15 17:13:10 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/03/29 21:57:52 | 000,053,248 | ---- | M] (eMPIA Technology, Inc.) -- C:\Program Files\USB CAMERA\DRIVER\emSwapAp2.exe
PRC - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004/08/03 23:56:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/10 15:44:56 | 000,376,832 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2001/08/23 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2001/07/26 10:58:32 | 000,221,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
PRC - [2001/07/26 06:00:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2001/07/21 09:10:54 | 000,115,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
PRC - [2001/07/19 08:04:54 | 000,043,520 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE
PRC - [2001/07/19 08:04:54 | 000,026,624 | R--- | M] () -- C:\Program Files\Norton SystemWorks\WinFax\WFXSWTCH.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/26 12:32:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zerocool\Desktop\OTL.exe
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/03 23:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:56:44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004/08/03 23:56:38 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/04 18:48:30 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/11/08 15:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 00:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/06/10 20:10:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2004/06/10 15:44:56 | 000,376,832 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/07/26 06:00:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2001/07/21 09:10:54 | 000,115,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe -- (navapsvc)
SRV - [2001/07/19 14:07:20 | 000,062,560 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 14:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/12/04 09:52:12 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008/12/03 06:32:47 | 000,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/07 19:48:35 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/10/02 14:48:25 | 000,002,368 | ---- | M] (Anti(zabranjeno)ing) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/11/07 10:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071107.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/07 10:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071107.018\NAVENG.SYS -- (NAVENG)
DRV - [2007/10/04 17:10:54 | 000,062,280 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/10/04 17:10:52 | 000,041,288 | ---- | M] () [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/08 00:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/12/06 07:02:29 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/12/06 07:02:28 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/12/06 07:02:28 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/08/04 00:05:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:41:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP)
DRV - [2004/08/03 23:41:56 | 000,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/08/03 23:41:50 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf)
DRV - [2004/08/03 23:41:48 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2)
DRV - [2004/08/03 23:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/07/17 10:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/06/10 15:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/10 00:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2004/05/26 15:08:00 | 000,007,296 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/05/07 05:59:00 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2004/03/24 09:22:26 | 000,138,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (SoC PC-Camera Service)
DRV - [2003/07/29 08:57:20 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Dgivecp.Sys -- (DgiVecp)
DRV - [2002/09/16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/10/11 07:51:40 | 000,061,312 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis7012.sys -- (SiS7012) Service for AC'97 Sample Driver (WDM)
DRV - [2001/10/04 09:23:00 | 000,011,856 | ---- | M] (KC Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KCIRNET.sys -- (KCIRDA)
DRV - [2001/09/24 11:08:20 | 000,030,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)
DRV - [2001/08/23 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/07/27 11:18:48 | 000,057,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2001/07/26 11:17:32 | 000,013,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qdfsdrv.sys -- (QDFSDRV)
DRV - [2001/07/26 06:00:00 | 000,034,354 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2001/07/21 08:56:02 | 000,182,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAVAP.SYS -- (NAVAP)
DRV - [2001/07/20 08:12:20 | 000,131,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2001/07/20 08:12:10 | 000,015,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [1997/06/17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.rs/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:55:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 17:55:43 | 000,000,000 | ---D | M]

[2008/09/05 14:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zerocool\Application Data\Mozilla\Extensions
[2010/02/25 06:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zerocool\Application Data\Mozilla\Firefox\Profiles\gx5wm0rj.default\extensions
[2009/02/05 10:45:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\zerocool\Application Data\Mozilla\Firefox\Profiles\gx5wm0rj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/25 06:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/12/08 10:30:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MSN] C:\WINDOWS\sqlexec64.exe ()
O4 - HKLM..\Run: [NAV Agent] C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapw32.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WFXSwtch] C:\Program Files\Norton SystemWorks\WinFax\WFXSWTCH.EXE ()
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\zerocool\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\emSwapAP2.EXE.lnk = C:\Program Files\USB CAMERA\DRIVER\emSwapAp2.exe (eMPIA Technology, Inc.)
O4 - Startup: C:\Documents and Settings\zerocool\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O18 - Protocol\Handler\ebk {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\System32\ebkp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\zerocool\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zerocool\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/15 18:20:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/02 15:56:33 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/02/02 15:56:36 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/26 12:38:04 | 000,000,290 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0a677826-dde0-11de-92a7-0007951fccfb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{0a677826-dde0-11de-92a7-0007951fccfb}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{2669e613-8bc8-11dc-8f43-0007951fccfb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{2669e613-8bc8-11dc-8f43-0007951fccfb}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{49e132f8-9fbd-11de-9280-0007951fccfb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{49e132f8-9fbd-11de-9280-0007951fccfb}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{49e132f9-9fbd-11de-9280-0007951fccfb}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- File not found
O33 - MountPoints2\{49e132f9-9fbd-11de-9280-0007951fccfb}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- File not found
O33 - MountPoints2\{8daa8166-2147-11de-9202-0007951fccfb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{8daa8166-2147-11de-9202-0007951fccfb}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{ece9eb83-7009-11de-925e-0007951fccfb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O33 - MountPoints2\{ece9eb83-7009-11de-925e-0007951fccfb}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe -- [2008/10/06 22:56:46 | 000,057,394 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 12:32:14 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zerocool\Desktop\OTL.exe
[2010/02/25 20:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zerocool\Desktop\stick
[2010/02/25 15:02:30 | 000,000,000 | ---D | C] -- C:\USBNoRisk
[2010/02/24 16:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/02/10 11:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zerocool\Desktop\evropa
[2010/02/08 15:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zerocool\Desktop\r19
[2010/02/01 18:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zerocool\Application Data\AdobeUM
[2010/02/01 18:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/01 18:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zerocool\Local Settings\Application Data\NOS
[2009/09/10 11:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/10 11:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/06/19 22:17:25 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2007/10/31 19:21:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/10/15 19:48:24 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2007/10/15 18:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/15 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/10/15 18:20:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 12:48:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/26 12:47:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/26 12:32:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zerocool\Desktop\OTL.exe
[2010/02/26 12:11:06 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-854245398-1003UA.job
[2010/02/26 11:57:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/26 11:57:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/26 11:57:22 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/26 11:57:21 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/26 11:53:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 11:53:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 11:53:46 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 11:52:40 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\zerocool\NTUSER.DAT
[2010/02/26 11:52:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\zerocool\ntuser.ini
[2010/02/26 04:37:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 06:11:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-854245398-1003Core.job
[2010/02/25 05:30:25 | 000,042,812 | ---- | M] () -- C:\Documents and Settings\zerocool\Desktop\chat.JPG
[2010/02/23 18:16:50 | 000,264,969 | ---- | M] () -- C:\Documents and Settings\zerocool\Desktop\zakljucak.jpg
[2010/02/20 03:57:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/19 20:00:14 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2010/02/19 17:30:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/02/19 03:08:22 | 000,435,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/19 03:08:22 | 000,068,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/19 03:08:21 | 000,513,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 14:03:15 | 000,244,224 | ---- | M] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/17 22:13:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/08 23:02:27 | 000,593,920 | ---- | M] () -- C:\Documents and Settings\zerocool\Desktop\diplomski-radna verzija.doc
[2010/02/03 02:21:23 | 000,000,905 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/01 18:05:01 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/26 09:17:46 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 05:30:25 | 000,042,812 | ---- | C] () -- C:\Documents and Settings\zerocool\Desktop\chat.JPG
[2010/02/23 18:16:49 | 000,264,969 | ---- | C] () -- C:\Documents and Settings\zerocool\Desktop\zakljucak.jpg
[2010/02/08 00:23:56 | 000,593,920 | ---- | C] () -- C:\Documents and Settings\zerocool\Desktop\diplomski-radna verzija.doc
[2010/02/01 18:05:01 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/08 22:12:09 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/09/08 13:11:21 | 000,004,825 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/20 14:03:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/07/20 14:03:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/07/20 14:03:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/01/15 19:10:18 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/12/17 23:24:05 | 000,000,020 | ---- | C] () -- C:\WINDOWS\(zabranjeno)pdf.INI
[2008/11/24 20:01:31 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/11/06 19:11:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/11/06 19:11:49 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2008/11/06 19:11:48 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008/11/06 19:11:47 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2008/11/06 18:54:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/11/06 18:54:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/10/07 20:48:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/07 17:31:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/22 16:16:45 | 000,180,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/08/14 11:33:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Swirl
[2008/08/14 11:33:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\zerocool\Application Data\Ambience
[2008/08/14 11:33:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/08/09 14:12:35 | 000,015,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\utyzoracab.dl
[2008/08/09 14:12:35 | 000,014,058 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\icumivoseq.vbs
[2008/08/09 14:12:35 | 000,014,000 | ---- | C] () -- C:\Documents and Settings\zerocool\Application Data\faxerohe.db
[2008/08/09 14:12:35 | 000,013,033 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\icuhyh.db
[2008/08/09 10:54:33 | 000,018,159 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sosyre.ban
[2008/08/09 10:54:33 | 000,017,116 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\fuqevyfa.sys
[2008/08/09 10:54:33 | 000,016,761 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\fohelif._dl
[2008/08/09 10:54:33 | 000,013,619 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\hezagoh.scr
[2008/08/09 10:54:33 | 000,012,789 | ---- | C] () -- C:\Documents and Settings\zerocool\Application Data\quruhyjotu._sy
[2008/08/09 09:32:24 | 000,015,645 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\jicudijef.scr
[2008/08/07 00:33:27 | 000,016,607 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\vovin.dat
[2008/08/07 00:33:27 | 000,016,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uxufomeji._dl
[2008/08/07 00:33:27 | 000,012,689 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\egifapumo._sy
[2008/08/07 00:33:24 | 000,017,046 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\benej.lib
[2008/08/07 00:33:24 | 000,014,299 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ajequ._dl
[2008/08/07 00:33:24 | 000,013,793 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\igal.sys
[2008/08/06 17:35:49 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/08/06 17:35:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/08/06 17:35:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/06 17:35:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/06/19 22:17:28 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2008/06/18 15:44:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/17 15:35:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/03/20 19:29:09 | 000,000,362 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/01/30 23:01:44 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/01/30 23:01:43 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/01/30 19:01:55 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\zerocool\Application Data\inifile41.ini
[2008/01/22 12:49:26 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\zerocool\Application Data\internaldb6334.dat
[2008/01/22 12:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/22 12:48:49 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\zerocool\Application Data\internaldb8467.dat
[2008/01/22 12:48:46 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\zerocool\Application Data\internaldb41.dat
[2007/11/21 22:24:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2007/11/15 18:37:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/11/15 18:33:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2007/11/14 17:50:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2007/11/01 13:35:06 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2007/11/01 13:35:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2007/11/01 13:34:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/10/31 14:51:48 | 000,079,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2007/10/31 14:51:48 | 000,041,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2007/10/31 14:51:48 | 000,029,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\kcom.sys
[2007/10/28 21:12:43 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/10/28 21:12:39 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/10/28 21:12:38 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/28 21:12:38 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/28 21:12:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/28 21:12:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/28 21:12:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/10/18 17:34:19 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/10/18 17:34:19 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/10/16 14:19:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/15 20:05:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/15 18:29:11 | 000,244,224 | ---- | C] () -- C:\Documents and Settings\zerocool\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/03/24 09:22:26 | 000,138,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2004/01/08 10:30:22 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/05 16:40:02 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/03/26 20:18:28 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[2001/07/21 08:56:02 | 000,182,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAVAP.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Razcunar jeste zarazen preko flesha, al malo toga cemo uraditi ako je tebi mis nefunkcionalan..


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Samo da napomenem da je kod mene 32-bitni Windows, ali je OTL jedini program kojim sam mogla da skeniram bez misa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sa Combofixom mozes i preko tastature.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-02-25.02 - zerocool 02/26/2010 15:18:09.15.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.303 [GMT 1:00]
Running from: c:\documents and settings\zerocool\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\jaban.inf
c:\documents and settings\All Users\Documents\ulyvajadyz.vbs
c:\documents and settings\zerocool\Local Settings\Application Data\icumivoseq.vbs
c:\windows\AUTOLNCH.REG
c:\windows\cunoqozuv._sy
c:\windows\sinu.inf
c:\windows\srchasst\nls302en.lex
c:\windows\system32\new.txt
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-25 14:02 . 2010-02-25 14:02 -------- d-----w- C:\USBNoRisk
2010-02-24 15:47 . 2010-02-24 15:47 -------- d-----w- c:\program files\Defraggler
2010-02-01 17:06 . 2010-02-01 17:06 -------- d-----w- c:\documents and settings\zerocool\Application Data\AdobeUM
2010-02-01 17:02 . 2010-02-01 17:05 -------- d-----w- c:\documents and settings\zerocool\Local Settings\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 14:28 . 2007-10-15 18:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 12:37 . 2007-10-15 18:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-26 12:37 . 2009-11-01 01:12 -------- d-----w- c:\program files\PC Camera
2010-02-25 23:04 . 2009-01-15 18:07 -------- d-----w- c:\program files\Achilles-Script 5.0 White
2010-02-25 13:24 . 2008-10-04 13:04 -------- d-----w- c:\documents and settings\zerocool\Application Data\Skype
2010-02-25 13:24 . 2008-10-04 13:08 -------- d-----w- c:\documents and settings\zerocool\Application Data\skypePM
2010-02-24 18:05 . 2007-10-23 14:33 -------- d-----w- c:\documents and settings\zerocool\Application Data\LimeWire
2010-02-04 17:49 . 2010-01-06 23:47 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 17:49 . 2010-01-20 17:47 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 17:48 . 2010-01-06 23:46 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 17:48 . 2010-01-06 23:45 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 23:55 . 2007-10-16 10:28 -------- d-----w- c:\documents and settings\zerocool\Application Data\uTorrent
2010-02-01 17:04 . 2007-10-15 20:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:48 . 2010-01-06 23:47 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-16 16:37 . 2008-04-19 12:43 -------- d-----w- c:\documents and settings\zerocool\Application Data\PlayFirst
2010-01-06 23:47 . 2010-01-06 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-06 23:44 . 2010-01-06 23:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 23:43 . 2007-10-15 19:40 -------- d-----w- c:\program files\Lavasoft
2009-12-29 12:44 . 2008-10-04 13:04 -------- d-----r- c:\program files\Skype
2009-12-29 12:44 . 2009-12-29 12:44 -------- d-----w- c:\program files\Common Files\Skype
2009-12-29 12:44 . 2008-10-04 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-07 14:10 . 2010-01-06 23:44 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-02 13:19 . 2010-01-06 23:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2010-01-07 00:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-10-06 21:56 . 2009-01-21 12:49 57394 --sh--r- c:\windows\sqlexec64.exe
.

------- Sigcheck -------


[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\zerocool\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="c:\progra~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 50256]
"WFXSwtch"="c:\progra~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 26624]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 43520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Achilles-Script 5.0 White\\Mirc.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/7/2010 12:47 AM 64288]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [11/6/2008 7:15 PM 4064]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2008 2:48 PM 2368]
R3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [11/15/2007 6:37 PM 11856]
R3 QDFSDRV;QDFSDRV;c:\windows\system32\drivers\qdfsdrv.sys [11/1/2007 1:19 PM 13792]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [10/15/2007 7:20 PM 61312]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [12/3/2008 6:32 AM 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:48]

2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:48]

2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:48]

2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:48]

2010-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:48]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-854245398-1003Core.job
- c:\documents and settings\zerocool\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 12:23]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-854245398-1003UA.job
- c:\documents and settings\zerocool\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 12:23]

2010-02-19 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 08:14]

2010-02-19 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Common Files\Symantec Shared\NMAIN.EXE [2001-07-17 15:35]

2010-02-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-11-01 11:23]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} -
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\zerocool\Application Data\Mozilla\Firefox\Profiles\gx5wm0rj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.rs/
FF - plugin: c:\documents and settings\zerocool\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-mIRC - c:\program files\mIRC635\uninstall.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
AddRemove-list defy real - c:\docume~1\zerocool\APPLIC~1\IdolFork\Book knob.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 15:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\windows\system32\wfxsnt40.exe
c:\windows\system32\rundll32.exe
c:\program files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
c:\program files\USB CAMERA\DRIVER\emSwapAp2.exe
c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-02-26 15:50:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 14:50

Pre-Run: 21,764,374,528 bytes free
Post-Run: 22,072,545,280 bytes free

- - End Of File - - 6F222D541A09EB39B32D5326EAC1B814

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Lop S&D na Desktop.
Dvoklikom pokreni LopSD.exe
Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK
Odaberi opciju 1 - Search kucajući 1 i Enter
Sačekaj nekoliko minuta da program završi skeniranje
Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u
Iskopiraj dobijeni log u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

--------------------\\ Lop S&D 4.2.5-0 XP/Vista


"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Fri 02/26/2010|16:59 )

--------------------\\ Listing folders in APPLIC~1

[10/31/2007|12:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Lavasoft
[10/31/2007|12:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[10/31/2007|01:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[11/01/2007|01:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Spyware Terminator

[01/07/2010|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[02/01/2010|06:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/14/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/08/2007|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Bluetooth
[08/14/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Electric Piano
[08/14/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EnterNHelp
[09/13/2009|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[09/08/2009|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[09/13/2009|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/15/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Installations
[01/07/2010|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/20/2009|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[03/18/2009|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/21/2007|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSScanAppDataDir
[08/14/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nikon
[11/15/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Suite
[05/11/2008|05:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pixelStorm
[04/19/2009|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> setup film inter bib
[12/29/2009|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[05/06/2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/01/2007|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[01/22/2008|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/14/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ultima_T15
[09/08/2009|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[01/22/2008|03:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Live Toolbar
[10/16/2007|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[03/05/2008|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[11/30/2008|02:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> X3mE Yamb
[10/15/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[10/15/2007|06:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[10/31/2007|07:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/15/2007|06:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[08/20/2008|12:07] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Adobe
[02/01/2010|06:06] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> AdobeUM
[04/26/2008|04:51] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Ahead
[08/14/2008|07:14] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Apple Computer
[09/03/2008|06:43] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> EbkReader
[09/10/2009|12:47] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Google
[06/30/2008|05:57] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Help
[09/08/2009|01:33] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> HP
[10/15/2007|06:28] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Identities
[09/08/2009|01:44] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Image Zone Express
[10/15/2007|08:40] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Lavasoft
[09/14/2009|07:39] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> LG Electronics
[02/24/2010|07:05] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> LimeWire
[10/15/2007|06:34] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Macromedia
[10/28/2007|11:18] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Media Player Classic
[09/22/2008|04:19] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Microsoft
[10/27/2009|05:20] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> mIRC
[09/05/2008|02:53] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Mozilla
[08/14/2008|11:35] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Nikon
[11/15/2008|12:52] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Nokia
[05/04/2009|08:55] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> PC Suite
[10/31/2007|02:51] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> PC Tools
[01/16/2010|05:37] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> PlayFirst
[09/08/2009|01:36] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Printer Info Cache
[03/22/2008|10:33] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Real
[11/10/2008|08:17] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Samsung
[02/25/2010|02:24] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Skype
[02/25/2010|02:24] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> skypePM
[10/22/2007|02:40] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Sun
[11/01/2007|01:17] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> Symantec
[02/03/2010|12:55] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> uTorrent
[03/12/2008|06:58] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> WinRAR
[10/02/2008|08:52] C:\DOCUME~1\zerocool\APPLIC~1\<DIR> X3mE Yamb

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/26/2010 03:36 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[02/26/2010 03:36 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[02/26/2010 03:36 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[02/26/2010 03:36 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[02/26/2010 03:35 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[02/26/2010 04:11 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-854245398-1003UA.job
[02/25/2010 06:11 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1993962763-854245398-1003Core.job
[02/19/2010 08:00 PM][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[02/19/2010 05:30 PM][--a------] C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[02/26/2010 04:58 PM][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[02/26/2010 03:29 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 01:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/26/2010|12:04] C:\Program Files\<DIR> Achilles-Script 5.0 White
[02/01/2010|06:02] C:\Program Files\<DIR> Adobe
[11/06/2008|07:15] C:\Program Files\<DIR> Adobe Type Manager
[10/15/2007|07:49] C:\Program Files\<DIR> ATI Technologies
[12/02/2008|12:00] C:\Program Files\<DIR> BFG
[11/24/2008|08:42] C:\Program Files\<DIR> Combined Community Codec Pack
[02/26/2010|03:24] C:\Program Files\<DIR> Common Files
[10/15/2007|06:15] C:\Program Files\<DIR> ComPlus Applications
[10/15/2007|07:42] C:\Program Files\<DIR> Crystal Player
[02/24/2010|04:47] C:\Program Files\<DIR> Defraggler
[03/17/2008|10:35] C:\Program Files\<DIR> DIFX
[12/04/2008|05:54] C:\Program Files\<DIR> DivoCodec
[10/15/2007|07:37] C:\Program Files\<DIR> DivX
[11/27/2007|09:38] C:\Program Files\<DIR> DivXCodec
[11/08/2007|10:28] C:\Program Files\<DIR> DomPlayer
[05/12/2008|09:35] C:\Program Files\<DIR> DVDVideoSoft
[05/17/2008|03:35] C:\Program Files\<DIR> Extra Photo to Video Converter Free
[11/28/2007|05:43] C:\Program Files\<DIR> FlashGet
[11/28/2007|05:09] C:\Program Files\<DIR> Free Download Manager
[09/28/2009|02:50] C:\Program Files\<DIR> Fx ReSound
[01/10/2008|03:00] C:\Program Files\<DIR> GameHouse
[09/16/2009|09:55] C:\Program Files\<DIR> Google
[11/06/2008|06:53] C:\Program Files\<DIR> Hewlett-Packard
[09/13/2009|08:15] C:\Program Files\<DIR> HP
[11/06/2008|07:11] C:\Program Files\<DIR> ImageServer
[02/26/2010|03:28] C:\Program Files\<DIR> InstallShield Installation Information
[09/22/2008|04:13] C:\Program Files\<DIR> Internet Explorer
[11/15/2007|06:37] C:\Program Files\<DIR> IRXpress
[11/08/2007|01:16] C:\Program Files\<DIR> IVT Corporation
[11/23/2009|11:18] C:\Program Files\<DIR> Java
[11/27/2007|09:39] C:\Program Files\<DIR> K-Lite Codec Pack
[01/07/2010|12:43] C:\Program Files\<DIR> Lavasoft
[03/23/2008|12:16] C:\Program Files\<DIR> LimeWire
[10/28/2007|09:11] C:\Program Files\<DIR> Matroska Pack
[10/28/2007|09:14] C:\Program Files\<DIR> MatroskaProp
[11/26/2007|03:44] C:\Program Files\<DIR> Messenger
[07/14/2009|10:45] C:\Program Files\<DIR> Messenger Plus! Live
[11/16/2009|08:55] C:\Program Files\<DIR> Microsoft
[10/15/2007|08:03] C:\Program Files\<DIR> Microsoft ActiveSync
[10/15/2007|06:21] C:\Program Files\<DIR> microsoft frontpage
[10/15/2007|08:02] C:\Program Files\<DIR> Microsoft Office
[10/15/2007|08:02] C:\Program Files\<DIR> Microsoft Visual Studio
[10/15/2007|08:02] C:\Program Files\<DIR> Microsoft Works
[10/15/2007|08:03] C:\Program Files\<DIR> Microsoft.NET
[10/27/2009|05:20] C:\Program Files\<DIR> mIRC
[11/26/2007|03:44] C:\Program Files\<DIR> Movie Maker
[02/25/2010|06:16] C:\Program Files\<DIR> Mozilla Firefox
[03/09/2008|11:44] C:\Program Files\<DIR> MP3 Remix
[09/22/2008|04:16] C:\Program Files\<DIR> MSBuild
[04/19/2009|12:11] C:\Program Files\<DIR> MSECACHE
[10/15/2007|06:13] C:\Program Files\<DIR> MSN
[10/15/2007|06:14] C:\Program Files\<DIR> MSN Gaming Zone
[09/22/2008|04:11] C:\Program Files\<DIR> MSXML 6.0
[10/15/2007|08:10] C:\Program Files\<DIR> Nero
[11/26/2007|03:44] C:\Program Files\<DIR> NetMeeting
[08/14/2008|11:33] C:\Program Files\<DIR> Nikon
[09/28/2009|02:55] C:\Program Files\<DIR> Nokia
[11/01/2007|01:58] C:\Program Files\<DIR> Norton SystemWorks
[10/16/2007|10:52] C:\Program Files\<DIR> Online Services
[12/17/2007|07:31] C:\Program Files\<DIR> Opera
[11/26/2007|03:44] C:\Program Files\<DIR> Outlook Express
[02/26/2010|01:37] C:\Program Files\<DIR> PC Camera
[11/15/2008|12:26] C:\Program Files\<DIR> PC Connectivity Solution
[04/19/2008|01:42] C:\Program Files\<DIR> Pirate Poppers
[06/05/2009|07:22] C:\Program Files\<DIR> Planplus
[10/15/2007|07:13] C:\Program Files\<DIR> PowerQuest
[08/14/2008|11:30] C:\Program Files\<DIR> QuickTime
[12/04/2008|09:11] C:\Program Files\<DIR> Radmin
[11/22/2007|10:21] C:\Program Files\<DIR> Real
[09/22/2008|04:15] C:\Program Files\<DIR> Reference Assemblies
[06/25/2008|03:59] C:\Program Files\<DIR> SaljiPoruke-desktop
[10/07/2008|05:28] C:\Program Files\<DIR> Samsung
[10/15/2007|07:20] C:\Program Files\<DIR> SiS7012
[12/29/2009|01:44] C:\Program Files\<DIR> Skype
[05/06/2008|07:31] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/31/2007|03:15] C:\Program Files\<DIR> Spyware Doctor
[11/01/2007|01:21] C:\Program Files\<DIR> Symantec
[07/24/2009|02:00] C:\Program Files\<DIR> Tablic
[10/15/2007|07:37] C:\Program Files\<DIR> The Playa
[10/15/2007|06:28] C:\Program Files\<DIR> Uninstall Information
[05/22/2008|04:58] C:\Program Files\<DIR> Uninstall Password Protect USB
[11/12/2007|10:17] C:\Program Files\<DIR> URUSoft
[09/22/2009|05:26] C:\Program Files\<DIR> USB CAMERA
[10/16/2007|11:28] C:\Program Files\<DIR> uTorrent
[09/28/2009|02:50] C:\Program Files\<DIR> Valve
[10/02/2009|07:01] C:\Program Files\<DIR> Winamp
[04/19/2009|12:11] C:\Program Files\<DIR> Windows Installer Clean Up
[03/18/2009|05:30] C:\Program Files\<DIR> Windows Live
[03/18/2009|05:31] C:\Program Files\<DIR> Windows Live SkyDrive
[01/24/2008|07:22] C:\Program Files\<DIR> Windows Live Toolbar
[11/26/2007|03:44] C:\Program Files\<DIR> Windows Media Player
[11/26/2007|03:44] C:\Program Files\<DIR> Windows NT
[10/15/2007|06:18] C:\Program Files\<DIR> WindowsUpdate
[05/12/2008|11:54] C:\Program Files\<DIR> WinRAR
[10/16/2007|10:40] C:\Program Files\<DIR> WinZip
[09/22/2008|04:20] C:\Program Files\<DIR> X3mE Yamb
[05/04/2008|12:40] C:\Program Files\<DIR> xerox
[11/03/2007|09:30] C:\Program Files\<DIR> Xilisoft
[10/15/2007|07:37] C:\Program Files\<DIR> XviD
[10/15/2007|10:14] C:\Program Files\<DIR> Yahoo!
[10/23/2008|03:11] C:\Program Files\<DIR> YouTube Downloader

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/12/2009|01:36] C:\Program Files\Common Files\<DIR> ACD Systems
[02/01/2010|06:04] C:\Program Files\Common Files\<DIR> Adobe
[10/15/2007|08:10] C:\Program Files\Common Files\<DIR> Ahead
[10/15/2007|08:02] C:\Program Files\Common Files\<DIR> DESIGNER
[12/13/2007|05:06] C:\Program Files\Common Files\<DIR> DirectX
[05/12/2008|09:35] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[09/08/2009|01:26] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[02/26/2010|01:37] C:\Program Files\Common Files\<DIR> InstallShield
[10/15/2007|09:38] C:\Program Files\Common Files\<DIR> Java
[11/06/2008|07:11] C:\Program Files\Common Files\<DIR> Kodak
[10/15/2007|08:03] C:\Program Files\Common Files\<DIR> L&H
[03/18/2009|05:31] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/15/2007|06:17] C:\Program Files\Common Files\<DIR> MSSoap
[08/14/2008|11:33] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/14/2008|11:35] C:\Program Files\Common Files\<DIR> Nikon
[09/28/2009|02:55] C:\Program Files\Common Files\<DIR> Nokia
[11/01/2007|01:34] C:\Program Files\Common Files\<DIR> Novell Shared
[10/15/2007|08:03] C:\Program Files\Common Files\<DIR> ODBC
[11/01/2009|02:13] C:\Program Files\Common Files\<DIR> PCCamera
[11/22/2007|10:21] C:\Program Files\Common Files\<DIR> Real
[10/15/2007|06:17] C:\Program Files\Common Files\<DIR> Services
[12/29/2009|01:44] C:\Program Files\Common Files\<DIR> Skype
[10/15/2007|08:02] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/01/2007|01:37] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/26/2007|03:44] C:\Program Files\Common Files\<DIR> System
[03/18/2009|05:27] C:\Program Files\Common Files\<DIR> Windows Live
[03/02/2008|10:20] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[09/28/2009|02:53] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[11/22/2007|10:22] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\setup film inter bib
C:\DOCUME~1\ALLUSE~1\APPLIC~1\setup film inter bib\delete idol.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\setup film inter bib\DELETE~1.dat
C:\Program Files\DivoCodec
C:\Program Files\DomPlayer

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 17:02:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ (zabranjeno)s & Keygens ..

C:\DOCUME~1\zerocool\Application Data\uTorrent\Adobe.Dreamweaver.CS3.Windows.9.0.0.3453.Incl.(zabranjeno)-NiGHTNiNG.torrent
C:\DOCUME~1\zerocool\Application Data\uTorrent\BlueSoleil 6.4.237.0+(zabranjeno).torrent
C:\DOCUME~1\zerocool\Application Data\uTorrent\BS.Player PRO 2.42 Build 1005B(Release on 5 July 2009) + Working Keygen.torrent
C:\DOCUME~1\zerocool\Application Data\uTorrent\Nero Ultra 8.3.6.0 + Keygen (halofubar).torrent
C:\DOCUME~1\zerocool\Application Data\uTorrent\PC Zuma Deluxe+ Luxor Amun Rising + Atlantis+ (zabranjeno)s.rar.torrent
C:\DOCUME~1\zerocool\Desktop\Svastara\Bigfish Games - Pirate Poppers + (zabranjeno)
C:\DOCUME~1\zerocool\Desktop\Svastara\Bigfish Games - Pirate Poppers + (zabranjeno)\(zabranjeno).zip
C:\DOCUME~1\zerocool\Desktop\Svastara\Bigfish Games - Pirate Poppers + (zabranjeno)\How To Use The (zabranjeno).txt
C:\DOCUME~1\zerocool\Desktop\Svastara\Bigfish Games - Pirate Poppers + (zabranjeno)\Pirate Poppers Installer.exe
C:\DOCUME~1\zerocool\Desktop\Svastara\Bigfish Games - Pirate Poppers + (zabranjeno)\piratepoppers.exe
C:\DOCUME~1\zerocool\Desktop\Svastara\knjige\web design\Adobe.Dreamweaver.CS3.Windows.9.0.0.3453.Incl.(zabranjeno)-NiGHTNiNG
C:\DOCUME~1\zerocool\Desktop\Svastara\knjige\web design\Adobe.Dreamweaver.CS3.Windows.9.0.0.3453.Incl.(zabranjeno)-NiGHTNiNG\adodwcs3.iso
C:\DOCUME~1\zerocool\Desktop\Svastara\knjige\web design\Adobe.Dreamweaver.CS3.Windows.9.0.0.3453.Incl.(zabranjeno)-NiGHTNiNG\NiGHTNiNG.nfo
C:\DOCUME~1\zerocool\My Documents\igrice\Zuma Deluxe Working+(zabranjeno).rar


[F:1][D:0]-> C:\DOCUME~1\zerocool\LOCALS~1\Temp
[F:72][D:0]-> C:\DOCUME~1\zerocool\Cookies
[F:2][D:0]-> C:\DOCUME~1\zerocool\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 02/26/2010|17:04 - Option : [1]

--------------------\\ Scan completed at 17:04:43

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

 
Files to delete:
C:\WINDOWS\tasks\SA.DAT
c:\windows\system32\drivers\ndisprot.sys
c:\windows\sqlexec64.exe

Drivers to delete:
Ndisprot

Folders to delete:
C:\Program Files\DivoCodec
C:\Program Files\DomPlayer
C:\DOCUME~1\ALLUSE~1\APPLIC~1\setup film inter bib




Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\tasks\SA.DAT" deleted successfully.
File "c:\windows\system32\drivers\ndisprot.sys" deleted successfully.
File "c:\windows\sqlexec64.exe" deleted successfully.
Driver "Ndisprot" deleted successfully.
Folder "C:\Program Files\DivoCodec" deleted successfully.
Folder "C:\Program Files\DomPlayer" deleted successfully.
Folder "C:\DOCUME~1\ALLUSE~1\APPLIC~1\setup film inter bib" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?