Inficiran Windows 98!P2P

Pozdrav svima.Da predjem odmah na stvar.Cale me je zamolio da mu malo sredim komp,masina je stara ali mu I dalje radi(Pentium II),pa sam prvo ugradio NOD32 kako bih ga ocistio od virusa.Nasao je sledece:


application Win32/Adware.P2PNet found in operating memory.System memory infection originated from file : C:\WINDOWS\SYSTEM\P2PNet~1\P2PNET~1.EXE
C:\WINDOWS\gystsk.txt - Win32/StartPage.NEW Trojan
C:\WINDOWS\SYSTEM\wtdnn.dll - Win32/StartPage.NEW Trojan
C:\WINDOWS\SYSTEM\P2PNetworking v126.cpl - Win32/Adware.P2PNNet application
C:\WINDOWS\SYSTEM\svcia32.dll - probably variant of Win32/Dialer.Egroup application
C:\WINDOWS\SYSTEM\P2PNetworking\MARSHALL.dll - Win32/Adware.P2PNet application
C:\WINDOWS\SYSTEM\P2PNetworking\P2PNetworking.exe - Win32/Adware.p2pnet application
C:\WINDOWS\TEMP\uninstall.exe - Win32/TrojanDownloader.IstBar.GI Trojan
C:\WINDOWS\TEMP\p2psetup.exe - Win32/Adware.p2pnet application
C:\WINDOWS\TEMP\asmfiles.cab>CAB>asm.exe - Win32/Adware.Altnet application
C:\WINDOWS\TEMP\asmfiles.cab>CAB>asmps.dll -Win32/Adware.Altnet application
C:\WINDOWS\TEMP\WSNINST.exe - Win32/Adware.WhenUvvsn application
C:\WINDOWS\Downloaded Program Files\WebP2PInstaler.dll - Win32/Adware.P2PNet application

Nasao je inficiran P2P Networking.exe ali ne moze da ga obrise posto se nalazi u opertivnoj memoriji tako mi barem pise , inace nesto ne moze da obrise,nesto moze,a da ih ocisti ne moze nikako.Da li smem da brisem ove fajlove iz Windowsa? Da li bi trebalo da napravim backup?
Koliko ovo izgleda ozbiljno?
Posto stvarno nisam neki strucnjak a ne bih da nesto zabrljam, molim vas pomozite.

Skinite program HijackThis.
Kada ga preuzmete, preimenujte fajl u bilo sta, npr. “destruct0.exe”. Pokrenite ga i kliknite “Do a system scan and save a logfile”. Taj log iskopirajte ovde.

P.S. Nisam siguran, ali mislim da sve te fajlove mozete obrisati.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:35 PM, on 29/05/2009
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\USB MEMORY BAR\DISKICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\DESKTOP\CISTAC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {701BD501-6F2B-11DA-9A0E-44450DAD4BA1} - blank (file missing)
O2 - BHO: Class - {77C394B2-8756-A4B7-D790-69CC6A75E989} - blank (file missing)
O2 - BHO: Class - {41C78D23-63EE-CC67-1489-10FB9CB6F38B} - blank (file missing)
O2 - BHO: Class - {CE649815-F71C-624D-A1D5-7316D24CA263} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [DiskIcon] C:\Program Files\USB MEMORY BAR\diskicon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [MSRH.EXE] C:\WINDOWS\SYSTEM\MSRH.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [RegistryHelpMate.exe] C:\Program Files\Registry HelpMate\RegistryHelpMate.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [WINEK32.EXE] C:\WINDOWS\SYSTEM\WINEK32.EXE /s
O4 - HKLM\..\RunServices: [APIUP32.EXE] C:\WINDOWS\APIUP32.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf&rank=3&source=AstWebSearch&searchType=MS&partner=Google&query=Na+Drini+cuprija: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

--
End of file - 5536 bytes

Stiklirajte sledece objekte i kliknite “Fix checked”
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {701BD501-6F2B-11DA-9A0E-44450DAD4BA1} - blank (file missing)
O2 - BHO: Class - {77C394B2-8756-A4B7-D790-69CC6A75E989} - blank (file missing)
O2 - BHO: Class - {41C78D23-63EE-CC67-1489-10FB9CB6F38B} - blank (file missing)
O2 - BHO: Class - {CE649815-F71C-624D-A1D5-7316D24CA263} - blank (file missing)
O4 - HKLM\..\Run: [DiskIcon] C:\Program Files\USB MEMORY BAR\diskicon.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [MSRH.EXE] C:\WINDOWS\SYSTEM\MSRH.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [RegistryHelpMate.exe] C:\Program Files\Registry HelpMate\RegistryHelpMate.exe
O4 - HKLM\..\RunServices: [WINEK32.EXE] C:\WINDOWS\SYSTEM\WINEK32.EXE /s
O4 - HKLM\..\RunServices: [APIUP32.EXE] C:\WINDOWS\APIUP32.EXE /s
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Posle toga restartujte kompjuter i napravite novi log.

Ako mozete fajlove
C:\PROGRAM FILES\USB MEMORY BAR\DISKICON.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\Program Files\WinHound\WinHound.exe
C:\WINDOWS\SYSTEM\MSRH.EXE
C:\Program Files\Registry HelpMate\RegistryHelpMate.exe
C:\WINDOWS\SYSTEM\WINEK32.EXE
C:\WINDOWS\APIUP32.EXE
da zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujete na Rapidshare i posaljete mi link preko PP.

Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u(dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira(to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning(izgleda kao Play dugme).
Moram da vas upozorim da kompletno skeniranje moze da potraje nekoliko sati!

Pokazite log CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\

Evo ga i log,a uskoro saljem fajlove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:59 PM, on 30/05/2009
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\DESKTOP\CISTAC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf&rank=3&source=AstWebSearch&searchType=MS&partner=Google&query=Na+Drini+cuprija: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted IP range: 67.19.185.246

--
End of file - 4095 bytes

Kako vam se cini?

Trebalo bi da je sve ok, samo jos jedna stvar....
Stiklirajte i kliknite “Fix checked”
O15 - Trusted IP range: 67.19.185.246

Posle toga skenirajte Dr.Web CureIt!-om u Safe Mode-u.

Nisam nikako uspeo da nadjem ove fajlove u kompjuteru:

C:\Program Files\WinHound\WinHound.exe
C:\WINDOWS\SYSTEM\MSRH.EXE
C:\Program Files\Registry HelpMate\RegistryHelpMate.exe
C:\WINDOWS\SYSTEM\WINEK32.EXE
C:\WINDOWS\APIUP32.EXE

Ukljucio sam i da mi se vide skriveni fajlovi,medjutim ni traga od njih,trazio sam i na opciji Run,Find,jednostavno ih nema.

A ne mogu da posaljem ova 2 fajla preko PP jer sam se registrovao juce a potrebno mi je da budem clan 7 dana da bih poslao poruku,jedino da mi ostavite mail pa na njega da posaljem.

Uradio sam ponovo Log i evo sta sam dobio:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:34 PM, on 30/05/2009
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\CISTAC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wtdnn.dll/sp.html#83556%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf&rank=3&source=AstWebSearch&searchType=MS&partner=Google&query=Na+Drini+cuprija: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted IP range: 67.19.185.246

--
End of file - 3940 bytes


Takodje sam uradio sa Dr.Web-om evo sta je nasao :


AVP_CURE.AVP;C:\;BAT.Generic.105;Deleted.;
InstallAVv_880865.exe;C:\;Probably Trojan.Packed.189;;
gystsk.txt;C:\WINDOWS;Adware.Lsearch;;
KB908358.exe;C:\WINDOWS;BackDoor.IRC.Nite.18;Deleted.;
KB908849.exe;C:\WINDOWS;Trojan.MulDrop.17530;Deleted.;
KB908975.exe;C:\WINDOWS;BackDoor.Bulknet.223;Deleted.;
KB908853.exe;C:\WINDOWS;Trojan.MulDrop.17530;Deleted.;
KB908803.exe;C:\WINDOWS;BackDoor.Bulknet.223;Deleted.;
KB908237.exe;C:\WINDOWS;BackDoor.Bulknet.233;Deleted.;
KB908723.exe;C:\WINDOWS;BackDoor.Bulknet.233;Deleted.;
KB908689.exe;C:\WINDOWS;BackDoor.Bulknet.237;Deleted.;
KB908477.exe;C:\WINDOWS;Win32.HLLW.Autoruner.2634;Deleted.;
wtdnn.dll;C:\WINDOWS\SYSTEM;Adware.Lsearch;;
svcia32.dll;C:\WINDOWS\SYSTEM;Dialer.Egroup;Deleted.;
P2P Networking.exe\data001;C:\WINDOWS\SYSTEM\P2P Networking\P2P Networking.exe;Adware.PeerNet;;
P2P Networking.exe;C:\WINDOWS\SYSTEM\P2P Networking;Container contains infected objects;Moved.;
uninstall.exe;C:\WINDOWS\TEMP;Adware.PowerScan;;
p2psetup.exe\data001;C:\WINDOWS\TEMP\p2psetup.exe;Adware.PeerNet;;
p2psetup.exe;C:\WINDOWS\TEMP;Container contains infected objects;Moved.;
VVSNInst.exe;C:\WINDOWS\TEMP;Adware.SaveNow;;
P2P Networking.exe\data001;C:\WINDOWS\Desktop\P2P Networking.exe;Adware.PeerNet;;
P2P Networking.exe;C:\WINDOWS\Desktop;Container contains infected objects;Moved.;
backup-20090530-125858-511.dll;C:\WINDOWS\Desktop\backups;Adware.PeerNet;;

Izbrisao sam jos neke fajlove posto sam zapamtio ovaj log,mislim da samo jedan nije uspeo ni da se obrise ni da ga clean-uje,u pitanju je neki od ovih Adware-a.

Kako cu biti siguran da li sam sve ocistio?Jel potrebno jos nesto da uradim?