Molim za pomoc oko virusa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu da ocistim komp. od virusa, prosli su kroz nod32 i nista.....javljaju se na svakih pola sata ili ponovnom ukljuchivanjem kompa!!!! Unapred hvala

Logfile of HijackThis v1.99.1
Scan saved at 7:56:20 PM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nikolic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\JetAudio\JetAudio.exe
D:\Install\Novi NESA Programi\ANTIVIRUS software\Antichrist Virus\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {6281DAE6-6F4E-45CB-90BC-A58C49B6C632} - C:\WINDOWS\system32\cbXOHwVm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DABB1C43-1596-49C4-9E4D-51AE7A1518BB} - C:\WINDOWS\system32\cbXPgeDW.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [302aef68] rundll32.exe "C:\WINDOWS\system32\rqjsfnxd.dll",b
O4 - HKLM\..\Run: [BM3319dcf4] Rundll32.exe "C:\WINDOWS\system32\ihbmrtao.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nikolic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .mdz: C:\Program Files\Internet Explorer\Plugins\npmod32.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - gamingzone.ubisoft.com/dev/packages/GSManager.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbXPgeDW - C:\WINDOWS\SYSTEM32\cbXPgeDW.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...


* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-09-27.05 - Nikolic 2008-09-28 22:40:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1058 [GMT 2:00]
Running from: C:\Documents and Settings\Nikolic\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM3319dcf4.txt
C:\WINDOWS\BM3319dcf4.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXPgeDW.dll
C:\WINDOWS\system32\dxnfsjqr.ini
C:\WINDOWS\system32\fccywVLF.dll
C:\WINDOWS\system32\geBuTMde.dll
C:\WINDOWS\system32\jkkKdCur.dll
C:\WINDOWS\system32\khfFULEX.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mVwHOXbc.ini
C:\WINDOWS\system32\pmnLDtUk.dll
C:\WINDOWS\system32\qoMdDwxy.dll
C:\WINDOWS\system32\rsgdkwvf.ini
C:\WINDOWS\system32\vtUnolMG.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 22:10 . 2008-09-28 22:11 251,776 --a------ C:\WINDOWS\system32\byXPJYOF.dll
2008-09-26 02:56 . 2008-09-26 02:56 98,816 --a------ C:\WINDOWS\system32\mftdvuqp.dll
2008-09-26 02:55 . 2008-09-27 21:35 385,333 --ahs---- C:\WINDOWS\system32\mVwHOXbc.ini2
2008-09-26 02:36 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-26 02:36 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-26 02:36 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-26 02:36 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-26 02:36 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-09-26 02:36 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-09-26 02:36 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-26 02:36 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-26 02:35 . 2008-09-26 02:35 <DIR> d-------- C:\WINDOWS\Logs
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-09-25 20:01 . 2008-09-25 20:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-25 20:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-09-25 19:36 . 2008-09-25 19:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-25 19:36 . 2008-09-25 19:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-25 15:52 . 2008-09-25 20:06 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Nokia
2008-09-25 13:54 . 2008-09-25 19:12 984 --a------ C:\WINDOWS\eReg.dat
2008-09-25 02:48 . 2008-09-25 03:04 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\ICQ
2008-09-25 00:22 . 2008-09-25 00:22 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Command & Conquer 3 Tiberium Wars
2008-09-25 00:15 . 2008-09-25 00:15 <DIR> dr-h----- C:\Documents and Settings\Nikolic\Application Data\SecuROM
2008-09-25 00:15 . 2008-09-25 00:15 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-22 19:14 . 2008-09-22 19:14 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\DataLayer
2008-09-22 19:13 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-09-22 19:13 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-09-21 22:29 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-21 22:29 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-21 22:29 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-09-21 22:29 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-09-19 00:44 . 2008-09-19 00:44 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Apple Computer
2008-09-17 04:06 . 2008-09-17 04:06 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\InterVideo
2008-09-17 04:04 . 2008-09-17 04:05 <DIR> d-------- C:\Program Files\QuickTime
2008-09-17 04:04 . 2008-09-17 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-17 04:03 . 2008-09-17 04:03 <DIR> d-------- C:\Program Files\InterVideo Information Service
2008-09-17 04:03 . 2008-09-17 04:03 <DIR> d-------- C:\Program Files\Common Files\Ulead
2008-09-17 04:03 . 2006-05-11 18:41 654 --------- C:\WINDOWS\remove.iss
2008-09-17 04:02 . 2008-09-17 04:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-17 04:01 . 2008-09-17 04:01 <DIR> d-------- C:\Program Files\InterVideo
2008-09-17 04:01 . 2008-09-17 04:01 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-09-16 02:02 . 2008-09-26 15:26 <DIR> d-------- C:\Program Files\Winamp
2008-09-16 02:02 . 2008-09-16 02:03 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Winamp
2008-09-16 01:48 . 2008-09-16 01:48 <DIR> d-------- C:\Program Files\BS.Player ControlBar
2008-09-16 01:47 . 2008-09-16 01:47 <DIR> d-------- C:\Program Files\Webteh
2008-09-16 01:47 . 2008-09-16 01:47 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\BSplayer Pro
2008-09-16 01:47 . 2008-09-16 01:48 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\BSplayer
2008-09-16 01:23 . 2008-09-16 01:23 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-09-13 01:54 . 2008-09-13 01:54 <DIR> d--hs---- C:\Documents and Settings\Nikolic\PrivacIE
2008-09-12 20:00 . 2008-09-12 20:01 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-07 01:02 . 2008-09-07 01:02 <DIR> d--h----- C:\WINDOWS\page files
2008-09-07 01:02 . 2008-09-07 01:02 56 --ahs---- C:\redir.sys
2008-09-07 00:18 . 2005-09-06 17:10 173,494 --a------ C:\WINDOWS\system32\drivers\mon_ac_w.bin
2008-09-07 00:18 . 2005-09-21 19:31 158,592 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2008-09-07 00:17 . 2008-09-07 00:17 <DIR> d-------- C:\Program Files\Conexant
2008-09-07 00:17 . 2006-12-17 19:50 39,424 --a------ C:\WINDOWS\system32\GsiDi32.dll
2008-09-07 00:17 . 2005-08-24 20:48 25,600 --a------ C:\WINDOWS\system32\CoInst.dll
2008-09-07 00:17 . 2008-02-18 20:08 17,886 --------- C:\WINDOWS\wwdslcfg.ini
2008-09-07 00:17 . 2006-12-17 20:05 12,288 --a------ C:\WINDOWS\system32\CplEng.dll
2008-09-06 21:25 . 2008-09-06 21:25 <DIR> d-------- C:\Program Files\Native Instruments
2008-09-06 21:25 . 2004-09-30 13:13 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-09-06 20:58 . 2008-09-06 20:58 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Creative
2008-09-06 20:57 . 2000-05-22 10:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-09-06 20:57 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-09-06 20:52 . 1995-01-13 08:10 149,504 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2008-09-06 20:52 . 1995-01-13 08:10 108,032 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
2008-09-06 20:51 . 2002-04-11 03:41 65,536 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2008-09-06 20:51 . 2002-04-11 03:41 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2008-09-06 20:51 . 2008-09-26 15:45 11 --a------ C:\WINDOWS\SBWIN.INI
2008-09-06 20:48 . 2008-09-26 15:45 <DIR> d-------- C:\Program Files\Creative
2008-09-06 20:47 . 99 C:\WINDOWS\E
2008-09-05 15:04 . 2008-09-05 15:04 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Ahead
2008-09-03 17:21 . 2008-09-03 17:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-02 12:37 . 2006-11-04 21:08 749,568 -ra------ C:\WINDOWS\system32\tmp6F.tmp
2008-09-02 03:11 . 2006-11-04 21:08 749,568 -ra------ C:\WINDOWS\system32\tmp2305.tmp
2008-09-02 02:45 . 2008-09-02 02:45 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-09-01 19:05 . 2008-09-02 19:34 <DIR> d-------- C:\RmConverterOutput
2008-09-01 19:04 . 2008-09-01 19:05 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-09-01 18:03 . 2008-09-01 18:03 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-09-01 18:03 . 2008-09-01 18:34 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-08-28 01:20 . 2008-08-28 01:20 250 --a------ C:\WINDOWS\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 13:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 13:40 --------- d-----w C:\Program Files\Google
2008-09-26 13:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-26 00:55 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\BitTorrent
2008-09-25 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-25 18:04 --------- d-----w C:\Program Files\Nokia
2008-09-25 18:04 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-25 18:01 --------- d-----w C:\Program Files\DIFX
2008-09-25 18:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-25 17:30 --------- d-----w C:\Program Files\MSN Messenger
2008-09-25 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-17 02:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-15 23:29 --------- d-----w C:\Program Files\WinASO
2008-09-13 13:32 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-09-06 23:00 --------- d-----w C:\Program Files\Antares
2008-09-06 21:48 --------- d-----w C:\Program Files\Vstplugins
2008-09-03 23:35 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\HPAppData
2008-09-01 15:47 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\Sony
2008-09-01 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cloanto
2008-09-01 13:44 --------- d-----w C:\Program Files\Common Files\Cloanto
2008-08-30 18:49 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\DNA
2008-08-30 18:27 --------- d-----w C:\Program Files\DNA
2008-08-27 13:24 --------- d-----w C:\Program Files\JetAudio
2008-08-12 20:18 --------- d-----w C:\Program Files\Steinberg
2008-08-12 19:39 --------- d-----w C:\Program Files\Lexicon
2008-08-12 19:19 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\Steinberg
2008-08-12 18:46 --------- d-----w C:\Program Files\Syncrosoft
2008-08-12 17:44 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-08-12 17:27 --------- d-----w C:\Program Files\InterLok
2008-08-12 17:27 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-08-12 17:27 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\PACE Anti-Piracy
2008-08-12 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-08-08 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-08 23:10 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\HP
2008-08-08 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-08 22:56 --------- d-----w C:\Program Files\HP
2008-08-08 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-08-08 22:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-08 22:54 --------- d-----w C:\Program Files\Common Files\HP
2008-08-08 22:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-08-08 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-08 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-06 00:44 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\Media Player Classic
2008-08-04 11:44 --------- d-----w C:\Program Files\SoundTower
2008-08-03 01:08 --------- d-----w C:\Program Files\Java
2008-08-03 01:02 --------- d-----w C:\Program Files\Common Files\Java
2008-08-02 19:18 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-01 18:41 --------- d-----w C:\Program Files\Alcohol Soft
2008-08-01 18:33 --------- d-----w C:\Program Files\OpenAL
2008-07-30 18:06 --------- d-----w C:\Program Files\Cloanto
2008-07-30 13:03 --------- d-----w C:\Program Files\TGTSoft
2008-07-30 12:36 --------- d-----w C:\Program Files\Duhiki
2008-07-30 12:35 --------- d-----w C:\Program Files\FileSubmit
2008-07-30 12:30 --------- d-----w C:\Program Files\ubi.com
2008-07-29 00:19 52,094 ----a-w C:\WINDOWS\FdUninstall.exe
2008-07-28 18:38 --------- d-----w C:\Program Files\WinSTon
2008-07-28 15:05 --------- d-----w C:\Program Files\NewBlue
2008-07-28 14:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-28 14:11 --------- d-----w C:\Program Files\DivX
2008-07-28 14:10 --------- d-----w C:\Program Files\Ligos
2008-07-28 14:09 --------- d-----w C:\Program Files\DScaler5
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Nikolic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-09 949376]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"aux2"= ctwdm32.dll
"VIDC.ACDV"= ACDV.dll
"aux8"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikolic^Start Menu^Programs^Startup^Omega ASIO Control Panel.lnk]
backup=C:\WINDOWS\pss\Omega ASIO Control Panel.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adparatus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 17:08 173304 D:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"D:\\Program Files\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"=
"C:\\Program Files\\JetAudio\\JcServer.exe"=
"C:\\Program Files\\JetAudio\\jetChat.exe"=
"C:\\Program Files\\Valve\\Half-Life\\hl.exe"=
"D:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2007-02-01 110128]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 fdrawcmd;Low-level Floppy Driver;C:\WINDOWS\system32\drivers\fdrawcmd.sys [2006-12-23 27312]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-01 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ca6e4c-51af-11dd-875d-000d61314d6c}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\wmerreuu.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd5a482-6482-11dd-87a4-000d61314d6c}]
\Shell\AutoRun\command - ta2.cmd
\Shell\explore\Command - ta2.cmd
\Shell\open\Command - ta2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffdc3170-66b4-11dd-87ae-000d61314d6c}]
\Shell\AutoRun\command - ta2.cmd
\Shell\explore\Command - ta2.cmd
\Shell\open\Command - ta2.cmd
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{6281DAE6-6F4E-45CB-90BC-A58C49B6C632} - C:\WINDOWS\system32\cbXOHwVm.dll
BHO-{DABB1C43-1596-49C4-9E4D-51AE7A1518BB} - C:\WINDOWS\system32\cbXPgeDW.dll
HKCU-Run-DAEMON Tools Pro Agent - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
HKLM-Run-302aef68 - C:\WINDOWS\system32\rqjsfnxd.dll
HKLM-Run-BM3319dcf4 - C:\WINDOWS\system32\ihbmrtao.dll
ShellExecuteHooks-{DABB1C43-1596-49C4-9E4D-51AE7A1518BB} - C:\WINDOWS\system32\cbXPgeDW.dll
MSConfigStartUp-CTSysVol - C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
MSConfigStartUp-DSLAGENTEXE - C:\Program Files\Conexant\Adsl\dslagent.exe
MSConfigStartUp-DSLSTATEXE - C:\Program Files\Conexant\Adsl\dslstat.exe
MSConfigStartUp-LXSUPMON - C:\WINDOWS\system32\LXSUPMON.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nikolic\Application Data\Mozilla\Firefox\Profiles\59x83366.default\
FF -: plugin - C:\Documents and Settings\Nikolic\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - D:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npdsplay.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npqtplugin7.dll
FF -: plugin - D:\Program Files\Opera\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-28 22:48:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 22:51:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 20:51:00

Pre-Run: 1,639,260,160 bytes free
Post-Run: 1,644,244,992 bytes free

343

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\byXPJYOF.dll
C:\WINDOWS\system32\mftdvuqp.dll
C:\WINDOWS\system32\mVwHOXbc.ini2

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ca6e4c-51af-11dd-875d-000d61314d6c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd5a482-6482-11dd-87a4-000d61314d6c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffdc3170-66b4-11dd-87ae-000d61314d6c}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-09-28.01 - Nikolic 2008-09-29 17:37:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1235 [GMT 2:00]
Running from: C:\Documents and Settings\Nikolic\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikolic\My Documents\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\byXPJYOF.dll
C:\WINDOWS\system32\mftdvuqp.dll
C:\WINDOWS\system32\mVwHOXbc.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXPJYOF.dll
C:\WINDOWS\system32\mftdvuqp.dll
C:\WINDOWS\system32\mVwHOXbc.ini2

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-26 02:37 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-09-26 02:36 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-26 02:36 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-26 02:36 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-26 02:36 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-26 02:36 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-09-26 02:36 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-09-26 02:36 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-26 02:36 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-26 02:35 . 2008-09-26 02:35 <DIR> d-------- C:\WINDOWS\Logs
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-09-25 20:01 . 2008-09-25 20:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-25 20:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-09-25 19:36 . 2008-09-25 19:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-25 19:36 . 2008-09-25 19:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-25 15:52 . 2008-09-25 20:06 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Nokia
2008-09-25 13:54 . 2008-09-25 19:12 984 --a------ C:\WINDOWS\eReg.dat
2008-09-25 02:48 . 2008-09-25 03:04 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\ICQ
2008-09-25 00:22 . 2008-09-25 00:22 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Command & Conquer 3 Tiberium Wars
2008-09-25 00:15 . 2008-09-25 00:15 <DIR> dr-h----- C:\Documents and Settings\Nikolic\Application Data\SecuROM
2008-09-25 00:15 . 2008-09-25 00:15 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-22 19:14 . 2008-09-22 19:14 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\DataLayer
2008-09-22 19:13 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-09-22 19:13 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-09-21 22:29 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-21 22:29 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-21 22:29 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-09-21 22:29 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-09-19 00:44 . 2008-09-19 00:44 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Apple Computer
2008-09-17 04:06 . 2008-09-17 04:06 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\InterVideo
2008-09-17 04:04 . 2008-09-17 04:05 <DIR> d-------- C:\Program Files\QuickTime
2008-09-17 04:04 . 2008-09-17 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-17 04:03 . 2008-09-17 04:03 <DIR> d-------- C:\Program Files\InterVideo Information Service
2008-09-17 04:03 . 2008-09-17 04:03 <DIR> d-------- C:\Program Files\Common Files\Ulead
2008-09-17 04:03 . 2006-05-11 18:41 654 --------- C:\WINDOWS\remove.iss
2008-09-17 04:02 . 2008-09-17 04:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-17 04:01 . 2008-09-17 04:01 <DIR> d-------- C:\Program Files\InterVideo
2008-09-17 04:01 . 2008-09-17 04:01 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-09-16 02:02 . 2008-09-26 15:26 <DIR> d-------- C:\Program Files\Winamp
2008-09-16 02:02 . 2008-09-16 02:03 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Winamp
2008-09-16 01:48 . 2008-09-16 01:48 <DIR> d-------- C:\Program Files\BS.Player ControlBar
2008-09-16 01:47 . 2008-09-16 01:47 <DIR> d-------- C:\Program Files\Webteh
2008-09-16 01:47 . 2008-09-16 01:47 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\BSplayer Pro
2008-09-16 01:47 . 2008-09-16 01:48 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\BSplayer
2008-09-16 01:23 . 2008-09-16 01:23 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-16 01:07 . 2008-09-16 01:07 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-09-13 01:54 . 2008-09-13 01:54 <DIR> d--hs---- C:\Documents and Settings\Nikolic\PrivacIE
2008-09-12 20:00 . 2008-09-12 20:01 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-07 01:02 . 2008-09-07 01:02 <DIR> d--h----- C:\WINDOWS\page files
2008-09-07 01:02 . 2008-09-07 01:02 56 --ahs---- C:\redir.sys
2008-09-07 00:18 . 2005-09-06 17:10 173,494 --a------ C:\WINDOWS\system32\drivers\mon_ac_w.bin
2008-09-07 00:18 . 2005-09-21 19:31 158,592 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2008-09-07 00:17 . 2008-09-07 00:17 <DIR> d-------- C:\Program Files\Conexant
2008-09-07 00:17 . 2006-12-17 19:50 39,424 --a------ C:\WINDOWS\system32\GsiDi32.dll
2008-09-07 00:17 . 2005-08-24 20:48 25,600 --a------ C:\WINDOWS\system32\CoInst.dll
2008-09-07 00:17 . 2008-02-18 20:08 17,886 --------- C:\WINDOWS\wwdslcfg.ini
2008-09-07 00:17 . 2006-12-17 20:05 12,288 --a------ C:\WINDOWS\system32\CplEng.dll
2008-09-06 21:25 . 2008-09-06 21:25 <DIR> d-------- C:\Program Files\Native Instruments
2008-09-06 21:25 . 2004-09-30 13:13 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-09-06 20:58 . 2008-09-06 20:58 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Creative
2008-09-06 20:57 . 2000-05-22 10:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-09-06 20:57 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-09-06 20:52 . 1995-01-13 08:10 149,504 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2008-09-06 20:52 . 1995-01-13 08:10 108,032 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
2008-09-06 20:51 . 2002-04-11 03:41 65,536 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2008-09-06 20:51 . 2002-04-11 03:41 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2008-09-06 20:51 . 2008-09-26 15:45 11 --a------ C:\WINDOWS\SBWIN.INI
2008-09-06 20:48 . 2008-09-26 15:45 <DIR> d-------- C:\Program Files\Creative
2008-09-06 20:47 . 2008-09-06 20:57 99 --a------ C:\WINDOWS\È
2008-09-05 15:04 . 2008-09-05 15:04 <DIR> d-------- C:\Documents and Settings\Nikolic\Application Data\Ahead
2008-09-03 17:21 . 2008-09-03 17:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-02 12:37 . 2006-11-04 21:08 749,568 -ra------ C:\WINDOWS\system32\tmp6F.tmp
2008-09-02 03:11 . 2006-11-04 21:08 749,568 -ra------ C:\WINDOWS\system32\tmp2305.tmp
2008-09-02 02:45 . 2008-09-02 02:45 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-09-01 19:05 . 2008-09-02 19:34 <DIR> d-------- C:\RmConverterOutput
2008-09-01 19:04 . 2008-09-01 19:05 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-09-01 18:03 . 2008-09-01 18:03 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-09-01 18:03 . 2008-09-01 18:34 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 13:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 13:40 --------- d-----w C:\Program Files\Google
2008-09-26 13:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-26 00:55 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\BitTorrent
2008-09-25 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-25 18:04 --------- d-----w C:\Program Files\Nokia
2008-09-25 18:04 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-25 18:01 --------- d-----w C:\Program Files\DIFX
2008-09-25 18:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-25 17:30 --------- d-----w C:\Program Files\MSN Messenger
2008-09-25 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-17 02:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-15 23:29 --------- d-----w C:\Program Files\WinASO
2008-09-13 13:32 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-09-06 23:00 --------- d-----w C:\Program Files\Antares
2008-09-06 21:48 --------- d-----w C:\Program Files\Vstplugins
2008-09-03 23:35 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\HPAppData
2008-09-01 15:47 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\Sony
2008-09-01 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cloanto
2008-09-01 13:44 --------- d-----w C:\Program Files\Common Files\Cloanto
2008-08-30 18:49 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\DNA
2008-08-30 18:27 --------- d-----w C:\Program Files\DNA
2008-08-27 13:24 --------- d-----w C:\Program Files\JetAudio
2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 01:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 01:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 01:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 01:05 48,640 ----a-w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-12 20:18 --------- d-----w C:\Program Files\Steinberg
2008-08-12 19:39 --------- d-----w C:\Program Files\Lexicon
2008-08-12 19:19 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\Steinberg
2008-08-12 18:46 --------- d-----w C:\Program Files\Syncrosoft
2008-08-12 17:44 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-08-12 17:27 --------- d-----w C:\Program Files\InterLok
2008-08-12 17:27 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-08-12 17:27 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\PACE Anti-Piracy
2008-08-12 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-08-08 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-08 23:10 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\HP
2008-08-08 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-08 22:56 --------- d-----w C:\Program Files\HP
2008-08-08 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-08-08 22:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-08 22:54 --------- d-----w C:\Program Files\Common Files\HP
2008-08-08 22:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-08-08 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-08 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-06 00:44 --------- d-----w C:\Documents and Settings\Nikolic\Application Data\Media Player Classic
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-08-04 11:44 --------- d-----w C:\Program Files\SoundTower
2008-08-03 01:08 --------- d-----w C:\Program Files\Java
2008-08-03 01:02 --------- d-----w C:\Program Files\Common Files\Java
2008-08-02 19:18 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-01 18:41 --------- d-----w C:\Program Files\Alcohol Soft
2008-08-01 18:33 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-01 18:33 --------- d-----w C:\Program Files\OpenAL
2008-07-30 18:06 --------- d-----w C:\Program Files\Cloanto
2008-07-30 13:03 --------- d-----w C:\Program Files\TGTSoft
2008-07-30 12:36 --------- d-----w C:\Program Files\Duhiki
2008-07-30 12:35 --------- d-----w C:\Program Files\FileSubmit
2008-07-30 12:30 --------- d-----w C:\Program Files\ubi.com
2008-07-29 00:19 52,094 ----a-w C:\WINDOWS\FdUninstall.exe
2008-07-28 18:38 --------- d-----w C:\Program Files\WinSTon
2008-07-28 15:05 --------- d-----w C:\Program Files\NewBlue
2008-07-28 14:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-28 14:11 --------- d-----w C:\Program Files\DivX
2008-07-28 14:10 --------- d-----w C:\Program Files\Ligos
2008-07-28 14:09 --------- d-----w C:\Program Files\DScaler5
2008-07-09 17:51 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2008-07-09 16:49 298,104 ----a-w C:\WINDOWS\system32\imon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Nikolic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-09 949376]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"aux2"= ctwdm32.dll
"VIDC.ACDV"= ACDV.dll
"aux8"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikolic^Start Menu^Programs^Startup^Omega ASIO Control Panel.lnk]
backup=C:\WINDOWS\pss\Omega ASIO Control Panel.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adparatus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 17:08 173304 D:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"D:\\Program Files\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"=
"C:\\Program Files\\JetAudio\\JcServer.exe"=
"C:\\Program Files\\JetAudio\\jetChat.exe"=
"C:\\Program Files\\Valve\\Half-Life\\hl.exe"=
"D:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2007-02-01 110128]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 fdrawcmd;Low-level Floppy Driver;C:\WINDOWS\system32\drivers\fdrawcmd.sys [2006-12-23 27312]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-01 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-29 17:39:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-09-29 17:40:21
ComboFix-quarantined-files.txt 2008-09-29 15:40:19
ComboFix2.txt 2008-09-28 20:51:07

Pre-Run: 1,914,503,168 bytes free
Post-Run: 1,902,780,416 bytes free

297

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kad sam ovo odradio bilo je dobro ceo dan ali ponovo je poceo da prijavljuje neki virus!!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Neki virus? Naziv, lokacija?!

Dvoklikom pokreni ComboFix i postavi log koji ćeš dobiti na kraju procesa.