provjera?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:31, on 15.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robi\Desktop\Nova mapa (2)\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
R3 - URLSearchHook: CroHerzegovina InfoBar Toolbar - {01a40acf-f7b7-4a08-bf32-eac4113e41fd} - C:\Program Files\CroHerzegovina_InfoBar\tbCroH.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CroHerzegovina InfoBar Toolbar - {01a40acf-f7b7-4a08-bf32-eac4113e41fd} - C:\Program Files\CroHerzegovina_InfoBar\tbCroH.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: CroHerzegovina InfoBar Toolbar - {01a40acf-f7b7-4a08-bf32-eac4113e41fd} - C:\Program Files\CroHerzegovina_InfoBar\tbCroH.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\BHROOT\BIN\monitor.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c8fe527b2f7a97) (gupdate1c8fe527b2f7a97) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\BHROOT\BIN\PORTMAP.EXE

--
End of file - 10662 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li postoji neki konkretan problem ili samo proveru radis?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

jučer mi je nod32 prijavljivao trojance,
a danas evo ništa, pa bi htio da samo pogledate jel ima šta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

--------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

[quote="helen1"]* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.
[/qoute]

meni je to drugačije, ja imam neki noviji nod32

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa nekako iskljuci zastitu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nisam mogao prije postaviti logo


ComboFix 08-11-17.03 - Robi 2008-11-18 16:09:26.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.609 [GMT 1:00]
Running from: c:\documents and settings\Robi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cmsetac.dll
c:\windows\n.tmp
c:\windows\ntdtcstp.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-16 20:10 . 2008-11-16 20:26 <DIR> d-------- c:\documents and settings\Robi\Application Data\FarmingSimulator2008
2008-11-16 10:22 . 2008-11-16 10:22 <DIR> d-------- C:\ConverterOutput
2008-11-16 10:22 . 2007-03-25 00:51 3,049,984 --a------ c:\windows\system32\libavcodec.dll
2008-11-16 10:22 . 2007-03-25 21:40 2,174,976 --a------ c:\windows\system32\ffdshow.ax
2008-11-16 10:22 . 2007-03-25 00:51 404,480 --a------ c:\windows\system32\libmplayer.dll
2008-11-16 10:22 . 2003-03-30 20:08 372,736 --a------ c:\windows\system32\xvid.ax
2008-11-16 10:22 . 2007-01-01 05:30 200,704 --a------ c:\windows\system32\TomsMoComp_ff.dll
2008-11-16 10:22 . 2007-03-25 00:51 114,688 --a------ c:\windows\system32\libmpeg2_ff.dll
2008-11-16 10:22 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2008-11-11 22:00 . 2008-11-11 22:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-09 15:14 . 2008-11-09 15:14 2,581 -r-hs---- c:\windows\PCGWIN32.LI5
2008-11-08 21:57 . 2008-11-08 21:57 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-11-08 21:57 . 2008-11-08 21:57 <DIR> d-------- C:\ADCDTEMP
2008-11-06 23:46 . 2008-11-06 23:46 <DIR> dr-h----- c:\documents and settings\Robi\Application Data\SecuROM
2008-11-06 23:33 . 2008-11-06 23:33 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-06 23:33 . 2008-11-06 23:33 22,328 --a------ c:\documents and settings\Robi\Application Data\PnkBstrK.sys
2008-11-06 23:32 . 2008-11-06 23:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-06 23:32 . 2008-11-06 23:33 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-06 23:32 . 2008-11-06 23:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-03 17:59 . 2008-11-03 17:59 236 --a------ C:\sqmdata00.sqm
2008-11-03 17:59 . 2008-11-03 17:59 200 --a------ C:\sqmnoopt00.sqm
2008-11-01 17:27 . 2008-11-01 17:27 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-01 17:27 . 2008-11-16 20:10 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-01 17:27 . 2008-11-16 20:09 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-31 21:40 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-31 21:40 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-31 21:40 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-31 21:25 . 2008-11-14 21:30 88 -r-hs---- c:\windows\system32\205156C147.sys
2008-10-31 21:24 . 2008-10-31 21:24 <DIR> d-------- c:\documents and settings\Robi\Application Data\Corel
2008-10-31 21:24 . 2008-10-31 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-31 21:23 . 2008-10-31 21:23 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-31 21:20 . 2008-11-14 21:30 3,402 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-10-31 21:19 . 2008-10-31 21:23 <DIR> d-------- c:\program files\Corel
2008-10-31 20:24 . 2008-10-31 20:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI
2008-10-31 19:52 . 2008-10-31 19:53 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-10-31 19:48 . 2008-10-31 19:48 <DIR> d-------- c:\documents and settings\Robi\Application Data\DAEMON Tools
2008-10-29 22:35 . 2008-10-29 22:35 <DIR> d-------- c:\documents and settings\Robi\Application Data\Yahoo!
2008-10-29 22:35 . 2008-10-29 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-29 22:16 . 2008-10-29 22:16 <DIR> d-------- c:\program files\Recuva
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\program files\Hewlett-Packard
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HPAppData
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-10-29 21:33 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD
2008-10-28 22:01 . 2008-10-29 22:00 <DIR> d-------- c:\program files\KGB Archiver
2008-10-26 19:40 . 2008-10-26 19:45 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HP
2008-10-26 19:27 . 2008-10-26 19:22 140,577 -----c--- c:\windows\hpoins14.dat.temp
2008-10-26 19:27 . 2007-06-06 00:07 2,000 -----c--- c:\windows\hpomdl14.dat.temp
2008-10-26 19:20 . 2008-10-26 19:37 141,212 --a--c--- c:\windows\hpoins14.dat
2008-10-26 19:20 . 2007-06-06 00:07 2,000 -----c--- c:\windows\hpomdl14.dat
2008-10-26 11:46 . 2008-10-26 11:46 <DIR> d-------- c:\program files\WGSoft
2008-10-26 11:46 . 2008-10-26 11:46 <DIR> d-------- c:\documents and settings\Robi\Application Data\ScanMaster-ELM - DEMO
2008-10-26 11:46 . 2006-07-04 14:36 61,440 --a------ c:\windows\system32\FTChipID.dll
2008-10-24 16:37 . 2008-10-24 17:09 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- c:\program files\Yahoo!
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- c:\program files\Visual Business Cards
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- C:\Downloads
2008-10-19 22:32 . 2008-10-19 22:32 <DIR> d-------- c:\documents and settings\Robi\Application Data\mojosoft
2008-10-19 17:35 . 2008-11-07 16:08 <DIR> d-------- c:\documents and settings\Robi\Application Data\skypePM
2008-10-19 17:35 . 2008-10-19 17:35 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\program files\Skype
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-19 17:32 . 2008-11-07 18:00 <DIR> d-------- c:\documents and settings\Robi\Application Data\Skype
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-18 12:11 . 2008-10-18 12:11 <DIR> d-------- c:\documents and settings\Robi\System
2008-10-18 12:11 . 2008-10-18 12:21 <DIR> d-------- c:\documents and settings\Robi\Application Data\SmartDraw
2008-10-18 12:03 . 2008-10-18 12:11 <DIR> d-------- c:\program files\SmartDraw 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 18:27 --------- d-----w c:\documents and settings\Robi\Application Data\uTorrent
2008-11-15 20:02 566,784 ----a-w c:\windows\~de74bc.tmp
2008-11-14 21:34 --------- d-----w c:\program files\Google
2008-11-10 11:01 --------- d-----w c:\program files\ESET
2008-11-06 22:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 14:47 --------- d-----w c:\documents and settings\Robi\Application Data\Hamachi
2008-11-02 16:23 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-01 15:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-31 20:24 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 18:48 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-29 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-26 18:41 --------- d-----w c:\program files\HP
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:35 --------- d-----w c:\program files\Windows Live
2008-10-22 14:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-19 19:19 2,560 -c--a-w c:\windows\_MSRSTRT.EXE
2008-10-19 19:19 --------- d-----w c:\program files\CroHerzegovina_InfoBar
2008-10-14 22:49 --------- d-----w c:\program files\Winamp
2008-10-14 22:49 --------- d-----w c:\program files\SHOUTcast
2008-10-14 22:44 --------- d-----w c:\program files\CCleaner
2008-10-12 17:46 --------- d-----w c:\program files\Conduit
2008-10-12 14:38 47,360 ----a-w c:\documents and settings\Robi\Application Data\pcouffin.sys
2008-10-12 14:38 --------- d-----w c:\documents and settings\Robi\Application Data\Vso
2008-10-12 14:36 --------- d-----w c:\program files\Icecast2 Win32
2008-10-10 12:30 --------- d-----w c:\program files\No-IP
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-10-09 18:41 --------- d-----w c:\documents and settings\Robi\Application Data\Winamp
2008-10-06 14:36 --------- d-----w c:\program files\Rockstar Games
2008-10-05 09:49 --------- d-----w c:\program files\GTASAConsole
2008-10-03 09:51 --------- d-----w c:\documents and settings\Robi\Application Data\LimeWire
2008-10-03 09:49 --------- d-----w c:\program files\Java
2008-10-03 09:46 --------- d-----w c:\program files\Common Files\Java
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 08:07 --------- d-----w c:\documents and settings\All Users\Application Data\phenomedia
2008-09-28 21:55 --------- d-----w c:\documents and settings\Robi\Application Data\Windows Live Writer
2008-09-28 21:54 --------- d-----w c:\program files\Microsoft
2008-09-28 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-09-28 19:14 --------- d-----w c:\program files\Alwil Software
2008-09-27 11:50 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-26 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\BlackPencil
2008-09-24 15:42 --------- d-----w c:\documents and settings\Robi\Application Data\ESET
2008-09-24 14:54 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-23 19:59 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-23 14:26 --------- d-----w c:\program files\ICQ6
2008-09-22 12:39 --------- d-----w c:\documents and settings\Robi\Application Data\Samsung
2008-09-21 22:01 --------- d-----w c:\documents and settings\Robi\Application Data\MSNInstaller
2008-09-18 20:04 --------- d-----w c:\program files\Alcohol Soft
2008-09-18 19:42 --------- d-----w c:\program files\uTorrent
2008-09-18 19:31 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-08 19:30 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-09-08 19:30 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-09-06 23:40 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-09-05 13:56 287,744 -c--a-w c:\windows\WLXPGSS.SCR
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-24 14:02 1,419,232 ----a-w c:\windows\system32\wdfcoinstaller01005.dll
2008-05-21 18:59 116,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-05-21 18:10 1,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01a40acf-f7b7-4a08-bf32-eac4113e41fd}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]
2008-09-15 05:47 1784856 --------- c:\program files\CroHerzegovina_InfoBar\tbCroH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2008-09-06 14:11 1569304 --------- c:\program files\Reganam\tbReg1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01a40acf-f7b7-4a08-bf32-eac4113e41fd}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01A40ACF-F7B7-4A08-BF32-EAC4113E41FD}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\game.dat"=
"d:\\UT2004\\System\\UT2004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"d:\\Program Files\\Electronic Arts\\Need For Speed\\Porsche Unleashed 2000\\Porsche.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\F1\\F1 2008 DELUX\\F1 2008 DELUX\\F1 Challenge 99-02.exe"=
"d:\\Program Files\\Quake3 Arena\\Quake III Arena\\quake3.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\Codemasters\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-11 56344]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-14 133104]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-24 13352]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 18:28]

2008-11-18 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 06:29]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Robi\Application Data\Mozilla\Firefox\Profiles\u3btprip.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-18 16:12:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\BHROOT\BIN\NT611SVC.EXE
c:\program files\BHROOT\BIN\MONITOR.EXE
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\BHROOT\BIN\PORTMAP.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-18 16:15:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 15:15:13
ComboFix2.txt 2008-11-09 11:55:10

Pre-Run: 368.820.224 bytes free
Post-Run: 432,525,312 bytes free

284 --- E O F --- 2008-11-17 21:02:33

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje? Jel prijavljuje NOD nesto?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sada je sve ok

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK.

Log je cist. Nema znakova malwera.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore