[ NIKSICKO_PIVO @ 21.01.2008. 14:47 ] @
imam jedan problem izgleda da mi je uletio neki virus i sad ne mogu da instaliram ni jedan antivirusni program
imao sam zone alarm ali izgleda da nije funkcionisao! kad ocu da otvorim neku web stranicu iskoci mi u donjem desnom uglu kao obavestenje da ako otvorim stranicu moze da mi uleti virus i onda mi zakoci i ne mogu da udjem ni na jedan veb sajt
sta da radim
dali neko zna o cemu se radi i dali bih mogao rucno da maknem to i racunara bez antivirusa
da obrisem taj fajl koji je napao virus ako nije sistemski i dali bih mogao da instaliram antivirus u safe modu?
ne smijem da formatiram disk jer se radi o racunaru koji mi je na posao a na njega su neke kamere pa se bojim da ne sjeebem nesto
pomagajteeee
[ Binary Mind @ 21.01.2008. 17:39 ] @
Skini neki rootkit alat poput Rootkit Revealer-a i proskeniraj. Takodje okachi HiJackThis! log. Mislim da se radi o kombinaciji trojanaca i rootkit-ova.
[ NIKSICKO_PIVO @ 21.01.2008. 18:08 ] @
sta znaci hijack ? jeli to isto neki program?
[ laki_srt @ 21.01.2008. 19:02 ] @
Da to je program koji ce da vidi procese na tvom racunaru,skeniras i posle toga save log file i onda ostavis taj log fajl na forumu. Da ne moras traziti evo ti prikacio sam uz poruku HijackThis 2.
[ NIKSICKO_PIVO @ 22.01.2008. 11:36 ] @
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34:46 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Software Tools\DS-IRECClient\DS-IRECClient.exe
C:\WINDOWS\system32\wgp.exe
C:\Documents and Settings\ddd\Application Data\m\flec006.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ddd\My Documents\zmaj\My Pictures\slike\RootkitRevealer.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\QNGQNSW.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3251FBC9-A99D-410F-8AB2-89F6DFD074EB} - C:\WINDOWS\system32\dfrgu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QNGQNSW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\QNGQNSW.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5124 bytes
[ Binary Mind @ 22.01.2008. 16:21 ] @
I ti si zakacio trojanace (Trojan.Lodeight.C. i Trojan-Spy.Win32.BZub.btx).

Skini ovo: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

i pokreni ga duplim klikom. Prati promptove i posle skeniranja log ce biti napravljen koji bi mogao da okacis zajedno sa novim HJT! logom pa cemo onda dalje da vidimo sta valja ciniti. Dok skenira Combofix ne pomeraj misa i ne radi nista sa racunarom.





[ NIKSICKO_PIVO @ 23.01.2008. 14:32 ] @
ComboFix 08-01-23.2 - ddd 2008-01-23 15:20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.164 [GMT 1:00]
Running from: C:\Documents and Settings\ddd\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\LEGACY_TLRLKINA
-------\srosa
-------\tlrlkina


((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 15:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:00 . 2008-01-22 09:03 10,485,760 --a------ C:\WINDOWS\system32\cxl1705
2008-01-22 08:57 . 2008-01-22 12:27 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-22 08:57 . 2008-01-22 09:04 920 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-21 22:54 . 2008-01-21 22:55 <DIR> d-------- C:\Program Files\Wormux 0.7
2008-01-21 22:50 . 2008-01-21 22:50 <DIR> d-------- C:\Programas
2008-01-21 21:08 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-01-21 21:08 . 2008-01-21 21:08 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-01-21 19:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-21 15:55 . 2008-01-21 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 15:55 . 2008-01-21 15:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 15:55 . 2008-01-21 15:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 15:55 . 2008-01-21 15:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 14:55 . 2008-01-21 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-20 14:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 14:55 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 14:55 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 14:55 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-19 09:26 . 2008-01-22 10:58 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-19 07:26 . 2006-01-18 03:01 827,442 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-19 07:21 . 2008-01-22 11:04 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-19 07:13 . 2006-10-07 17:31 221,184 --a------ C:\WINDOWS\system32\rspencr330.ocx
2008-01-19 07:07 . 2008-01-23 15:27 448,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 07:07 . 2008-01-23 15:26 8,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 07:03 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-07 16:56 . 2008-01-07 17:35 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:10 --------- d-----w C:\Program Files\Folder Lock
2008-01-21 15:16 --------- d-----w C:\Program Files\MediaMonkey
2008-01-21 15:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 13:33 --------- d-----w C:\Program Files\Google
2008-01-19 07:28 --------- d-----w C:\Program Files\eMule
2007-12-20 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 12:01 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-01 16:45 --------- d-----w C:\Program Files\janusware
2007-11-30 19:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-30 19:57 --------- d-----w C:\Program Files\Nokia
2007-11-30 19:57 --------- d-----w C:\Program Files\DIFX
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-26 18:37 --------- d-----w C:\Program Files\MP3Gain
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-24 10:30 512 ----a-w C:\ScanSectorLog.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="C:\Documents and Settings\ddd\Application Data\m\flec006.exe" [2008-01-22 10:58 96260]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Chat AutoStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
backup=C:\WINDOWS\pss\Network Chat AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ddd^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\ddd\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
--a------ 2004-08-04 00:56 208896 C:\WINDOWS\inf\unregmp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-11-09 13:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-01-18 03:01 827442 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-01-23 15:20 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
S3 BSJYS;BSJYS;C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe [2008-01-21 19:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 20:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 15:27:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************
.
[ NIKSICKO_PIVO @ 23.01.2008. 14:40 ] @
HKU\.DEFAULT\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-21-1292428093-113007714-1417001333-1003\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-21-1292428093-113007714-1417001333-1003\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 2007-06-27 20:31 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2007-06-27 20:31 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 2008-01-23 15:32 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 2008-01-23 15:32 4 bytes Data mismatch between Windows API and raw hive data.
C: 1601-01-01 01:00 0 bytes Error mounting volume
[ NIKSICKO_PIVO @ 23.01.2008. 14:41 ] @
eto izbacio sam prvi log iz combofixa a drugi je rotkit

kako ti se cini_?
[ NIKSICKO_PIVO @ 23.01.2008. 15:54 ] @
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:54, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Documents and Settings\ddd\Application Data\m\flec006.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ddd\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4757 bytes
[ Binary Mind @ 23.01.2008. 18:31 ] @
Combofix je odradio svoje i vidim jos trojanaca Nema rootkitova. E sad ovo treba rucno da odstranis (probaj da ubijes proces u Task Manager-u i potom da rucno odstanis fajl a mozda i ceo folder):

Code:

C:\Documents and Settings\ddd\Application Data\m\flec006.exe


A ovo treba da stikliras i obrises pomocu HiJackThis!-a (Fix Checked):

Code:

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ddd\Application Data\m\flec006.exe


Takodje povedi racuna o putanji:

Code:

C:\WINDOWS\system32\wintems.exe


Mislim da je taj fajl trebao da obrise combofix ali ako nije trebas taj fajl rucno obrisati...

Ako bude jos problema vici.


[ Binary Mind @ 23.01.2008. 19:16 ] @
... kada sve odradis ili probas da odradis kako sam napisao ponovo proskeniraj combofixom, okachi novi log. Isto uradi i sa HiJackThis-om.
[ NIKSICKO_PIVO @ 23.01.2008. 20:01 ] @
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:01, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4623 bytes
[ Binary Mind @ 23.01.2008. 20:43 ] @
Kako se sad racunar ponasa? Po logovima bi trebalo da je sve uredu.
[ NIKSICKO_PIVO @ 23.01.2008. 22:53 ] @
ponasa se super normalno se kaci na net i otvara sve super uspio sam da instaliram neke programe koje nisam mogao ali ne mogu da instaliram nod antivirus iskoci mi poruka da neki servis nece da se starrtuje
posle svega ovoga sto si mi ti rekao da uradim instalirao sam spywaredoctor i nasao mi je neke viruse i jednog trojanca koji se zove email
kako da instaliram nod?
hvala ti puno sto si mi pomogao spasio si me brate :)
[ Binary Mind @ 23.01.2008. 23:04 ] @
Ja sam gledao aktivnu gamad. Ovi ostali programi su nasli gamad koja cuci u potaji

Moras mi reci tacnu gresku koju NOD javlaja. Da li si probao da instaliras neki drugi antivirusni program poput Avasta, Kasperskog, AVG itd.?

[ NIKSICKO_PIVO @ 24.01.2008. 15:22 ] @
pisalo mi je kao servis (eknr) no star instalation filed tako nesto
__???
[ Binary Mind @ 24.01.2008. 16:55 ] @
Hajde vidi da li su slucajno sledeci fajlovi ostali u C:\Windows\system32 i C:\Windows\system32\drivers:

Code:

C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe


ako jesu makni ih rucno i onda probaj da instaliras NOD... Ova 4 fajla su inace ostaci 2 trojanca koje si imao a bilo ih je i vise nego ona 2 koje sam naveo na pocetku.


Takodje obrishi sledece u registry ako postoji:

Code:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 
"drvsyskit" = "%System%\drivers\hidr.exe"


Jedan od ovih trojanace je, kako sam rekao, kombinacija trojanca i rootkita i zato imas problem pri instalaciji antivirusnih programa.

[Ovu poruku je menjao Binary Mind dana 24.01.2008. u 18:34 GMT+1]
[ NIKSICKO_PIVO @ 26.01.2008. 19:13 ] @
brate sve sam napravio hvala ti puno
[ mister Mrva @ 13.02.2008. 01:37 ] @
I ja sam danas, tj već juče, zakačio nešto slično. Kaspersky IS 7 ne mogu da pokrenem
već izbaci poruku avp.exe is not a valid Win32 application. Nisam mogao da uđem u safe mod
ali sam to sredio SafeBootKeyRepair-CF-om. Pomoću HirenBoot CD-a sa obrisao C:\WINDOWS\system32\drivers\hldrrr.exe.
HijackThis neće nikako da se pokrene, ComboFix kao odradi posao i obriše srosa.sys evo šta kaže ComboFix.txt
Code:

ComboFix 08-02-13.2 - Petar 2008-02-13  2:01:36.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.802 [GMT 1:00]
Running from: c:\Downloads\Combo-Fix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

    Unable to gain System Privileges

kao i ComboDel.txt:
Code:
Files to Move:
C:\WINDOWS\system32\drivers\srosa.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir
C:\WINDOWS\system32\drivers\srosa.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir


DDS (Deckard System Scanner) logovi:
Main
Code:
Deckard's System Scanner v20071014.68
Run by Petar on 2008-02-13 01:24:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-13 00:24:38 UTC - RP104 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-13 01:28:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\TaskSwitch.exe
C:\Program Files\ATITool\ATITool.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\RasLogger\RasLogger3\RasLogger3.exe
C:\WINDOWS\system32\msiexec.exe
C:\Downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinAlarm] C:\Program Files\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: The RAS Logger System.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save page with WinMHT... - C:\Program Files\WinMHT\iewmht0.htm
O8 - Extra context menu item: Save selection with WinMHT... - C:\Program Files\WinMHT\iewmht2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O10 - Broken Internet access because of LSP provider 'c:\Program Files\Bonjour\mdnsNSP.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{579CC83D-7F7F-44DE-9B68-93859ABBBE63}: NameServer = 213.244.255.2 213.244.255.3
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


--
End of file - 9024 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].hlp - ABC Amber HLP Converter for HLP - DefaultIcon - unable to read value[/COLOR]
[COLOR=red].hlp - ABC Amber HLP Converter for HLP - shell\open\command - unable to read value[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys
R1 IfsDrives - c:\windows\system32\drivers\ifsdrives.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 MMK_NTD - c:\windows\system32\drivers\mmk_ntd.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 nxsIO32 (NextSensor Kernel I/O Driver) - c:\windows\system32\drivers\nxsio32.sys
R2 P1C1394 (Phase One 1394 Camera Driver) - c:\windows\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
R3 Intels51 (Intel(R) 536EP Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>

S3 catchme - c:\docume~1\petar\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NMIndexingService - 
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 hpdj - 


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&23581523&1&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&23581523&1&00
Service: NVENETFD


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 00:56:51         0 d-------- C:\Combo-Fix
2008-02-13 00:44:44     68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-13 00:44:44     98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-13 00:44:44     80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-13 00:44:44     73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 00:44:43     53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-12 23:15:32         0 d-------- C:\VundoFix Backups
2008-02-12 22:41:32     14528 -----n--- C:\WINDOWS\system32\drivers\MMK_NTD.SYS <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-02-12 22:41:23         0 d-------- C:\Program Files\LEAP
2008-02-12 22:40:11         0 d-------- C:\Program Files\Luxor
2008-02-12 22:37:46         0 d-------- C:\Program Files\ReflexiveArcade
2008-02-12 22:22:16         0 d-------- C:\Film za snimanje
2008-02-12 22:17:34      1226 --a------ C:\WINDOWS\mozver.dat
2008-02-12 15:13:18         0 d-------- C:\Flash disk
2008-02-11 18:13:16    413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-02-11 18:13:16    110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-02-11 18:13:16         0 d-------- C:\Program Files\OpenAL
2008-02-11 18:13:16         0 d-------- C:\Program Files\Eidos
2008-02-11 18:12:04         0 d-------- C:\WINDOWS\system32\xlive
2008-02-09 22:47:31         0 d-------- C:\WINDOWS\Caps
2008-02-09 17:31:51         0 --a------ C:\WINDOWS\nsreg.dat
2008-02-09 17:31:47         0 d-------- C:\Documents and Settings\Petar\Application Data\Mozilla
2008-02-09 16:58:35         0 d-------- C:\Program Files\RSSoft
2008-02-09 16:33:56         0 d-------- C:\Program Files\Common Files\Akamai
2008-02-08 22:56:42    162304 -----n--- C:\WINDOWS\UNWISE.EXE
2008-02-05 19:31:42         0 d-------- C:\Program Files\Futuremark
2008-02-05 19:31:33         0 d-------- C:\Documents and Settings\Petar\Application Data\Microsoft Games
2008-02-05 19:31:30         0 d-------- C:\Program Files\Microsoft Games
2008-02-05 19:31:11         0 dr-h----- C:\Documents and Settings\Petar\Recent
2008-02-05 12:34:25         0 d-------- C:\Program Files\Universal Extractor
2008-02-03 14:48:47         0 d-------- C:\Bane
2008-02-02 22:15:45    229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-02-02 21:40:21         0 d-------- C:\Program Files\PowerISO
2008-02-02 20:15:01     77824 --a------ C:\WINDOWS\system32\ODBCTL32.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-02-02 20:15:01    251664 --a------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:15:01   1045776 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:15:00    407312 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-02 20:15:00     24336 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:15:00     37136 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:14:59         0 d-------- C:\Program Files\HT Audio
2008-02-02 20:13:37    304128 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-02 20:00:00         0 d-------- C:\Documents and Settings\Petar\Application Data\PTGui Pro
2008-02-01 15:38:30    398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-02-01 15:38:30     95200 --a------ C:\WINDOWS\system\VBDB300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-02-01 15:38:30    994496 --a------ C:\WINDOWS\system\MSAJT200.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-01 15:38:30     17440 --a------ C:\WINDOWS\system\MSAJT112.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-01 15:38:30     33280 --a------ C:\WINDOWS\system\MSAES110.DLL <Not Verified; Microsoft Corp.; Microsoft Access>
2008-02-01 15:38:30        34 --a------ C:\WINDOWS\SS2.REG
2008-02-01 15:38:30        34 --a------ C:\WINDOWS\SS1.REG
2008-01-25 23:06:54         0 d-------- C:\Documents and Settings\Petar\Application Data\Bioshock
2008-01-25 23:06:50         0 dr-h----- C:\Documents and Settings\Petar\Application Data\SecuROM
2008-01-25 22:53:30    200704 --a------ C:\WINDOWS\system32\IfsDrives.dll <Not Verified; Stephan Schreiber; IFS for Windows>
2008-01-25 22:53:30      4608 --a------ C:\WINDOWS\system32\drivers\IfsDrives.sys
2008-01-25 22:53:30    132736 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2008-01-25 01:57:41         0 d-------- C:\Program Files\digestIT 2004
2008-01-23 17:18:18         0 d-------- C:\Program Files\UltraISO
2008-01-23 00:24:29         0 d-------- C:\Program Files\Electronic Arts
2008-01-22 23:07:10         0 d--hs---- C:\WINDOWS\ftpcache
2008-01-20 20:37:34         0 d-------- C:\Program Files\MediaMonkey
2008-01-20 19:31:09         0 d-------- C:\Documents and Settings\Petar\Application Data\Digital Film Tools
2008-01-20 19:29:09         0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2008-01-20 08:07:58     33292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-01-19 23:36:10         0 d-------- C:\Documents and Settings\Petar\Application Data\Imagenomic
2008-01-19 22:47:35         0 d-------- C:\Documents and Settings\Petar\Application Data\Mask Pro 4.0
2008-01-19 22:37:20         0 d-------- C:\Documents and Settings\Petar\Application Data\Alien Skin
2008-01-19 17:25:32    352256 --a------ C:\WINDOWS\esellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-01-19 17:16:25         0 d-------- C:\Program Files\Imagenomic
2008-01-19 16:54:47    146650 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2008-01-19 16:54:47         0 d-------- C:\Program Files\Curvemeister.com
2008-01-19 16:53:00         0 d-------- C:\Program Files\BWStyler
2008-01-19 16:43:51         0 d-------- C:\Program Files\Alien Skin
2008-01-19 16:36:42         0 d-------- C:\Program Files\Albatross
2008-01-19 16:23:16     90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-01-19 16:21:13    227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2008-01-19 16:21:13         0 d-------- C:\Program Files\Common Files\onOne Software Shared
2008-01-19 16:20:39         0 d-------- C:\Documents and Settings\Petar\Application Data\onOne Software
2008-01-19 16:18:32         0 d-------- C:\Program Files\onOne Software
2008-01-19 16:17:10        19 --ah----- C:\WINDOWS\system32\ezirioMeD4
2008-01-19 16:16:46     23168 --a------ C:\WINDOWS\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
2008-01-19 16:16:36         0 d-------- C:\Program Files\Phase One
2008-01-17 15:41:02         0 d-------- C:\Documents and Settings\Petar\Application Data\Nokia Multimedia Player
2008-01-15 22:21:47         0 d-------- C:\Program Files\WinHex
2008-01-14 17:14:58         0 d-------- C:\Program Files\Romain's Software


-- Find3M Report ---------------------------------------------------------------

2008-02-13 00:47:37         0 d-------- C:\Documents and Settings\Petar\Application Data\MxBoost
2008-02-13 00:46:25         0 d-------- C:\Program Files\GetRight
2008-02-12 22:30:42         0 d-------- C:\Documents and Settings\Petar\Application Data\The Bat!
2008-02-12 11:39:41         0 d-------- C:\Program Files\Common Files
2008-02-10 09:19:01         0 d-------- C:\Documents and Settings\Petar\Application Data\WinAlarm
2008-02-09 17:03:46         0 d-------- C:\Documents and Settings\Petar\Application Data\uTorrent
2008-02-02 23:04:19         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-22 22:39:14         0 d-------- C:\Program Files\totalcmd
2008-01-19 17:16:14      1336 --a------ C:\Program Files\INSTALL.LOG
2008-01-19 15:19:35         0 d-------- C:\Program Files\The Bat!
2008-01-15 20:17:06      1128 --a------ C:\Documents and Settings\Petar\Application Data\NMM-MetaData.db
2008-01-14 16:44:55         0 d-------- C:\Documents and Settings\Petar\Application Data\Apple Computer
2008-01-14 15:25:22         0 d-------- C:\Program Files\AlbumArtDownloader
2008-01-13 19:50:57         0 d-------- C:\Documents and Settings\Petar\Application Data\dBpoweramp
2008-01-13 19:46:11         0 d-------- C:\Documents and Settings\Petar\Application Data\AccurateRip
2008-01-12 20:58:05         0 d-------- C:\Program Files\Canon
2008-01-12 20:58:03         0 d-------- C:\Program Files\Common Files\Canon
2008-01-12 16:24:31         0 d-------- C:\Documents and Settings\Petar\Application Data\ABBYY
2008-01-08 18:22:57      2942 --a------ C:\Documents and Settings\Petar\Application Data\prio.ini
2008-01-08 17:57:23         0 d-------- C:\Program Files\Java
2008-01-07 22:49:44         0 d-------- C:\Program Files\Nokia
2008-01-07 22:49:44         0 d-------- C:\Program Files\Common Files\Nokia
2008-01-07 22:46:24         0 d-------- C:\Program Files\DIFX
2008-01-07 22:46:23         0 d-------- C:\Documents and Settings\Petar\Application Data\Nokia
2008-01-07 22:46:06         0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-07 22:45:57         0 d-------- C:\Documents and Settings\Petar\Application Data\PC Suite
2008-01-07 22:45:55         0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-07 22:29:18         0 d-------- C:\Program Files\Paragon Software
2008-01-07 22:17:31         0 d-------- C:\Program Files\TagRename
2008-01-06 12:58:59         0 d-------- C:\Documents and Settings\Petar\Application Data\Adobe
2007-12-28 22:33:40         0 d-------- C:\Documents and Settings\Petar\Application Data\MiniLyrics
2007-12-27 19:22:08         0 d-------- C:\Documents and Settings\Petar\Application Data\vlc
2007-12-27 19:20:46         0 d-------- C:\Program Files\VideoLAN
2007-12-27 19:16:26         0 d-------- C:\Program Files\Alcohol Soft
2007-12-27 19:10:33         0 d-------- C:\Documents and Settings\Petar\Application Data\Maxthon2
2007-12-27 11:23:14         0 d-------- C:\Documents and Settings\Petar\Application Data\Vso
2007-12-27 11:23:13     47360 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-27 11:23:13        33 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.log
2007-12-27 11:23:13      1144 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.inf
2007-12-27 11:23:13      7887 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.cat
2007-12-24 21:57:37         0 d-------- C:\Documents and Settings\Petar\Application Data\DVDFab
2007-12-24 21:52:19         0 d-------- C:\Program Files\The KMPlayer
2007-12-24 21:46:46         0 d-------- C:\Program Files\Analog Devices
2007-12-24 21:41:46         0 d-------- C:\Program Files\ffdshow
2007-12-24 21:32:03         0 d-------- C:\Program Files\Minilyrics
2007-12-19 14:42:47         0 d-------- C:\Program Files\Intelore
2007-12-17 00:14:09         0 d-------- C:\Documents and Settings\Petar\Application Data\Intelore
2007-12-16 13:27:10         0 d-------- C:\Documents and Settings\Petar\Application Data\UpdateStar
2007-12-08 01:06:20       274 --a------ C:\Documents and Settings\Petar\Application Data\ex_log.txt
2007-12-03 16:34:26      7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-29 12:52:32     60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAlarm"="C:\Program Files\WinAlarm\WinAlarm.exe" [2004-04-02 06:03]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 20:12]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2006-02-22 01:05]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2007-04-24 20:31]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-13 01:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-27 02:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Petar\Start Menu\Programs\Startup\
The RAS Logger System.lnk - C:\Documents and Settings\Petar\Application Data\Microsoft\Installer\{6D2E7D97-77E7-487B-9466-5233916ADB49}\_26e91eb.exe [2007-11-06 11:48:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-05 00:49:13]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-10-05 01:00:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qshelf.lnk]
backup=C:\WINDOWS\pss\Qshelf.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Petar^Start Menu^Programs^Startup^Anapod Manager.lnk]
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    Akamai


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{358fb807-7900-11dc-9c8f-c28f287c6bfd}]
AutoRun\command- H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36ce64c0-a403-11dc-80fe-c929521e7eb4}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36ce64c2-a403-11dc-80fe-c929521e7eb4}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a03bf5de-c7f6-11dc-a23f-b1bcf80735e8}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b72f899a-b4a7-11dc-8132-d6a2c3cd9bb5}]
AutoRun\command- H:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com
127.255.255.255 serial.alcohol-soft.com


-- End of Deckard's System Scanner: finished at 2008-02-13 01:29:02 ------------


...
[ mister Mrva @ 13.02.2008. 01:45 ] @
...i Extra log:
Code:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1022.42 MiB / 647.21 MiB
Pagefile Memory (total/avail): 2458.36 MiB / 2225.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 40.04 GiB total, 9.59 GiB free. 
D: is Fixed (NTFS) - 29.29 GiB total, 1.71 GiB free. 
E: is Fixed (NTFS) - 51.69 GiB total, 0.59 GiB free. 
F: is Fixed (NTFS) - 111.87 GiB total, 1.25 GiB free. 
G: is CDROM (No Media)
H: is CDROM (CDFS)
I: is CDROM (No Media)
K: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.88 GiB - 4 partitions
  \PARTITION0 (bootable) - Installable File System - 40.04 GiB - C:
  \PARTITION1 - Installable File System - 29.29 GiB - D:
  \PARTITION2 - Installable File System - 51.69 GiB - E:
  \PARTITION3 - Installable File System - 111.87 GiB - F:

\\.\PHYSICALDRIVE1 - Multi Flash Reader USB Device - 1961.06 MiB - 1 partition
  \PARTITION0 - MS-DOS V4 Huge - 1962.38 MiB - K:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) [COLOR=RED]Disabled[/COLOR]
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Petar\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
COMMANDER_DRIVE=C:
COMMANDER_INI=C:\WINDOWS\WINCMD.INI
COMMANDER_PATH=C:\Program Files\totalcmd
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPANY-31E9880
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Petar
LOGONSERVER=\\COMPANY-31E9880
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\PROGRA~1\DISKEE~1\DISKEE~1;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Universal Extractor\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Petar\LOCALS~1\Temp
TMP=C:\DOCUME~1\Petar\LOCALS~1\Temp
USERDOMAIN=COMPANY-31E9880
USERNAME=Petar
USERPROFILE=C:\Documents and Settings\Petar
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Petar [I](admin)[/I]
Administrator [I](new local, admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\Setup.exe" -l0x9 
55mm v7.5 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\55mm_v7.5_uninstal.log
7-Zip 4.56 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ADG Aspect 5.0.0.74 --> "C:\Program Files\Albatross\ADG Aspect\uninstall\unins000.exe"
ADG Panorama Pro 5.2.0.32 --> "C:\Program Files\Albatross\ADG Panorama Pro\uninstall\unins000.exe"
Adobe Acrobat 7.0.8 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> c:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alien Skin Blow Up --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
Alien Skin Exposure --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\INSTALL.LOG
Alien Skin Eye Candy 5 Nature --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Image Doctor --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\INSTALL.LOG
Alien Skin Snap Art --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\INSTALL.LOG
Alien Skin Xenofex 2 --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~3\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~3\INSTALL.LOG
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver (Omega 3.8.413) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Attribute Changer 5.30 --> C:\Program Files\Romain's Software\Attribute Changer\uninstall.exe
AV Bros. Page Curl Pro 2.2 (Remove Only) --> C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\AV Bros Page Curl Pro 2.2\AVUninstall.exe
AV Bros. Puzzle Pro 2.2 (Remove Only) --> C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\AV Bros Puzzle Pro 2.2\AVUninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVSEdit 1.1.0.0 --> "C:\Program Files\AVSEdit\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
B/W Styler 1.01 --> C:\Program Files\BWStyler\SXUNINST.EXE
BassBox 6 Pro --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HT Audio\Uninst.isu"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Capture One 3.7.7 --> C:\PROGRA~1\PHASEO~1\CAPTUR~1\UNWISE.EXE C:\PROGRA~1\PHASEO~1\CAPTUR~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Contrast PlanPlus 2006 --> MsiExec.exe /X{F3466934-06DC-42CA-A7CD-741B8837E98F}
Curves 2 --> C:\WINDOWS\Curves 2 Uninstaller.exe
dBpoweramp [Arrange Audio] Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
dBpoweramp [ID Tag Update] Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
dBpoweramp DSP Effects --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpoweramp Musepack Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp OptimFROG Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp OptimFROG Codec.dat
dBpoweramp Real Audio (Helix) Encoder --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
dBpoweramp Speex Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Speex Codec.dat
dBpoweramp TTA Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp TTA Codec.dat
dBpoweramp Wave64 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
dBpoweramp WavPack Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DeMoirize --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\DEMOIR~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\DEMOIR~1\INSTALL.LOG
Dfine 2.0 --> c:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Nik Software\Dfine 2.0\uninstall.exe
DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninst.exe
digestIT 2004 --> MsiExec.exe /I{5B119660-1788-11D8-8EB8-0050BF643EE7}
Digital Film Lab v2.5 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\Digital Film Lab v2.5_uninstal.log
Diskeeper 2008 Pro Premier --> MsiExec.exe /X{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Excel Password Recovery v2.0 (remove only) --> C:\Program Files\Intelore\Excel Password Recovery\uninstall.exe
Ext2 IFS 1.10c for Windows XP --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\ezmask1.5_uninstal.log
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
Gears of War --> C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9  -uninst  -removeonly
GetRight --> "C:\Program Files\GetRight\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for MSXML 2 (KB887606) --> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
hp deskjet 3600 --> msiexec /x{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}
Intellihance Pro 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C7FDDF-8D18-4B29-B81A-CDA512093274}\setup.exe" -l0x9  -uninst  -removeonly
IsoBuster 2.2 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Development Kit 5.0 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150040}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kane and Lynch: Dead Men --> MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LEAP 5.0.0.320 Uninstall --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\LEAP\Install.Log
Light v3.5 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\light_v3.5_uninstal.log
Luxor --> "C:\Program Files\Luxor\ReflexiveArcade\unins000.exe"
Mask Pro 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DFAC810-6DD8-4E23-96A4-BEB118408203}\setup.exe" -l0x9  -uninst  -removeonly
Maxthon2 Browser (remove only) --> C:\Documents and Settings\Petar\Application Data\Maxthon2\MaxthonUINST.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Office 2003 programski dodatak za preslovljavanje --> MsiExec.exe /I{51312349-0B4D-450E-AFAA-03CC28A9531F}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOK /dll OSETUP.DLL
Microsoft Office Outlook 2007 --> MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Minilyrics(remove only) --> "C:\Program Files\Minilyrics\uninst-ml.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 8 Lite 8.1.1.0 --> "C:\Program Files\Nero\unins000.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Interface Service --> C:\Program Files\Common Files\Akamai\uninstall.exe
nik Sharpener Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe c:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\nik Sharpener Pro 2.0 Complete\uninstal.log
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Nokia Software Updater --> MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.24 --> MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
Ozone v2.5 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\ozone_v2.5_uninstal.log
Paragon Hard Disk Manager 2008 Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E4BB29-FA98-401B-9EDE-9906906E33DE}\Setup.exe" -l0x9 
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFrame Pro 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F073685-ADDB-4D5A-98E9-0F795989A57F}\setup.exe" -l0x9  -uninst  -removeonly
PhotoKit Color 2 Plug-In Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Automate\PixelGenius Toolbox Plug-In Module\pkc2_uninstal.log
PhotoKit Plug-in Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Automate\PhotoKit Plug-in Module\uninstal.log
PhotoKit Sharpener Plug-in Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Automate\PhotoKit SHARPENER Plug-in Module\uninstal.log
Portraiture Plug-in --> MsiExec.exe /I{8F378798-88D8-4FA1-AB74-F035542133A6}
Power Mask v1.0 for Photoshop --> C:\WINDOWS\unvise32.exe c:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\DFT Power Mask v1\powermask_uninstal.log
Power Retouche Pro --> c:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\PowerRetouche\UnInstall_PRPro.exe
Power Stroke v1.0 for Adobe Photoshop & Photoshop Elements --> C:\WINDOWS\unvise32.exe c:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\DFT Power Stroke v1\powerstroke_uninstal.log
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Proxy Finder Enterprise Edition --> C:\Program Files\ProxyFinderEnterprise\uninstal.exe
QSuite Ver2.1 --> "C:\Program Files\QSuite\unins000.exe"
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Radeon Omega Drivers v3.8.413 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.413 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.413\Omega Uninstall.xml"
RealGrain Plug-in --> MsiExec.exe /I{92B3B2AF-ACF3-4A5A-9BBA-65473B310D9A}
Red Swoosh --> C:\Program Files\RSSoft\Uninstall.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shinycore Path Styler Pro 1.11 for Photoshop --> c:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Path Styler Pro PS\Uninstall.exe
Snap v2.5 for Adobe Photoshop & Photoshop Elements --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\snap2.5_uninstal.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9  -removeonly
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tag&Rename 3.4 --> "C:\Program Files\TagRename\unins000.exe"
The Bat! Professional v3.99.29 --> MsiExec.exe /I{CA8D1F57-1D54-463F-A97D-9D740EBBD285}
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
The RAS Logger System --> MsiExec.exe /I{6D2E7D97-77E7-487B-9466-5233916ADB49}
Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe
Tweakui Powertoy for Windows XP --> MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Universal Extractor 1.5 --> "C:\Program Files\Universal Extractor\unins000.exe"
UpdateStar --> MsiExec.exe /X{CCD12D37-188E-4BA3-B124-E70DFB3079E4}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Painter 5 (for Photoshop) --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\vp5e\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\vp5e\INSTALL.LOG
WebZIP --> C:\Program Files\WebZIP 7\SXUNINST.EXE
WhereIsIt? 3.84 --> "C:\Program Files\WhereIsIt\unins000.exe"
WinAlarm 2.1.0 --> "C:\Program Files\WinAlarm\unins000.exe"
WinASO Registry Optimizer 2.8 --> "C:\Program Files\WinASO\Registry Optimizer 2.8\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinHex --> C:\Program Files\WinHex\WinHex.exe uninst
WinMHT --> C:\Program Files\WinMHT\SXUNINST.EXE
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 --> 
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
zMatte v2.5 for Adobe Photoshop --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\zMatte_v2.5_uninstal.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type6530 / Warning
Event Submitted/Written: 02/12/2008 00:54:59 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type6529 / Warning
Event Submitted/Written: 02/12/2008 00:54:59 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type6514 / Error
Event Submitted/Written: 02/12/2008 01:45:44 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application waveedit.exe, version 4.1.0.0, faulting module nxmyfla.dll, version 1.0.0.33, fault address 0x00003e55.
Processing media-specific event for [waveedit.exe!ws!]

Event Record #/Type6513 / Error
Event Submitted/Written: 02/12/2008 01:45:14 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application waveedit.exe, version 4.1.0.0, faulting module nxmyfla.dll, version 1.0.0.33, fault address 0x00003e55.
Processing media-specific event for [waveedit.exe!ws!]

Event Record #/Type6507 / Error
Event Submitted/Written: 02/11/2008 06:44:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application kaneandlynch.exe, version 1.0.0.129, faulting module kaneandlynch.exe, version 1.0.0.129, fault address 0x002cc4c6.
Processing media-specific event for [kaneandlynch.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15270 / Error
Event Submitted/Written: 02/13/2008 01:23:03 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load: 
klif

Event Record #/Type15266 / Error
Event Submitted/Written: 02/13/2008 01:21:22 AM / 02/13/2008 01:21:35 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type15239 / Error
Event Submitted/Written: 02/12/2008 11:53:40 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load: 
klif

Event Record #/Type15237 / Error
Event Submitted/Written: 02/12/2008 11:52:00 PM / 02/12/2008 11:52:13 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type15219 / Error
Event Submitted/Written: 02/12/2008 11:10:01 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load: 
klif



-- End of Deckard's System Scanner: finished at 2008-02-13 01:29:02 ------------

Kao i SDFix, evo njegovog loga:
http://www.esnips.com/doc/60f8...9b43-9ecdd9868049/SDFix-Report

Pomagajte!
[ Binary Mind @ 13.02.2008. 13:10 ] @
1. Zaradio si vise infekcija a ne samo jednu na koju se zalis. Ni Adober nisi ocistio kako treba :/
2. Link do SDFix loga nije dobar tj. nema loga na tom linku.
3. Cobmofix scan radi iz Safe Mode-a i okachi log.
4. Uradi ponovo SDFix scan iz Safe Mode-a i okachi log ovde a ne na trecem sajtu.
5. Probaj da preimenujes egzekutabilni fajl od HiJackThis-a! u bilo sta pa ponovi sken u normal mode-u i okachi log.
6. Ne koristi DDS jer su ovi pojedinacni alati gore mnogo efikasniji.
7. Ako nesto krene naopako razmisljaj o Repair-u te instalacije, pa ponovnom *ebanju sa HijackThis!, Combofix i sl., ili jos bolje, formatu i ponovnom instaliranju Windows-a.
[ mister Mrva @ 13.02.2008. 17:43 ] @
1. Znao sam ja to zato sam i postovao ovde. Do sada nisam sretao ovako gadnu gamad već je Kaspersky i poneki jednostavniji alat završavao posao.
2. Meni radi a kačio sam ga na drugi sajt jer je bio oko 300KB
3. I pokušavao sam iz safe moda ali ništa, sada ga je odradio
5. Uspeo da ga skinem i pri downloadu ga reimenovao, odradio je posao kačim log
7. Za ovo nemam ni živaca ni vremena

Evo ih:
Code:
ComboFix 08-02-13.2 - Petar 2008-02-13 17:56:58.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.789 [GMT 1:00]
Running from: c:\Virus Tools\Combo-Fix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-01-13 to 2008-02-13  )))))))))))))))))))))))))))))))
.

2008-02-13 17:32 . 2008-02-13 17:32    <DIR>    d--------    C:\Virus Tools
2008-02-13 15:55 . 2008-02-13 15:55    <DIR>    d--------    C:\Program Files\Kaspersky Lab
2008-02-13 15:55 . 2008-02-13 17:39    91,700    --a------    C:\WINDOWS\system32\drivers\klin.dat
2008-02-13 15:55 . 2008-02-13 17:39    85,860    --a------    C:\WINDOWS\system32\drivers\klick.dat
2008-02-13 01:48 . 2008-02-13 15:47    60,416    --a------    C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-13 01:35 . 2008-02-13 01:35    <DIR>    d--------    C:\WINDOWS\ERUNT
2008-02-12 22:41 . 2008-02-13 00:49    <DIR>    d--------    C:\Program Files\LEAP
2008-02-12 22:41 . 1996-12-01 01:41    14,528    ---------    C:\WINDOWS\system32\drivers\MMK_NTD.SYS
2008-02-12 22:37 . 2008-02-12 22:37    <DIR>    d--------    C:\Program Files\ReflexiveArcade
2008-02-12 22:34 . 2008-02-12 22:37    <DIR>    d--------    C:\Temp\Igre
2008-02-12 22:22 . 2008-02-12 22:23    <DIR>    d--------    C:\Film za snimanje
2008-02-12 22:17 . 2008-02-12 22:17    1,226    --a------    C:\WINDOWS\mozver.dat
2008-02-12 15:13 . 2008-02-12 15:15    <DIR>    d--------    C:\Flash disk
2008-02-11 21:48 . 2008-02-12 11:40    <DIR>    d--------    C:\Temp\Donald Byrd and Kenny Burrell
2008-02-11 21:48 . 2008-02-12 11:37    <DIR>    d--------    C:\Temp\Coleman Hawkins Quartet
2008-02-11 18:13 . 2008-02-11 18:13    <DIR>    d--------    C:\Program Files\OpenAL
2008-02-11 18:13 . 2008-02-11 18:13    <DIR>    d--------    C:\Program Files\Eidos
2008-02-11 18:13 . 2008-02-11 18:13    413,696    --a------    C:\WINDOWS\system32\wrap_oal.dll
2008-02-11 18:13 . 2008-02-11 18:13    110,592    --a------    C:\WINDOWS\system32\OpenAL32.dll
2008-02-11 18:12 . 2008-02-11 18:12    <DIR>    d--------    C:\WINDOWS\system32\xlive
2008-02-09 22:47 . 2008-02-09 22:49    <DIR>    d--------    C:\WINDOWS\Caps
2008-02-09 17:31 . 2008-02-09 17:31    0    --a------    C:\WINDOWS\nsreg.dat
2008-02-09 16:58 . 2008-02-13 17:47    <DIR>    d--------    C:\Program Files\RSSoft
2008-02-09 16:33 . 2008-02-13 17:51    <DIR>    d--------    C:\Program Files\Common Files\Akamai
2008-02-08 22:56 . 2002-12-06 05:08    162,304    ---------    C:\WINDOWS\UNWISE.EXE
2008-02-05 19:31 . 2008-02-05 19:31    <DIR>    d--------    C:\Program Files\Microsoft Games
2008-02-05 19:31 . 2008-02-05 19:31    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Microsoft Games
2008-02-05 12:34 . 2008-02-05 19:37    <DIR>    d--------    C:\Program Files\Universal Extractor
2008-02-02 21:40 . 2008-02-05 18:52    <DIR>    d--------    C:\Program Files\PowerISO
2008-02-02 20:14 . 2008-02-02 23:40    <DIR>    d--------    C:\Program Files\HT Audio
2008-02-02 20:14 . 2008-02-02 20:14    38    --a------    C:\WINDOWS\DAOCONV.T1C
2008-02-02 20:13 . 1997-12-17 18:33    304,128    --a------    C:\WINDOWS\IsUninst.exe
2008-02-01 20:59 . 2007-07-19 18:14    3,727,720    --a------    C:\WINDOWS\system32\d3dx9_35.dll
2008-02-01 20:59 . 2007-07-19 18:14    1,358,192    --a------    C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-01 20:59 . 2007-07-19 18:14    444,776    --a------    C:\WINDOWS\system32\d3dx10_35.dll
2008-02-01 15:42 . 1995-01-15 12:53    356,049    --a------    C:\WINDOWS\SSE100.HLP
2008-02-01 15:40 . 2008-02-02 00:09    398    --a------    C:\WINDOWS\SSE1.INI
2008-02-01 15:38 . 1994-04-05 00:00    994,496    --a------    C:\WINDOWS\system\MSAJT200.DLL
2008-02-01 15:38 . 1993-05-12 07:00    398,416    --a------    C:\WINDOWS\system\VBRUN300.DLL
2008-02-01 15:38 . 1994-03-24 00:00    95,200    --a------    C:\WINDOWS\system\VBDB300.DLL
2008-02-01 15:38 . 1993-07-16 15:28    64,432    --a------    C:\WINDOWS\system\THREED.VBX
2008-02-01 15:38 . 1993-04-28 07:00    33,280    --a------    C:\WINDOWS\system\MSAES110.DLL
2008-02-01 15:38 . 1994-11-02 18:55    30,448    --a------    C:\WINDOWS\system\MSGBLAST.VBX
2008-02-01 15:38 . 1993-04-28 07:00    18,688    --a------    C:\WINDOWS\system\CMDIALOG.VBX
2008-02-01 15:38 . 1994-03-24 00:00    17,440    --a------    C:\WINDOWS\system\MSAJT112.DLL
2008-02-01 15:38 . 1995-04-28 17:07    34    --a------    C:\WINDOWS\SS2.REG
2008-02-01 15:38 . 1995-04-28 17:07    34    --a------    C:\WINDOWS\SS1.REG
2008-01-31 00:16 . 2008-02-10 09:25    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-01-31 00:16 . 2008-01-31 00:16    1,409    --a------    C:\WINDOWS\QTFont.for
2008-01-25 23:06 . 2008-01-25 23:06    <DIR>    dr-h-----    C:\Documents and Settings\Petar\Application Data\SecuROM
2008-01-25 23:06 . 2008-01-25 23:06    107,888    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2008-01-25 22:53 . 2005-04-30 23:41    200,704    --a------    C:\WINDOWS\system32\IfsDrives.dll
2008-01-25 22:53 . 2006-10-23 18:20    132,736    --a------    C:\WINDOWS\system32\drivers\ext2fs.sys
2008-01-25 22:53 . 2005-02-04 15:35    57,344    --a------    C:\WINDOWS\system32\IfsDrives.cpl
2008-01-25 22:53 . 2004-09-25 00:28    4,608    --a------    C:\WINDOWS\system32\drivers\IfsDrives.sys
2008-01-25 01:57 . 2008-01-25 01:57    <DIR>    d--------    C:\Program Files\digestIT 2004
2008-01-23 17:18 . 2008-02-12 11:39    <DIR>    d--------    C:\Program Files\UltraISO
2008-01-23 00:33 . 2008-02-01 14:44    103,736    --a------    C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 00:33 . 2008-01-23 01:12    66,872    --a------    C:\WINDOWS\system32\PnkBstrA.exe
2008-01-23 00:33 . 2008-02-01 14:44    22,328    --a------    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-23 00:24 . 2008-01-23 00:24    <DIR>    d--------    C:\Program Files\Electronic Arts
2008-01-22 23:07 . 2008-01-22 23:07    <DIR>    d--hs----    C:\WINDOWS\ftpcache
2008-01-22 23:07 . 2007-05-16 16:45    3,497,832    --a------    C:\WINDOWS\system32\d3dx9_34.dll
2008-01-22 23:07 . 2007-05-16 16:45    1,124,720    --a------    C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-22 23:07 . 2007-05-16 16:45    443,752    --a------    C:\WINDOWS\system32\d3dx10_34.dll
2008-01-22 23:07 . 2007-06-20 20:46    266,088    --a------    C:\WINDOWS\system32\xactengine2_8.dll
2008-01-22 23:07 . 2007-06-20 20:45    18,280    --a------    C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-22 23:06 . 2008-01-22 23:06    319    --a------    C:\WINDOWS\game.ini
2008-01-20 20:37 . 2008-01-20 20:43    <DIR>    d--------    C:\Program Files\MediaMonkey
2008-01-20 19:31 . 2008-01-20 23:09    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Digital Film Tools
2008-01-20 19:29 . 2008-01-20 23:08    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2008-01-20 08:07 . 2008-01-20 08:07    33,292    --a------    C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-19 23:36 . 2008-01-19 23:36    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Imagenomic
2008-01-19 22:47 . 2008-01-19 22:48    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Mask Pro 4.0
2008-01-19 22:37 . 2008-01-23 21:33    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Alien Skin
2008-01-19 17:25 . 2004-03-29 12:16    352,256    --a------    C:\WINDOWS\esellerateEngine.dll
2008-01-19 17:16 . 2008-01-19 17:17    <DIR>    d--------    C:\Program Files\Imagenomic
2008-01-19 16:54 . 2008-01-19 16:54    <DIR>    d--------    C:\Program Files\Curvemeister.com
2008-01-19 16:54 . 2008-01-19 16:54    146,650    --a------    C:\WINDOWS\Curves 2 Uninstaller.exe
2008-01-19 16:53 . 2008-01-19 16:53    <DIR>    d--------    C:\Program Files\BWStyler
2008-01-19 16:43 . 2008-01-19 16:43    <DIR>    d--------    C:\Program Files\Alien Skin
2008-01-19 16:36 . 2008-01-19 16:37    <DIR>    d--------    C:\Program Files\Albatross
2008-01-19 16:23 . 2004-03-29 17:23    90,112    --a------    C:\WINDOWS\unvise32.exe
2008-01-19 16:21 . 2008-01-19 16:21    <DIR>    d--------    C:\Program Files\Common Files\onOne Software Shared
2008-01-19 16:21 . 2005-08-21 15:57    227,840    --a------    C:\WINDOWS\system32\Deco_32.dll
2008-01-19 16:20 . 2008-01-19 16:20    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\onOne Software
2008-01-19 16:18 . 2008-01-19 16:21    <DIR>    d--------    C:\Program Files\onOne Software
2008-01-19 16:17 . 2008-01-19 17:35    24    --ah-----    C:\WINDOWS\hpcfgjmp.zpi
2008-01-19 16:17 . 2008-01-19 16:17    19    --ah-----    C:\WINDOWS\system32\ezirioMeD4
2008-01-19 16:16 . 2008-01-19 16:16    <DIR>    d--------    C:\Program Files\Phase One
2008-01-19 16:16 . 2005-10-27 16:27    23,168    --a------    C:\WINDOWS\system32\drivers\p1c1394.sys
2008-01-19 16:16 . 2007-10-04 13:28    2,577    --a------    C:\WINDOWS\system32\config.hsp
2008-01-17 15:41 . 2008-01-17 15:41    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Nokia Multimedia Player
2008-01-15 22:21 . 2008-01-16 00:40    <DIR>    d--------    C:\Program Files\WinHex
2008-01-14 17:14 . 2008-01-14 17:14    <DIR>    d--------    C:\Program Files\Romain's Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 16:51    375,296    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-13 16:51    27,250,976    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-13 16:51    155,324    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-13 16:51    1,614,368    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-13 16:47    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Apple Computer
2008-02-13 16:47    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 16:41    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\MxBoost
2008-02-13 16:29    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Maxthon2
2008-02-13 13:21    ---------    d-----w    C:\Program Files\GetRight
2008-02-13 10:17    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\The Bat!
2008-02-12 16:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 08:19    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\WinAlarm
2008-02-09 16:03    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\uTorrent
2008-02-07 14:54    3,001    --sha-w    C:\Documents and Settings\Petar\ppUser.dat
2008-02-04 20:41    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 19:40    1,409    ----a-w    C:\WINDOWS\Fonts\EngrSans.fot
2008-02-02 22:04    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-01-22 21:39    ---------    d-----w    C:\Program Files\totalcmd
2008-01-19 16:16    1,336    ----a-w    C:\Program Files\INSTALL.LOG
2008-01-19 14:19    ---------    d-----w    C:\Program Files\The Bat!
2008-01-14 15:44    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-14 14:25    ---------    d-----w    C:\Program Files\AlbumArtDownloader
2008-01-13 18:50    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\dBpoweramp
2008-01-13 18:46    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\AccurateRip
2008-01-12 19:58    ---------    d-----w    C:\Program Files\Common Files\Canon
2008-01-12 19:58    ---------    d-----w    C:\Program Files\Canon
2008-01-12 15:23    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\ABBYY
2008-01-08 16:57    ---------    d-----w    C:\Program Files\Java
2008-01-07 21:50    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-07 21:49    ---------    d-----w    C:\Program Files\Nokia
2008-01-07 21:49    ---------    d-----w    C:\Program Files\Common Files\Nokia
2008-01-07 21:49    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Installations
2008-01-07 21:46    ---------    d-----w    C:\Program Files\DIFX
2008-01-07 21:46    ---------    d-----w    C:\Program Files\Common Files\PCSuite
2008-01-07 21:46    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Nokia
2008-01-07 21:46    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-07 21:45    ---------    d-----w    C:\Program Files\PC Connectivity Solution
2008-01-07 21:45    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\PC Suite
2008-01-07 21:29    ---------    d-----w    C:\Program Files\Paragon Software
2008-01-07 21:17    ---------    d-----w    C:\Program Files\TagRename
2007-12-28 21:33    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\MiniLyrics
2007-12-27 18:22    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\vlc
2007-12-27 18:20    ---------    d-----w    C:\Program Files\VideoLAN
2007-12-27 18:16    ---------    d-----w    C:\Program Files\Alcohol Soft
2007-12-27 18:14    715,248    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-12-27 10:23    47,360    ----a-w    C:\Documents and Settings\Petar\Application Data\pcouffin.sys
2007-12-27 10:23    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Vso
2007-12-24 20:55    47,360    ----a-w    C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-24 20:52    ---------    d-----w    C:\Program Files\The KMPlayer
2007-12-24 20:46    ---------    d-----w    C:\Program Files\Analog Devices
2007-12-24 20:41    ---------    d-----w    C:\Program Files\ffdshow
2007-12-24 20:32    ---------    d-----w    C:\Program Files\Minilyrics
2007-12-24 11:32    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-19 13:42    ---------    d-----w    C:\Program Files\Intelore
2007-12-16 12:27    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\UpdateStar
2007-12-03 15:34    7,680    ----a-w    C:\WINDOWS\system32\ff_vfw.dll
2007-11-30 00:50    451,072    ----a-w    C:\WINDOWS\Radeon Omega Drivers v3.8.413 Uninstall.exe
2007-11-29 11:52    60,273    ----a-w    C:\WINDOWS\system32\pthreadGC2.dll
2007-07-27 11:37    676,224    --sh--w    C:\WINDOWS\system32\ogacheckcontrol.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-27 02:30 62436]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 20:12 176128]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51 233472]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23 3035136]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2006-02-22 01:05 344064]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2007-04-24 20:31 229376]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Petar\Start Menu\Programs\Startup\
The RAS Logger System.lnk - C:\Documents and Settings\Petar\Application Data\Microsoft\Installer\{6D2E7D97-77E7-487B-9466-5233916ADB49}\_26e91eb.exe [2007-11-06 11:48:00 1078]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-05 00:49:13 25214]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-10-05 01:00:40 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qshelf.lnk]
backup=C:\WINDOWS\pss\Qshelf.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Petar^Start Menu^Programs^Startup^Anapod Manager.lnk]
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 19:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 10:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18]
R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 18:20]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 00:28]
S2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S2 MMK_NTD;MMK_NTD;C:\WINDOWS\system32\drivers\MMK_NTD.sys [1996-12-01 01:41]
S2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-10-04 19:17]
S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys [2005-10-27 16:27]
S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{358fb807-7900-11dc-9c8f-c28f287c6bfd}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b72f899a-b4a7-11dc-8132-d6a2c3cd9bb5}]
\Shell\AutoRun\command - H:\setup.exe

*Newly Created Service* - P1C1394
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 17:57:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-13 17:58:05
ComboFix2.txt  2008-02-13 16:55:02

Code:

SDFix: Version 1.141

Run by Petar on sre 13.02.2008 at 18:01

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\VIRUST~1\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found






Removing Temp Files...

ADS Check:
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 18:04:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fe057642
"s2"=dword:50cc8831
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:25,37,0f,12,95,fc,d6,25,10,eb,aa,ee,28,c3,fc,d6,c6,6e,b8,bc,9f,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:1f,f6,71,ed,50,a2,76,9b,b6,12,8e,fa,15,8a,7b,7d,d2,05,1b,eb,bc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:7a,d8,61,9e,12,50,aa,35,a6,ab,aa,f4,8c,a2,b8,89,12,46,db,a9,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:25,37,0f,12,95,fc,d6,25,10,eb,aa,ee,28,c3,fc,d6,c6,6e,b8,bc,9f,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:1f,f6,71,ed,50,a2,76,9b,b6,12,8e,fa,15,8a,7b,7d,d2,05,1b,eb,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:7a,d8,61,9e,12,50,aa,35,a6,ab,aa,f4,8c,a2,b8,89,12,46,db,a9,93,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5DE84A76A6B0A07499C58B1F49E2A89B\Usage]
"Diskeeper"=dword:384d122f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000089
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{45FFA87C-9CE0-E314-1330-487DFEED8DCA}]
"jabmkgfinmmefclbmckp"=hex:62,61,64,6f,00,00
"jabmkgfinmmefclbmcol"=hex:62,61,70,6a,00,00
"iabnobnkjdbljigoij"=hex:6b,61,69,6f,66,68,63,6f,6d,69,69,6a,6d,61,63,6d,6b,66,62,66,61,..
"halmedionjbfgngi"=hex:6b,61,69,6f,66,68,63,6f,6d,69,69,6a,6d,61,63,6d,6b,66,62,66,61,..
"ialmedpohoelnekonk"=hex:68,61,65,6e,65,62,67,62,62,6f,64,6b,64,6f,64,66,00,0f
"hafmoihfipaaffkm"=hex:61,61,00,00
"jagmfkljochjfjbenefe"=hex:61,61,00,00
"jammdheimmodbngegiln"=hex:62,61,69,6f,00,00
"iagcdahbppomnjghmn"=hex:65,61,69,6f,65,68,63,6b,61,6b,00,00
"iagcdahbppomnjghln"=hex:64,61,63,6f,68,65,64,6f,00,6b

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed  4 Aug 2004        93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Fri 27 Jul 2007       676,224 ..SH. --- "C:\WINDOWS\system32\ogacheckcontrol.dll"
Tue 30 Oct 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu  4 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu  7 Feb 2002        94,208 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\lpaccodec.dll"
Fri  2 Feb 2001        40,960 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\lpac_codec_api.dll"
Tue 13 Apr 2004       212,992 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\OFR.EXE"
Fri 17 Jan 2003       278,528 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\PNCRT.dll"
Mon  5 May 2003        16,384 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\RMADEC.EXE"
Fri 25 Jan 2008         4,965 ...HR --- "C:\Documents and Settings\Petar\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 11 Apr 2003        73,766 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\atrc3260.dll"
Fri 11 Apr 2003        45,099 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\auth3260.dll"
Fri 11 Apr 2003        65,575 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\cook3260.dll"
Fri 11 Apr 2003       102,437 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\drv13260.dll"
Fri 11 Apr 2003       176,165 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\drv23260.dll"
Fri 11 Apr 2003       208,935 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\drv33260.dll"
Fri 11 Apr 2003       217,127 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\drv43260.dll"
Tue 15 Apr 2003       976,896 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\pnen3260.dll"
Fri 11 Apr 2003       348,203 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\pnvi3260.dll"
Fri 11 Apr 2003        53,289 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\pnxr3260.dll"
Fri 11 Apr 2003        45,101 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\ramf3260.dll"
Fri 11 Apr 2003       135,213 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rare3260.dll"
Mon 14 Oct 2002        57,344 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rims3290.dll"
Fri 11 Apr 2003       163,885 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rmff3260.dll"
Mon 14 Oct 2002       737,280 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rmse3290.dll"
Mon 14 Oct 2002       245,760 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rmwr3260.dll"
Fri 11 Apr 2003       245,805 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rnlt3260.dll"
Mon 14 Oct 2002       245,760 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rorw3290.dll"
Mon 14 Oct 2002       114,688 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rtae3290.dll"
Mon 14 Oct 2002        65,536 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rtin3290.dll"
Mon 14 Oct 2002       163,840 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rtve3290.dll"
Fri 11 Apr 2003        45,093 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rv103260.dll"
Fri 11 Apr 2003        98,341 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rv203260.dll"
Fri 11 Apr 2003        94,247 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rv303260.dll"
Fri 11 Apr 2003        90,151 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rv403260.dll"
Fri 11 Apr 2003       159,785 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\rvre3260.dll"
Mon 14 Oct 2002       102,400 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\sipr3260.dll"
Fri 11 Apr 2003        61,485 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\smpl3260.dll"
Fri 11 Apr 2003       106,541 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\vsrl3260.dll"
Fri 11 Apr 2003        86,061 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\xmlp3261.dll"
Fri 11 Apr 2003       159,787 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Common\zipf3260.dll"
Sun 23 Feb 2003        64,512 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\MusePack\MPPDEC.EXE"
Sat 26 Oct 2002        79,360 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\MusePack\MPPENC.EXE"
Fri 14 Feb 2003       910,152 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Shorten\CYGWIN1.DLL"
Sun 20 Apr 2003        60,928 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Shorten\SHORTEN.EXE"
Wed  8 Oct 2003        75,264 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Speex\speexdec.exe"
Wed  8 Oct 2003        77,312 ...H. --- "C:\Program Files\Common Files\Nero\AudioPlugins\Speex\speexenc.exe"

Finished!

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:48, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ATITool\ATITool.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\RasLogger\RasLogger3\RasLogger3.exe
C:\Documents and Settings\Petar\Application Data\Maxthon2\Maxthon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Downloads\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: The RAS Logger System.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save page with WinMHT... - C:\Program Files\WinMHT\iewmht0.htm
O8 - Extra context menu item: Save selection with WinMHT... - C:\Program Files\WinMHT\iewmht2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8649 bytes

U međuvremenu sam pustio AVG anti spyware koji je našao neko *ranje i uspeo da reinstaliram KIS7 koji je našao Trojan-downloader.Win32.Bagle.Jr i sada puštam full scan. Čini mi se da je sada sve OK.

Hvala na pomoći
[ Binary Mind @ 13.02.2008. 19:23 ] @
Izgleda da si resio problem sa AVG antispyware-om. Ovi ostali logovi su uglavnom dobri. Pre nego sto sto pocnes sledece iskljuci System Restore. Skini tekstualni fajl koji sam zakacio i prevuci na Combofix ikonu i pusti da zavrsi sken, pa okachi novi Combofix log. Proskeniraj jos jednom uredno update-ovanim antivirus-om i AVG Antispyware-om. Ako sve prodje dobro onda si verovatno resio problem.
[ mister Mrva @ 14.02.2008. 01:42 ] @
Evo loga skeniranja sa tvojom skriptom:
Code:
ComboFix 08-02-13.2 - Petar 2008-02-14  1:48:22.10 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.788 [GMT 1:00]
Running from: C:\Documents and Settings\Petar\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Petar\Desktop\CFScript.txt

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-01-14 to 2008-02-14  )))))))))))))))))))))))))))))))
.

2008-02-13 23:23 . 2008-02-13 23:23    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Grisoft
2008-02-13 23:23 . 2007-05-30 13:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-13 23:22 . 2008-02-13 23:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 15:55 . 2008-02-13 15:55    <DIR>    d--------    C:\Program Files\Kaspersky Lab
2008-02-13 15:55 . 2008-02-13 17:39    91,700    --a------    C:\WINDOWS\system32\drivers\klin.dat
2008-02-13 15:55 . 2008-02-13 17:39    85,860    --a------    C:\WINDOWS\system32\drivers\klick.dat
2008-02-13 01:48 . 2008-02-13 15:47    60,416    --a------    C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-13 01:35 . 2008-02-13 01:35    <DIR>    d--------    C:\WINDOWS\ERUNT
2008-02-12 22:41 . 2008-02-13 00:49    <DIR>    d--------    C:\Program Files\LEAP
2008-02-12 22:41 . 1996-12-01 01:41    14,528    ---------    C:\WINDOWS\system32\drivers\MMK_NTD.SYS
2008-02-12 22:37 . 2008-02-12 22:37    <DIR>    d--------    C:\Program Files\ReflexiveArcade
2008-02-12 22:34 . 2008-02-12 22:37    <DIR>    d--------    C:\Temp\Igre
2008-02-12 22:22 . 2008-02-12 22:23    <DIR>    d--------    C:\Film za snimanje
2008-02-12 22:17 . 2008-02-12 22:17    1,226    --a------    C:\WINDOWS\mozver.dat
2008-02-12 15:13 . 2008-02-12 15:15    <DIR>    d--------    C:\Flash disk
2008-02-11 21:48 . 2008-02-12 11:40    <DIR>    d--------    C:\Temp\Donald Byrd and Kenny Burrell
2008-02-11 21:48 . 2008-02-12 11:37    <DIR>    d--------    C:\Temp\Coleman Hawkins Quartet
2008-02-11 18:13 . 2008-02-11 18:13    <DIR>    d--------    C:\Program Files\OpenAL
2008-02-11 18:13 . 2008-02-11 18:13    <DIR>    d--------    C:\Program Files\Eidos
2008-02-11 18:13 . 2008-02-11 18:13    413,696    --a------    C:\WINDOWS\system32\wrap_oal.dll
2008-02-11 18:13 . 2008-02-11 18:13    110,592    --a------    C:\WINDOWS\system32\OpenAL32.dll
2008-02-11 18:12 . 2008-02-11 18:12    <DIR>    d--------    C:\WINDOWS\system32\xlive
2008-02-09 22:47 . 2008-02-09 22:49    <DIR>    d--------    C:\WINDOWS\Caps
2008-02-09 17:31 . 2008-02-09 17:31    0    --a------    C:\WINDOWS\nsreg.dat
2008-02-09 16:58 . 2008-02-14 01:19    <DIR>    d--------    C:\Program Files\RSSoft
2008-02-09 16:33 . 2008-02-14 01:19    <DIR>    d--------    C:\Program Files\Common Files\Akamai
2008-02-08 22:56 . 2002-12-06 05:08    162,304    ---------    C:\WINDOWS\UNWISE.EXE
2008-02-05 19:31 . 2008-02-05 19:31    <DIR>    d--------    C:\Program Files\Microsoft Games
2008-02-05 19:31 . 2008-02-05 19:31    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Microsoft Games
2008-02-05 12:34 . 2008-02-05 19:37    <DIR>    d--------    C:\Program Files\Universal Extractor
2008-02-02 21:40 . 2008-02-05 18:52    <DIR>    d--------    C:\Program Files\PowerISO
2008-02-02 20:14 . 2008-02-02 23:40    <DIR>    d--------    C:\Program Files\HT Audio
2008-02-02 20:14 . 2008-02-02 20:14    38    --a------    C:\WINDOWS\DAOCONV.T1C
2008-02-02 20:13 . 1997-12-17 18:33    304,128    --a------    C:\WINDOWS\IsUninst.exe
2008-02-01 20:59 . 2007-07-19 18:14    3,727,720    --a------    C:\WINDOWS\system32\d3dx9_35.dll
2008-02-01 20:59 . 2007-07-19 18:14    1,358,192    --a------    C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-01 20:59 . 2007-07-19 18:14    444,776    --a------    C:\WINDOWS\system32\d3dx10_35.dll
2008-02-01 15:42 . 1995-01-15 12:53    356,049    --a------    C:\WINDOWS\SSE100.HLP
2008-02-01 15:40 . 2008-02-02 00:09    398    --a------    C:\WINDOWS\SSE1.INI
2008-02-01 15:38 . 1994-04-05 00:00    994,496    --a------    C:\WINDOWS\system\MSAJT200.DLL
2008-02-01 15:38 . 1993-05-12 07:00    398,416    --a------    C:\WINDOWS\system\VBRUN300.DLL
2008-02-01 15:38 . 1994-03-24 00:00    95,200    --a------    C:\WINDOWS\system\VBDB300.DLL
2008-02-01 15:38 . 1993-07-16 15:28    64,432    --a------    C:\WINDOWS\system\THREED.VBX
2008-02-01 15:38 . 1993-04-28 07:00    33,280    --a------    C:\WINDOWS\system\MSAES110.DLL
2008-02-01 15:38 . 1994-11-02 18:55    30,448    --a------    C:\WINDOWS\system\MSGBLAST.VBX
2008-02-01 15:38 . 1993-04-28 07:00    18,688    --a------    C:\WINDOWS\system\CMDIALOG.VBX
2008-02-01 15:38 . 1994-03-24 00:00    17,440    --a------    C:\WINDOWS\system\MSAJT112.DLL
2008-02-01 15:38 . 1995-04-28 17:07    34    --a------    C:\WINDOWS\SS2.REG
2008-02-01 15:38 . 1995-04-28 17:07    34    --a------    C:\WINDOWS\SS1.REG
2008-01-31 00:16 . 2008-02-10 09:25    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-01-31 00:16 . 2008-01-31 00:16    1,409    --a------    C:\WINDOWS\QTFont.for
2008-01-25 23:06 . 2008-01-25 23:06    <DIR>    dr-h-----    C:\Documents and Settings\Petar\Application Data\SecuROM
2008-01-25 23:06 . 2008-01-25 23:06    107,888    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2008-01-25 22:53 . 2005-04-30 23:41    200,704    --a------    C:\WINDOWS\system32\IfsDrives.dll
2008-01-25 22:53 . 2006-10-23 18:20    132,736    --a------    C:\WINDOWS\system32\drivers\ext2fs.sys
2008-01-25 22:53 . 2005-02-04 15:35    57,344    --a------    C:\WINDOWS\system32\IfsDrives.cpl
2008-01-25 22:53 . 2004-09-25 00:28    4,608    --a------    C:\WINDOWS\system32\drivers\IfsDrives.sys
2008-01-25 01:57 . 2008-01-25 01:57    <DIR>    d--------    C:\Program Files\digestIT 2004
2008-01-23 17:18 . 2008-02-12 11:39    <DIR>    d--------    C:\Program Files\UltraISO
2008-01-23 00:33 . 2008-02-01 14:44    103,736    --a------    C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 00:33 . 2008-01-23 01:12    66,872    --a------    C:\WINDOWS\system32\PnkBstrA.exe
2008-01-23 00:33 . 2008-02-01 14:44    22,328    --a------    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-23 00:24 . 2008-01-23 00:24    <DIR>    d--------    C:\Program Files\Electronic Arts
2008-01-22 23:07 . 2008-01-22 23:07    <DIR>    d--hs----    C:\WINDOWS\ftpcache
2008-01-22 23:07 . 2007-05-16 16:45    3,497,832    --a------    C:\WINDOWS\system32\d3dx9_34.dll
2008-01-22 23:07 . 2007-05-16 16:45    1,124,720    --a------    C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-22 23:07 . 2007-05-16 16:45    443,752    --a------    C:\WINDOWS\system32\d3dx10_34.dll
2008-01-22 23:07 . 2007-06-20 20:46    266,088    --a------    C:\WINDOWS\system32\xactengine2_8.dll
2008-01-22 23:07 . 2007-06-20 20:45    18,280    --a------    C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-22 23:06 . 2008-01-22 23:06    319    --a------    C:\WINDOWS\game.ini
2008-01-20 20:37 . 2008-01-20 20:43    <DIR>    d--------    C:\Program Files\MediaMonkey
2008-01-20 19:31 . 2008-01-20 23:09    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Digital Film Tools
2008-01-20 19:29 . 2008-01-20 23:08    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2008-01-20 08:07 . 2008-01-20 08:07    33,292    --a------    C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-19 23:36 . 2008-01-19 23:36    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Imagenomic
2008-01-19 22:47 . 2008-01-19 22:48    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Mask Pro 4.0
2008-01-19 22:37 . 2008-01-23 21:33    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Alien Skin
2008-01-19 17:25 . 2004-03-29 12:16    352,256    --a------    C:\WINDOWS\esellerateEngine.dll
2008-01-19 17:16 . 2008-01-19 17:17    <DIR>    d--------    C:\Program Files\Imagenomic
2008-01-19 16:54 . 2008-01-19 16:54    <DIR>    d--------    C:\Program Files\Curvemeister.com
2008-01-19 16:54 . 2008-01-19 16:54    146,650    --a------    C:\WINDOWS\Curves 2 Uninstaller.exe
2008-01-19 16:53 . 2008-01-19 16:53    <DIR>    d--------    C:\Program Files\BWStyler
2008-01-19 16:43 . 2008-01-19 16:43    <DIR>    d--------    C:\Program Files\Alien Skin
2008-01-19 16:36 . 2008-01-19 16:37    <DIR>    d--------    C:\Program Files\Albatross
2008-01-19 16:23 . 2004-03-29 17:23    90,112    --a------    C:\WINDOWS\unvise32.exe
2008-01-19 16:21 . 2008-01-19 16:21    <DIR>    d--------    C:\Program Files\Common Files\onOne Software Shared
2008-01-19 16:21 . 2005-08-21 15:57    227,840    --a------    C:\WINDOWS\system32\Deco_32.dll
2008-01-19 16:20 . 2008-01-19 16:20    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\onOne Software
2008-01-19 16:18 . 2008-01-19 16:21    <DIR>    d--------    C:\Program Files\onOne Software
2008-01-19 16:17 . 2008-01-19 17:35    24    --ah-----    C:\WINDOWS\hpcfgjmp.zpi
2008-01-19 16:17 . 2008-01-19 16:17    19    --ah-----    C:\WINDOWS\system32\ezirioMeD4
2008-01-19 16:16 . 2008-01-19 16:16    <DIR>    d--------    C:\Program Files\Phase One
2008-01-19 16:16 . 2005-10-27 16:27    23,168    --a------    C:\WINDOWS\system32\drivers\p1c1394.sys
2008-01-19 16:16 . 2007-10-04 13:28    2,577    --a------    C:\WINDOWS\system32\config.hsp
2008-01-17 15:41 . 2008-01-17 15:41    <DIR>    d--------    C:\Documents and Settings\Petar\Application Data\Nokia Multimedia Player
2008-01-15 22:21 . 2008-01-16 00:40    <DIR>    d--------    C:\Program Files\WinHex
2008-01-14 17:14 . 2008-01-14 17:14    <DIR>    d--------    C:\Program Files\Romain's Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 00:41    27,593,248    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-13 23:29    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\MxBoost
2008-02-13 23:19    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 19:52    378,968    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-13 19:52    155,540    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-13 19:52    1,614,368    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-13 16:47    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Apple Computer
2008-02-13 16:29    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Maxthon2
2008-02-13 13:21    ---------    d-----w    C:\Program Files\GetRight
2008-02-13 10:17    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\The Bat!
2008-02-12 16:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 08:19    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\WinAlarm
2008-02-09 16:03    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\uTorrent
2008-02-07 14:54    3,001    --sha-w    C:\Documents and Settings\Petar\ppUser.dat
2008-02-04 20:41    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 19:40    1,409    ----a-w    C:\WINDOWS\Fonts\EngrSans.fot
2008-02-02 22:04    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-01-22 21:39    ---------    d-----w    C:\Program Files\totalcmd
2008-01-19 16:16    1,336    ----a-w    C:\Program Files\INSTALL.LOG
2008-01-19 14:19    ---------    d-----w    C:\Program Files\The Bat!
2008-01-14 15:44    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-14 14:25    ---------    d-----w    C:\Program Files\AlbumArtDownloader
2008-01-13 18:50    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\dBpoweramp
2008-01-13 18:46    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\AccurateRip
2008-01-12 19:58    ---------    d-----w    C:\Program Files\Common Files\Canon
2008-01-12 19:58    ---------    d-----w    C:\Program Files\Canon
2008-01-12 15:23    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\ABBYY
2008-01-08 16:57    ---------    d-----w    C:\Program Files\Java
2008-01-07 21:50    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-07 21:49    ---------    d-----w    C:\Program Files\Nokia
2008-01-07 21:49    ---------    d-----w    C:\Program Files\Common Files\Nokia
2008-01-07 21:49    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Installations
2008-01-07 21:46    ---------    d-----w    C:\Program Files\DIFX
2008-01-07 21:46    ---------    d-----w    C:\Program Files\Common Files\PCSuite
2008-01-07 21:46    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Nokia
2008-01-07 21:46    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-07 21:45    ---------    d-----w    C:\Program Files\PC Connectivity Solution
2008-01-07 21:45    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\PC Suite
2008-01-07 21:29    ---------    d-----w    C:\Program Files\Paragon Software
2008-01-07 21:17    ---------    d-----w    C:\Program Files\TagRename
2007-12-28 21:33    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\MiniLyrics
2007-12-27 18:22    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\vlc
2007-12-27 18:20    ---------    d-----w    C:\Program Files\VideoLAN
2007-12-27 18:16    ---------    d-----w    C:\Program Files\Alcohol Soft
2007-12-27 18:14    715,248    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-12-27 10:23    47,360    ----a-w    C:\Documents and Settings\Petar\Application Data\pcouffin.sys
2007-12-27 10:23    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\Vso
2007-12-24 20:55    47,360    ----a-w    C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-24 20:52    ---------    d-----w    C:\Program Files\The KMPlayer
2007-12-24 20:46    ---------    d-----w    C:\Program Files\Analog Devices
2007-12-24 20:41    ---------    d-----w    C:\Program Files\ffdshow
2007-12-24 20:32    ---------    d-----w    C:\Program Files\Minilyrics
2007-12-24 11:32    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-19 13:42    ---------    d-----w    C:\Program Files\Intelore
2007-12-16 12:27    ---------    d-----w    C:\Documents and Settings\Petar\Application Data\UpdateStar
2007-12-03 15:34    7,680    ----a-w    C:\WINDOWS\system32\ff_vfw.dll
2007-11-30 00:50    451,072    ----a-w    C:\WINDOWS\Radeon Omega Drivers v3.8.413 Uninstall.exe
2007-11-29 11:52    60,273    ----a-w    C:\WINDOWS\system32\pthreadGC2.dll
2007-07-27 11:37    676,224    --sh--w    C:\WINDOWS\system32\ogacheckcontrol.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-27 02:30 62436]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 20:12 176128]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51 233472]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23 3035136]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2006-02-22 01:05 344064]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2007-04-24 20:31 229376]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"!AVG Anti-Spyware"="c:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2008-02-14 01:29 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Petar\Start Menu\Programs\Startup\
The RAS Logger System.lnk - C:\Documents and Settings\Petar\Application Data\Microsoft\Installer\{6D2E7D97-77E7-487B-9466-5233916ADB49}\_26e91eb.exe [2007-11-06 11:48:00 1078]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-05 00:49:13 25214]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-10-05 01:00:40 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qshelf.lnk]
backup=C:\WINDOWS\pss\Qshelf.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Petar^Start Menu^Programs^Startup^Anapod Manager.lnk]
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 19:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 10:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18]
R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 18:20]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 00:28]
S2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S2 MMK_NTD;MMK_NTD;C:\WINDOWS\system32\drivers\MMK_NTD.sys [1996-12-01 01:41]
S2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-10-04 19:17]
S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys [2005-10-27 16:27]
S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai

*Newly Created Service* - P1C1394
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 01:50:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-14  1:51:04
[ Binary Mind @ 14.02.2008. 12:42 ] @
Sad si skroz cist... Bar sto se tice Combofix-a.
[ mister Mrva @ 14.02.2008. 16:02 ] @
Hvala
[ fdoko @ 24.06.2008. 20:12 ] @
molim vas recite mi sta je ovo ukljucio sam ComboFix i ovo je sve pokazao na kraju o cemu je rec?

ComboFix 08-06-20.4 - mls 2008-06-24 20:04:33.4 - NTFSx86
Running from: C:\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
/wow section - STAGE 3

/wow section - STAGE 6
The system cannot find the file Profiles.folder.dat.
The system cannot find the file Programs.Folder.dat.
grep: Startup.Folder.dat: Permission denied
The system cannot find the file Desktop.Folder.dat.
The system cannot find the file Favorites.Folder.dat.
The system cannot find the file StartMenu.Folder.dat.
The system cannot find the file Templates.Folder.dat.
The system cannot find the file Personal.Folder.dat.
The system cannot find the file LocalAppData.folder.dat.
The system cannot find the file MyPictures.folder.dat.
Access is denied.
'Nircmd.exe' is not recognized as an internal or external command
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.

/wow section - STAGE 7
Access is denied.
Access is denied.
Access is denied.

/wow section - STAGE 8
Access is denied.

/wow section - STAGE 9
Access is denied.

/wow section - STAGE 10
Access is denied.
grep: dll_whitelist.dat: Permission denied
Access is denied.
Access is denied.
Access is denied.

/wow section - STAGE 19
Access is denied.
Access is denied.
Access is denied.
Access is denied.

/wow section - STAGE 30
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
SED: can't read Windir.dat: Permission denied
Access is denied.
The system cannot find the file Vundonames.dat.
Could Not Find C:\ComboFix\Vundonames.dat
Access is denied.
Access is denied.
Access is denied.

/wow section - STAGE 32
SED: couldn't open file run.sed: Permission denied
Access is denied.

/wow section - STAGE 38
Access is denied.
SED: can't read d-delA.dat: Permission denied
Access is denied.

/wow section - STAGE 41
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.

/wow section - STAGE 42
Access is denied.

/wow section - STAGE 43
Access is denied.


((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000026A-8230-4DD4-BE4F-6889D1E74167}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
crypt32.dll 2004-08-04 14:00 597504 C:\WINDOWS\system32\crypt32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
cryptnet.dll 2004-08-04 14:00 63488 C:\WINDOWS\system32\cryptnet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
cscdll.dll 2004-08-04 14:00 101888 C:\WINDOWS\system32\cscdll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
wlnotify.dll 2004-08-04 14:00 92672 C:\WINDOWS\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
wlnotify.dll 2004-08-04 14:00 92672 C:\WINDOWS\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
sclgntfy.dll 2004-08-04 14:00 20992 C:\WINDOWS\system32\sclgntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
WlNotify.dll 2004-08-04 14:00 92672 C:\WINDOWS\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
wlnotify.dll 2004-08-04 14:00 92672 C:\WINDOWS\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
wlnotify.dll 2004-08-04 14:00 92672 C:\WINDOWS\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WRNotifier]
WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= C:\WINDOWS\878Map.drv
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MpegTV Station PCITV Remote Control.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MpegTV Station PCITV Remote Control.lnk
backup=C:\WINDOWS\pss\MpegTV Station PCITV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mls^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\mls\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Irmon"=2 (0x2)
"aswUpdSv"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=3 (0x3)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=2 (0x2)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001


.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 22:00:01 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-01 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-01 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-01 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 12:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 13:00:05 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 14:00:03 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-22 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-22 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-22 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-22 18:00:03 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-22 20:00:01 C:\WINDOWS\Tasks\At23.job"

s
Ё!Č.
\- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 22:00:01 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-23 23:00:01 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 00:00:02 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 01:00:01 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 02:00:06 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 00:00:03 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 03:00:01 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 04:00:19 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-05-22 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-06 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-01 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-01 08:00:02 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-01 09:00:01 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-23 10:00:01 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-23 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 12:00:03 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 01:00:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 13:00:07 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 14:00:04 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-22 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-22 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-22 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-22 18:00:04 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-23 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-22 20:00:01 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-23 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\KGnSVQ05.exe
"2008-06-24 02:00:07 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 03:00:02 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-24 04:00:20 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-05-22 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-06 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\545bX5S3.exe
"2008-06-23 21:36:43 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_MLS-39FAC0B5834_mls.job"
- C:\WINDOWS\SYSTEM32\mobsync.exe
"2008-06-23 22:32:05 C:\WINDOWS\Tasks\{F98EA05D-4504-4831-B65A-1628099C53D4}_MLS-39FAC0B5834_mls.job"
- C:\WINDOWS\system32\mobsync.exeH /Schedule=
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 20:13:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


[ Stefan 93 @ 08.07.2008. 13:18 ] @
Što kačite ovde hijack this logove, kad imate sajtove koji to mogu da vam provere? Imate temu sa 3 takva sajta! Ovde vam ko zna ko odgovara, i pitanje da li će vam nešto zeznuti.