Da li odneti komp u servis ili...?

Pozdrav svima.
Nov sam na forumu i znam da je dosad bilo dosta slicnih tema ali pre nego odnesem racunar na servis probao bi da resim problem na ovaj nacin jer vidim da na ovom forumu ima ljudi koji znaju znanje.
Konfiguracija mog racunara je sledeca:

<<< System Summary >>>

> Mainboard : MSI K9VGM-V (MS-7253)
> Chipset : K8M890CE Host Bridge
> Processor : AMD Sempron 3200+ @ 1800 MHz
Type : AMD Sempron
Internal Specification : AMD Sempron(tm) Processor 3200+
Model Number : 3200+ (estimated)
Codename : Manila
Revision : DH-F2
Technology : 0.09µ
CPU ID : F.F.2
CPU IDEx : F.4F.2
Brand ID : 6
Microcode : MU0FF20
K8 Revision : 5.2
Energy Efficient : Yes
> Physical Memory : 512 MB (1 x 512 DDR2-SDRAM )
> Video Card : Nvidia Corp NVIDIA GeForce 8500 GT
> Hard Disk : WDC (160 GB)
SMART : Version 1.1
IDE Controller : VIA Technologies Inc VT8237A SATA Controller
IDE Controller : VIA Technologies Inc VT82xxxx EIDE Controller (All VIA Chipsets)
> DVD-Rom Drive : PIONEER DVD-RW DVR-111D
> Monitor Type : F-417 - 17 inches
> Network Card : VT82C570 MV IDE Controller VT6102 Rhine II Fast Ethernet Adapter
> Operating System : Microsoft Windows XP Professional 5.01.2600 Service Pack 2
> DirectX : Version 9.0c (December 2007)

<<< Voltage, Temperature and Fans >>> (OVO JE STANJE U JEDNOM TRENUTKU KAD KOMP NIJE BIO OPTERECEN)

> Monitoring Chip : Winbond W83627EHF/EHG
>> General Information
ISA Address : 0x290
Support : K9VGM-V (MS-7253)
>> Sensor Information
Sensor : Winbond W83627EHF/EHG
Mode : ISA
Configuration : According the Motherboard
Q-Fan/SmartFan Enabled : No
Chassis intrusion : Yes
> Voltage CPU : 1.40 V
>> General Information
Voltage : 1.400 V
StartupVID : 1.100 V
MaxVID : 1.450 V
> Processor Temperature : 37 °C
> Processor Fan : 3214 rpm
> Monitoring Chip GPU : nVidia Driver
> GPU Temperature : 48 °C
> GPU Fan : 100%
> Hard Disk Temperature WDC WD1600JS-00NCB1 : 28 °C

Do pre nekog vremena radio je ok (recimo dva tri meseca). Sada je prilicno "usporio", tj. sporo dize sistem i sporo startuje aplikacije bez obzira na to o kojoj se aplikaciji radi. Desi se npr. da u Commander-u hocu da otvorim neki folder, krene da otvara i tu je kraj. Onda sledi Task Manager→EndTask, pa ponovo startuj. To se desava sa razlicitim aplikacijama ( npr. cekam citavu vecnost da pokrenem jedan obican Winamp).
Za svako startovanje bilo koje aplikacije treba mu vremena, muci se, cesto i bez uspeha.
U celoj prici aktivnost procesora nije visoka, temperature su normalne, antivirus radi (Kaspersky, redovno azuriran i redovno skeniranje sistema i Spyware Doctor). Na sistemskoj particiji hard diska mi je slobodno 6.3 od 31 Gb (ako je to uopste bitno).
Uradio sam skeniranje AV-om (nije nasao bog zna sta), ocistio disk DiskCleaner-om, ocistio registar RegistryCleaner-om, uninstal-irao programe koje ne koristim i........nije se nista promenilo. Na trenutke radi dobro ali u sustini problem je tu.
Ako je neko voljan da pomogne, hvala mu! Ako nije...odo ja u servis ili cu mozda da kupim drugi racunar!?

Da li koristis neke teme za windows ili neki vista look mozda (pitam zbog aero tema koje gutaju memoriju)?! Ili se mozda pri bootu pokrece mnogo programa pa i to smeta a vidim da imas samo 512mb rama...
Recimo da pokusas prvo sa reinstalacijom windowsa i da ubacis sp3 jer radi osjetno brze i da ubacis nove drivere pa ako ne bude promjena onda mozes da pokusas sa servisom!

p0zz

---

@grayzer01

Pogledaj ovu temu. Mozda pomogne. Takodje uradi pretragu "celog sajta" na ES-u sa kljucnom recju "PIO".

Awaks-e,

Hvala ti sto si se javio.
Imam instaliran vista look (vista inspirat), ali to nije od juce. Ranije nije bio problem.
Windows sam reinstalirao relativno skoro, pre nekoliko meseci (doduse sa SP2) i to bi ostavio za poslednju soluciju.
Iskreno da ti kazem rado bi se upustio u problematiku. Najlakse je odneti racunar na servis ili reinstalirati windows.
Ovako covek moze nesto korisno da nauci, naravno ako ima zainteresovanih da se bave mojim problemom

Uradio sam kako si predlozio ali nisam nista uspeo da skontam.
Ako imas jos neki predlog........

Mozda da pokusas sa System Restore na neku raniju tacku na kojoj je sve radilo ok! Windows je josh frisak koliko vidim ali opet se mogao i neki virus zavuci u sistem... I sam koristim Kaspersky i vise nego zadovoljan sam ali ne iskljucujem i tu opciju da je nesto promaklo...

---

@grayzer01

Sta si probao od savetovanog u linkovanoj temi? Jesi li ista pobao od savetovanog? Ako ti nije nesto jasno pitaj ali konkretna pitanja posto je ceo postupak prilicno dobro objasnjen u linkovanoj temi.

Uradi defragment diska, ako nisi...
Pa onda javi da vidimo da li se ista promjenilo...
Pored toga jos precesljaj komp sa CCleanerom...

---

Cao narode,

Setio sam se da sam pre nekog vremena procitao negde da u ovakvoj situaciji treba uraditi scan sistema u SAFE MODE-u. To sam i uradio.Rezultat je:
KASPERSKY
10/6/2009 22:36:08 Otkrivene su opasnosti Kaspersky Internet Security
10/6/2009 22:38:00 Otkriveno: Trojan.Win32.Buzus.bzhc Kaspersky Internet Security c:/documents and
settings/xxx\local settings/temp/_tc0\poweriso 4.4/poweriso44.exe/data0000.cab/key.exe
10/6/2009 23:03:19 Otkrivene su opasnosti Kaspersky Internet Security
10/6/2009 23:12:56 Otkriveno: Trojan.Win32.Buzus.bzhc Kaspersky Internet Security d:/install/arhive/poweriso
4.4/poweriso44.exe/data0000.cab/key.exe
SPYWARE DOCTOR
10/6/2009 10:48:23 PM:875
Threat Name - Adware.WhenU_SaveNow
Type - File
Risk Level - Info & PUAs
Infection - C:/System Volume Information/_restore{37C4AB7C-5479-43D1-A77C-CD03ECE19BDA}\RP321\A0053369.exe

10/7/2009 12:56:51 AM:78
Threat Name - Adware.BookedSpace
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_USERS/S-1-5-21-839522115-299502267-725345543-500/Software/Microsoft/Internet Explorer\Extensions/CmdMapping, {669695BC-A811-4A9D-8CDF-BA8C795F261C}

10/7/2009 1:01:22 AM:546
Threat Name - Application.PowerRegister
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_USERS/S-1-5-21-839522115-299502267-725345543-500/Software/LeaderTech/PowerRegister/RegReminders

10/7/2009 1:01:23 AM:562
Threat Name - Application.PowerRegister
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_USERS/S-1-5-21-839522115-299502267-725345543-500/Software/LeaderTech/PowerRegister/RegStatus, DSKP

10/7/2009 1:01:23 AM:765
Threat Name - Application.PowerRegister
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_USERS/S-1-5-21-839522115-299502267-725345543-500/Software/LeaderTech/PowerRegister/RegStatus

10/7/2009 1:01:23 AM:859
Threat Name - Application.PowerRegister
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_USERS/S-1-5-21-839522115-299502267-725345543-500/Software/LeaderTech/PowerRegister

KO BI REK'O! Sve je naravno dezinfikovano, odnosno obrisano lil smesteno u karantin.
Posle ovoga komp radi primetno bolje. Da li je to samo trenutak ili ce tako biti i dalje....videcemo.
Kaspersky je otkrio i neke "ranjivosti". Iskreno ne znam sta je to i kako se uklanja ali znam da prikazuje visok nivo opasnosti.
STA JE RANJIVOST?

Jel zna neko da li je ovaj postupak nesto uobicajeno ili je ovo slucajnost (mozda bi AV otkrio viruse i u Normal mode-u).
Cemu u stvari sluzi SAFE MODE?

SAFE MODE je neka vrsta dijagnostickog rezima rada Windows-a, tj. kada se sa Windowsom podizu samo najosnovniji procesi i drajveri u svrhu dijagnostike softverskih problema. U nekim situacijama jeste pozeljno da se skeniranje za viruse radi u Safe Mode-u. Znaci ipak su bili virusi. Tema se premesta u "Cekaonicu" za napomenom da je za forum "Zastita"...

za pocetak resetuj system restore pa odradi skeniranje sa HijackThis programom

http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

---

Evo ga HijackThis logfile.
Ako neko ume i hoce da komentarise, izvolte.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:42, on 10/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\xxx\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Dodaj u zaštitu od reklama - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Stastistika zaštite mrežnog saobracaja - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/We...update/su2/ocx/15108/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28C4BB17-495A-49CE-8EFC-2F2B9B39DC86}: NameServer = 194.247.192.1 194.247.192.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{28C4BB17-495A-49CE-8EFC-2F2B9B39DC86}: NameServer = 194.247.192.1 194.247.192.33
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9d1b7480b420c) (gupdate1c9d1b7480b420c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9980 bytes

Popravi ovu liniju:


HijackThis log je cist...da bi sa sigurnoscu mogli reci da je ovo cist racunar mi idemo na dodatno skeniranje:

Skini Program DDS

Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Zakaci mi log DDS.txt ,onaj drugi attach.txt nam trenutno ne treba

---

Kako da popravim liniju:
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

Sada sam video, nisam uradio reset system restore pre nego sto sam uradio scan Hijack This-om.
Da ponovim ili je to ok?

Evo ga log DDS.txt :


DDS (Ver_09-09-29.01) - FAT32x86
Run by xxx at 19:33:03.45 on Thu 10/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
{c94e154b-1459-4a47-966b-4b843befc7db}
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed}: AskBar BHO
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {4322A444-92F8-4C3E-BD4C-013BA51E2871} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4322A444-92F8-4C3E-BD4C-013BA51E2871} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Stastistika zaštite mrežnog saobracaja: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uPolicies-explorer: <NO NAME> = 00000000
uPolicies-explorer: NoLogoff = 01000000
uPolicies-explorer: NoFavoritesMenu = 01000000
dPolicies-explorer: <NO NAME> = 00000000
dPolicies-explorer: NoLogoff = 01000000
dPolicies-explorer: NoFavoritesMenu = 01000000
IE: &Download with &DAP
IE: Dodaj u zaštitu od reklama - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: bancaintesabeograd.com\online
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: {28C4BB17-495A-49CE-8EFC-2F2B9B39DC86} = 194.247.192.1 194.247.192.33
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xxx\applic~1\mozilla\firefox\profiles\d9qnq4i5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\xxx\application data\mozilla\firefox\profiles\d9qnq4i5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\Shim.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-05 20:28 4,096 a------- c:\windows\d3dx.dat
2009-10-05 20:10 27,136 a------- c:\windows\system32\PCWizard.cpl
2009-10-05 20:10 <DIR> --d----- c:\program files\PC Wizard 2007
2009-10-05 15:05 81,920 a------- c:\windows\system32\Startup.cpl
2009-10-01 23:56 <DIR> --d----- c:\docume~1\xxx\applic~1\Ice Age 2
2009-10-01 20:11 267,272 a------- c:\windows\system32\xactengine2_10.dll
2009-10-01 20:11 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2009-10-01 20:11 444,776 a------- c:\windows\system32\d3dx10_36.dll
2009-10-01 20:11 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2009-10-01 18:36 <DIR> --d----- c:\docume~1\xxx\applic~1\SEGA
2009-09-27 16:42 <DIR> --d----- c:\program files\PowerISO
2009-09-27 11:18 159,880 a------- c:\windows\system32\drivers\pctfw2.sys
2009-09-27 11:18 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-27 11:18 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-09-27 11:18 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-09-27 11:18 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-09-27 11:18 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-09-27 11:18 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-27 11:18 <DIR> --d----- c:\docume~1\xxx\applic~1\PC Tools
2009-09-27 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-27 00:17 32 a------- c:\windows\__$tofn$__
2009-09-27 00:13 <DIR> --d----- c:\program files\AdvancedDefrag
2009-09-25 22:09 <DIR> --d----- c:\program files\Eidos Interactive
2009-09-24 23:32 <DIR> --d----- c:\docume~1\xxx\applic~1\GameHouse
2009-09-23 20:24 86,094 a------- c:\windows\system32\ImageDrive.cpl
2009-09-22 23:41 156,995 a------- c:\windows\Toy Story 2 Uninstaller.exe
2009-09-22 23:40 <DIR> --d----- c:\program files\Toy Story 2
2009-09-21 23:23 278,984 a------- c:\windows\system32\drivers\atksgt.sys
2009-09-21 23:22 25,416 a------- c:\windows\system32\drivers\lirsgt.sys
2009-09-15 18:58 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-15 17:22 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-09-15 17:22 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-09-11 23:15 <DIR> --d----- c:\documents and settings\xxx\Graphisoft
2009-09-11 23:15 <DIR> --d----- c:\docume~1\xxx\applic~1\Graphisoft
2009-09-11 23:08 <DIR> --d----- c:\program files\WIBUKEY
2009-09-11 23:08 <DIR> --d----- c:\program files\WIBU-SYSTEMS
2009-09-11 23:07 7,310 a------- c:\windows\vpd.properties
2009-09-11 23:06 <DIR> --d----- c:\program files\Graphisoft
2009-09-11 23:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-11 19:25 <DIR> --d----- C:\Downloads
2009-09-11 15:47 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-11 15:34 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-11 15:34 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 15:33 <DIR> --d----- c:\program files\iPod
2009-09-11 15:33 <DIR> --d----- c:\program files\iTunes
2009-09-11 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-10-08 16:50 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-10-08 16:50 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-10-07 23:01 1,372,704 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-07 23:01 131,104 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-10-07 23:01 12,852 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-07 23:01 2,576 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-10-05 17:22 10,862 a------- c:\program files\hijackthis.log
2009-09-27 11:33 409,600 a------- c:\windows\system32\wrap_oal.dll
2009-09-27 11:33 114,688 a------- c:\windows\system32\OpenAL32.dll
2009-09-22 14:03 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-09-22 14:03 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-09-04 11:41 109,184 a---h--- c:\windows\system32\mlfcache.dat
2009-08-21 11:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 11:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 11:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-18 18:20 3,062,272 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 18:20 1,506,304 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 20:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-01-05 17:51 9,433,600 a------- c:\program files\GameShadow.msi
2009-01-05 17:50 3,584 a------- c:\program files\1033.MST
2005-12-24 18:04 532,480 a------- c:\program files\cwshredder.exe
2005-04-13 19:34 218,112 a------- c:\program files\HijackThis1991.exe
2003-03-28 11:16 266 ---sh--- c:\program files\desktop.ini
2003-03-28 11:16 11,079 ----h--- c:\program files\folder.htt

============= FINISH: 19:37:35.21 ===============

* Pokreni HijackThis
* Izaberi opciju "Do a system scan only"
* Stikliraj sledecu liniju:



Klikni "Fix checked"

Restartuj Kompjuter



nema potrebe da ponavljas skeniranje,resetuj ga sad...i odradi Fix za HJT ...dok ja pregledavam DDS log

///////////////////////////////////////////////

Iz nekog razloga DDS program nije izlistao Drajvere... postoji mogucnost da imas rootkit koji se "stitio"
Ponovo procitaj Top Temu "Upustva za koriscenje programa: HijackThis / ComboFix" i po uputstvu skeniraj sa Combofix-om.

Znaci:
1. Privremeno iskljuci AntiVirus
ako neznas kako...evo ga uputstvo:


2. Po uputstvu skini Combofix na Desktop i startuj ga. Postavi dobijeni log na forum.
(lokacija loga: C:\ComboFix.txt)

_{[Ovu poruku je menjao magna86 dana 08.10.2009. u 20:16 GMT+1]}

---

Popravio sam onu liniju kako si rekao.
Sada cu da odradim ostalo pa kacim log.

--------------------------------------

Neverovatno......ne umem da iskljucim Spyware Doctora.
* Click the Spyware Doctor icon in the System Tray.
* Click Settings.
* Click Startup Settings under Pick a Category.
* Uncheck "Run at Windows startup".
* Click Apply and Exit Spyware Doctor.
* From within Spyware Doctor, click the "OnGuard" button on the left side.
* Uncheck "Activate OnGuard".
* (When we are done, you can reenable Spyware Doctor)

Gde se nalazi: Startup Settings under Pick a Category.

_{[Ovu poruku je menjao grayzer01 dana 08.10.2009. u 21:35 GMT+1]}

preskoci ga,najbitnije je AntiVirus da iskljucis

---

Evo konacno ComboFix logfile

ComboFix 09-10-07.05 - xxx 10/08/2009 22:51.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.265 [GMT 2:00]
Running from: c:\documents and settings\xxx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\clofghls.dll
c:\windows\Installer\1d2f3.msi
c:\windows\start.exe
c:\windows\system32\Data
c:\windows\Web\default.htt

Infected copy of c:\windows\System32\Drivers\dtscsi.sys was found and disinfected
Kitty ate it :)
.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-05 18:28 . 2009-10-05 18:28 4096 ----a-w- c:\windows\d3dx.dat
2009-10-05 18:10 . 2009-10-05 18:10 -------- d-----w- c:\program files\PC Wizard 2007
2009-10-05 15:16 . 2009-10-05 15:16 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\Apple_Inc
2009-10-01 21:56 . 2009-10-01 21:56 -------- d-----w- c:\documents and settings\xxx\Application Data\Ice Age 2
2009-10-01 18:11 . 2007-10-22 01:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-10-01 18:11 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-10-01 18:11 . 2007-10-02 07:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-10-01 18:11 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-10-01 16:36 . 2009-10-01 16:36 -------- d-----w- c:\documents and settings\xxx\Application Data\SEGA
2009-09-27 14:42 . 2009-09-27 14:42 -------- d-----w- c:\program files\PowerISO
2009-09-27 09:18 . 2009-09-27 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-27 08:50 . 2009-09-27 08:50 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\Thinstall
2009-09-26 22:13 . 2009-09-26 22:13 -------- d-----w- c:\program files\AdvancedDefrag
2009-09-25 20:09 . 2009-09-25 20:09 -------- d-----w- c:\program files\Eidos Interactive
2009-09-24 21:32 . 2009-09-24 21:32 -------- d-----w- c:\documents and settings\xxx\Application Data\GameHouse
2009-09-22 21:41 . 2009-09-22 21:41 156995 ----a-w- c:\windows\Toy Story 2 Uninstaller.exe
2009-09-22 21:40 . 2009-09-22 21:40 -------- d-----w- c:\program files\Toy Story 2
2009-09-21 21:23 . 2009-09-21 21:23 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-09-21 21:22 . 2009-09-21 21:23 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-09-15 16:58 . 2009-09-15 16:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-15 15:36 . 2009-09-15 15:36 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-15 15:22 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-15 15:22 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-11 21:15 . 2009-09-11 21:15 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\Graphisoft
2009-09-11 21:15 . 2009-09-11 21:15 -------- d-----w- c:\documents and settings\xxx\Graphisoft
2009-09-11 21:15 . 2009-09-11 21:15 -------- d-----w- c:\documents and settings\xxx\Application Data\Graphisoft
2009-09-11 21:08 . 2007-05-09 09:00 516096 ----a-w- c:\windows\system32\WibuXpm4J32.dll
2009-09-11 21:08 . 2007-05-09 09:00 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2009-09-11 21:08 . 2007-05-09 09:00 348160 ----a-w- c:\windows\system32\WkExt32.dll
2009-09-11 21:08 . 2007-05-09 09:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2009-09-11 21:08 . 2007-05-09 09:00 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2009-09-11 21:08 . 2007-05-09 09:00 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2009-09-11 21:08 . 2007-05-09 09:00 159744 ----a-w- c:\windows\system32\WkWin32.dll
2009-09-11 21:08 . 2009-09-11 21:08 -------- d-----w- c:\program files\WIBUKEY
2009-09-11 21:08 . 2009-09-11 21:08 -------- d-----w- c:\program files\WIBU-SYSTEMS
2009-09-11 21:06 . 2009-09-11 21:06 -------- d-----w- c:\program files\Graphisoft
2009-09-11 21:04 . 2009-09-11 21:04 -------- d-----w- c:\program files\Java
2009-09-11 21:04 . 2009-09-11 21:04 -------- d-----w- c:\program files\Common Files\Java
2009-09-11 17:25 . 2009-09-11 17:25 -------- d-----w- C:\Downloads
2009-09-11 13:47 . 2009-09-11 13:48 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-11 13:34 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 13:34 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-11 13:33 . 2009-09-11 13:33 -------- d-----w- c:\program files\iPod
2009-09-11 13:33 . 2009-09-11 13:33 -------- d-----w- c:\program files\iTunes
2009-09-11 13:33 . 2009-09-11 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 13:30 . 2009-09-11 13:30 -------- d-----w- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 20:58 . 2009-07-11 18:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-08 20:58 . 2009-07-11 18:58 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-08 20:58 . 2008-12-24 17:16 2576 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-08 20:58 . 2008-12-24 17:16 1372704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-08 20:58 . 2008-12-24 17:16 131104 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-08 20:58 . 2008-12-24 17:16 12852 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-08 20:57 . 2009-07-11 22:32 836 ----a-w- c:\windows\bthservsdp.dat
2009-10-05 15:22 . 2009-10-05 15:22 10862 ----a-w- c:\program files\hijackthis.log
2009-09-27 09:33 . 2008-12-23 13:25 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-27 09:33 . 2008-12-23 13:25 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-22 12:03 . 2008-12-24 17:16 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-22 12:03 . 2008-12-24 17:16 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-06 12:27 . 2009-09-06 12:27 -------- d-----w- c:\program files\Srpski Recnik
2009-09-04 19:37 . 2009-09-04 19:37 -------- d-----w- c:\documents and settings\xxx\Application Data\PTGui
2009-09-04 09:41 . 2009-09-04 09:41 109184 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-04 09:19 . 2009-09-04 09:19 -------- d-----w- c:\program files\Safari
2009-09-04 09:18 . 2009-09-04 09:18 -------- d-----w- c:\program files\Bonjour
2009-09-03 13:15 . 2009-09-03 13:15 -------- d-----w- c:\program files\Tomb Raider - Anniversary
2009-08-15 20:22 . 2009-08-15 20:22 -------- d-----w- c:\program files\VersalSoft
2009-08-15 20:21 . 2009-08-15 20:21 -------- d-----w- c:\program files\Universal
2009-08-14 17:38 . 2006-08-14 13:48 132280 ----a-w- c:\documents and settings\xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 08:31 . 2009-08-14 08:30 -------- d-----w- c:\program files\MSBuild
2009-08-14 08:30 . 2009-08-14 08:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:24 . 2006-08-14 13:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-08-14 13:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-08-14 13:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-03-11 10:52 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-08-28 23:40 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-08-14 13:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2005-03-11 10:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2005-03-11 11:21 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2002-08-28 23:40 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2004-08-10 23:45 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-01-05 15:51 . 2009-01-05 15:51 9433600 ----a-w- c:\program files\GameShadow.msi
2009-01-05 15:50 . 2009-01-05 15:51 3584 ----a-w- c:\program files\1033.MST
2005-12-24 16:04 . 2006-01-20 10:36 532480 ----a-w- c:\program files\cwshredder.exe
2005-04-13 17:34 . 2005-05-12 13:59 218112 ----a-w- c:\program files\HijackThis1991.exe
2003-03-28 09:16 . 2003-03-28 09:16 11079 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2008-10-30 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-06-03 564496]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-15 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2007-12-04 1626112]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2005-05-03 64512]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\SYSTEM32\bthprops.cpl [2004-08-03 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\xxx\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-23 1205840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 00000000
"NoLogoff"= 01000000
"NoFavoritesMenu"= 01000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 00000000
"NoLogoff"= 01000000
"NoFavoritesMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2005-07-26 03:39 625152 ----a-w- c:\windows\SYSTEM32\catsrvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\HP1005MC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\dna\\btdna.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\SYSTEM32\DRIVERS\BtHidBus.sys [1/7/2009 23:39 20744]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\klbg.sys [1/29/2008 17:29 33808]
R0 ViBus;ViBus;c:\windows\SYSTEM32\DRIVERS\ViBus.sys [2/1/2008 13:33 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\SYSTEM32\DRIVERS\ViPrt.sys [2/1/2008 13:33 53248]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\SYSTEM32\DRIVERS\e4usbaw.sys [12/23/2008 14:55 104344]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\SYSTEM32\DRIVERS\klfltdev.sys [3/13/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [4/30/2008 17:06 24592]
S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys --> c:\windows\system32\DRIVERS\viasraid.sys [?]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\SYSTEM32\DRIVERS\e4ldr.sys [12/23/2008 14:55 69656]
S2 gupdate1c9d1b7480b420c;Google Update Service (gupdate1c9d1b7480b420c);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 23:35 133104]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\SYSTEM32\DRIVERS\btnetBus.sys [12/7/2008 12:44 30088]
S3 cpuz126;cpuz126;c:\program files\PC Wizard 2007\pcwiz32.sys [10/5/2009 20:10 7808]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\SYSTEM32\DRIVERS\IvtBtBus.sys [7/2/2008 14:58 26248]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 Cpl_hcrtrs;Cpl_hcrtrs; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\Uninstall Expiration Reminder.job
- c:\windows\System32\OOBE\oobebaln.exe [2005-03-11 22:56]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 21:35]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 21:35]

2009-09-26 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2009-10-08 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-20 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-01-11 13:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download with &DAP
IE: Dodaj u zaštitu od reklama - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\d9qnq4i5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\d9qnq4i5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 22:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\system32\CTsvcCDA.exe
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LOGISHRD\LVCOMSER\LVCOMSER.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\COMMON FILES\LOGISHRD\LVCOMSER\LVCOMSER.EXE
c:\windows\system32\wscntfy.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
.
**************************************************************************
.
Completion time: 2009-10-08 23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-08 21:03

Pre-Run: 10,988,732,416 bytes free
Post-Run: 10,931,322,880 bytes free

311 --- E O F --- 2009-09-18 18:55

Ovo izgleda OK... Tj. nevidim tragove malware-a,sto ce reci da problem nije prouzrokovan bilo kakvom infekcijom.

potrebno je UnInstalirati Combofix,a to radis ovako:
Start >> Run
otvorice ti se prozor,a tamo kopiraj ovo:

Ok



ono sto bi ti trebao da uradis jeste,da skines program
" Wise Registry Cleaner " ili " CCleaner " i skeniras registry ili cookies...
defragmentujes HDD,skini TuneUp Utilities ili jos bolje Sustem Mehanic...etc...

jos nesto...ti u startup-u imas boga i oca...uncekiraj sve sto ti netreba da se nedize sa sistemom (CCleaner ima tu opciju)
a mozes i tako sto ces ici na Start >> Run pa kucati msconfig i pod sturtub karticom uncekiraj sve sto netreba da se dize sa systemom,prelistaj i uninstaliraj nepotrebne programe..etc...

a odradi i ovo:
Skini Registry File koji sam ti prikacio uz poruku,pokreni ga dvoklikom,na pitanje odgovori na Yes i restartuj kompjuter.

_{[Ovu poruku je menjao magna86 dana 09.10.2009. u 00:20 GMT+1]}

---

Hvala ti prijatelju.
Da li je potrebno ponovo raditi scan HijackThis-om?