combogfix me je obavestio da nemam recovery sistem i pitao dali da ga download-ujem i instaliram,prihvatio sam i on je sve zavrsio i postavio log.
kada kada je zavrsio combofix proverim pc i vidim sve se vratilo u normalu cak i recovery sistem ima tacke pre havarije.
e sada evo loga eventualno ako ima nesto da se fix-uje ako ne kazi mi kako se deinstalira combofix!!!
ComboFix 10-01-23.06 - Korisnik 24.01.2010 17:33:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2047.1514 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\NTVBSvcW.tlb
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 14:40 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 14:40 . 2010-01-24 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 14:40 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 23:49 . 2010-01-23 23:52 -------- d-----w- C:\!KillBox
2010-01-23 21:46 . 2010-01-23 21:46 -------- d-----w- c:\program files\MSXML 6.0
2010-01-23 18:40 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-23 18:40 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-23 18:40 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-23 18:40 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-23 18:40 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-23 18:40 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-23 18:40 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-23 18:40 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-23 18:40 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-23 18:40 . 2004-08-03 23:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-23 18:38 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-23 18:37 . 2004-08-03 21:41 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-01-23 18:36 . 2004-08-03 22:00 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2010-01-23 18:36 . 2001-08-17 12:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-01-23 18:36 . 2001-08-17 12:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-01-23 18:36 . 2001-08-17 12:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2010-01-23 18:36 . 2004-08-03 23:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-01-23 18:36 . 2001-08-17 21:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-01-23 18:36 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-01-23 18:36 . 2001-08-17 12:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-01-23 18:36 . 2004-08-03 22:00 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2010-01-23 18:36 . 2001-08-17 12:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-01-23 18:36 . 2001-08-17 12:53 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2010-01-23 18:36 . 2001-08-17 12:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-01-23 18:34 . 2004-08-03 23:56 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-01-23 18:33 . 2001-08-17 12:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-01-23 18:32 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-23 18:31 . 2001-08-17 21:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-01-23 18:30 . 2001-08-17 11:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2010-01-23 18:29 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-23 18:28 . 2004-08-03 23:56 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2010-01-23 18:27 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-23 16:28 . 2010-01-23 16:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-23 15:32 . 2010-01-23 15:32 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-22 23:59 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-22 23:59 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-22 23:59 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 23:59 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-22 23:59 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-22 23:59 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-22 23:59 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-22 23:59 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-22 23:59 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-22 20:44 . 2010-01-22 20:44 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Sophos
2010-01-22 20:41 . 2010-01-22 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-01-22 18:38 . 2010-01-22 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-22 18:37 . 2010-01-22 20:01 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com
2010-01-21 23:39 . 2010-01-21 23:54 -------- d-----w- c:\program files\IKARUS
2010-01-21 22:20 . 2010-01-21 22:58 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Webroot
2010-01-21 21:36 . 2010-01-21 21:36 -------- d-----w- c:\program files\Common Files\Skype
2010-01-21 19:42 . 2010-01-21 21:11 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-21 19:02 . 2010-01-21 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-21 19:01 . 2010-01-21 21:12 -------- d-----w- c:\program files\Common Files\BitDefender
2010-01-21 18:15 . 2010-01-21 18:15 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Panda Security
2010-01-21 18:09 . 2010-01-21 18:09 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-01-21 18:09 . 2010-01-21 18:09 -------- d-----w- c:\program files\Panda Security
2010-01-20 21:17 . 2010-01-21 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-20 20:23 . 2010-01-20 21:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-14 12:04 . 2010-01-14 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\D167
2010-01-14 10:15 . 2010-01-14 10:15 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Media Player Classic
2010-01-14 10:14 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-14 10:14 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-14 10:14 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-14 10:14 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-01-14 10:14 . 2010-01-14 12:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-14 09:47 . 2010-01-14 09:47 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-01-14 09:47 . 2010-01-14 09:47 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-01-14 09:47 . 2010-01-14 10:25 -------- d-----w- c:\program files\DScaler5
2010-01-14 09:47 . 2010-01-14 10:25 -------- d-----w- c:\program files\AC3Filter
2010-01-14 09:46 . 2010-01-14 10:24 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-01-14 08:17 . 2010-01-14 10:24 -------- d-----w- c:\program files\DirectVobSub
2010-01-14 08:17 . 2010-01-14 08:46 -------- d-----w- c:\program files\Haali
2010-01-14 08:17 . 2010-01-14 08:17 -------- d-----w- c:\program files\Bass Audio Decoder
2010-01-14 08:14 . 2010-01-14 09:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\vlc
2010-01-14 07:47 . 2010-01-14 09:37 -------- d-----w- c:\program files\Ringz Studio
2010-01-05 13:21 . 2010-01-05 13:21 -------- d-----w- c:\program files\MSECache
2010-01-05 11:04 . 2010-01-05 11:04 -------- d-----w- c:\program files\WinDjView
2009-12-30 19:01 . 2009-12-30 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2009-12-30 11:55 . 2010-01-23 19:50 -------- d-----w- c:\windows\system32\NtmsData
2009-12-29 23:42 . 2009-12-29 23:46 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Audacity
2009-12-29 23:42 . 2009-12-29 23:42 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-12-29 23:21 . 2009-12-29 23:21 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\RadarSync
2009-12-29 23:21 . 2009-12-09 09:26 458664 ----a-w- c:\documents and settings\All Users\Application Data\iolo\IRestartStub.exe
2009-12-29 23:20 . 2009-12-29 23:20 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-29 23:14 . 2009-12-29 23:25 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Disk Cleaner
2009-12-29 23:08 . 2009-12-29 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-12-29 23:08 . 2009-12-29 23:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\iolo
2009-12-26 23:31 . 2010-01-23 16:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-26 23:31 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-26 23:31 . 2010-01-23 16:29 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-26 00:08 . 2010-01-21 12:07 44672 ----a-w- c:\windows\system32\drivers\SDTHOOK.SYS
2009-12-25 23:49 . 2009-12-25 23:49 524288 ----a-w- c:\windows\system32\Symantec Threat Monitor, Powered By DeepSight.scr
2009-12-25 23:49 . 2009-12-25 23:49 34304 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Symantec Threat Monitor, Powered By DeepSight\saver1.dll
2009-12-25 23:49 . 2009-12-25 23:49 18192 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Symantec Threat Monitor, Powered By DeepSight\saver2.dll
2009-12-25 23:49 . 2009-12-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2009-12-25 23:49 . 2009-12-25 23:50 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Screentime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 15:45 . 2009-10-21 22:35 -------- d-----w- c:\program files\a-squared Free
2010-01-23 21:36 . 2009-10-02 15:30 -------- d-----w- c:\program files\geswall
2010-01-23 16:28 . 2009-06-27 19:44 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-01-23 15:31 . 2008-09-26 13:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 15:27 . 2009-11-07 22:10 -------- d-----w- c:\program files\Nexus Radio
2010-01-22 22:59 . 2009-03-09 10:05 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Skype
2010-01-22 22:58 . 2009-03-09 10:08 -------- d-----w- c:\documents and settings\Korisnik\Application Data\skypePM
2010-01-21 22:59 . 2009-12-10 21:57 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-21 21:36 . 2009-03-09 10:04 -------- d-----r- c:\program files\Skype
2010-01-21 21:36 . 2009-03-09 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-21 18:09 . 2009-12-14 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-01-20 19:12 . 2008-12-03 18:35 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2010-01-17 19:04 . 2009-08-22 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-01-14 17:41 . 2008-06-05 17:26 -------- d-----w- c:\documents and settings\Korisnik\Application Data\ZoomBrowser EX
2010-01-14 10:35 . 2008-12-17 18:06 -------- d-----w- c:\program files\Common Files\Real
2010-01-05 13:23 . 2008-05-21 13:07 69032 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 18:09 . 2009-10-16 21:53 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2009-12-29 22:15 . 2009-09-12 14:37 504024 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-17 22:33 . 2008-10-07 20:04 65144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 23:14 . 2009-12-14 23:14 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-14 16:32 . 2009-07-28 10:03 -------- d-----w- c:\program files\Panda USB Vaccine
2009-12-12 14:15 . 2003-05-15 06:39 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-12 07:20 . 2009-09-22 12:41 -------- d-----w- c:\program files\Unlocker
2009-12-10 22:42 . 2009-12-10 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2009-12-08 00:02 . 2009-12-08 00:02 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SpamBayes
2009-11-28 13:54 . 2009-11-28 13:53 868352 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2009-11-28 13:54 . 2009-11-28 13:53 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2009-11-28 13:54 . 2009-11-28 13:53 1712128 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2009-11-28 13:54 . 2009-11-28 13:53 640000 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2009-11-26 18:26 . 2009-01-05 10:48 -------- d-----w- c:\program files\Opera 10 Preview
2009-11-19 19:36 . 2009-11-19 19:36 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-11-19 19:36 . 2009-11-19 19:36 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-11-19 00:32 . 2009-11-19 00:31 6147544 ----a-w- c:\documents and settings\Korisnik\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-11-07 22:10 . 2009-11-07 22:10 126976 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{3050C7C3-DA0C-4DE8-AF7C-AB0BA152C0D7}\NewShortcut3_3578F861852C40E8B00D3E8FBA99B79A.exe
2009-11-07 22:10 . 2009-11-07 22:10 126976 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{3050C7C3-DA0C-4DE8-AF7C-AB0BA152C0D7}\NewShortcut1_3578F861852C40E8B00D3E8FBA99B79A.exe
2009-11-07 22:10 . 2009-11-07 22:10 10134 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{3050C7C3-DA0C-4DE8-AF7C-AB0BA152C0D7}\ARPPRODUCTICON.exe
2009-11-05 19:00 . 2009-11-05 19:00 164 ----a-w- c:\windows\install.dat
2009-10-30 15:18 . 2009-10-30 15:18 146952 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2009-08-16 20:07 . 2009-08-16 19:54 2 --shatr- c:\windows\winstart.bat
2009-06-11 16:42 . 2009-06-11 16:42 21 --sha-r- c:\windows\system32\101207.cmd
2009-08-24 13:23 . 2009-08-24 13:19 80 --sh--r- c:\windows\system32\224A26C87A.dll
2009-06-11 16:42 . 2009-06-11 16:42 83 --sha-r- c:\windows\system32\9055.vbs
2009-06-11 16:42 . 2009-06-11 16:42 17 --sha-r- c:\windows\system32\config\101007.cmd
2009-06-11 16:42 . 2009-06-11 16:42 21 --sha-r- c:\windows\system32\config\101207.cmd
2009-06-11 16:42 . 2009-06-11 16:42 83 --sha-r- c:\windows\system32\config\9055.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Neobee Speeedy Internet Accelerator.lnk]
backup=c:\windows\pss\Neobee Speeedy Internet Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^_uninstall_is-1F4TO.bat]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicSchedule
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneRecorderPlus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2009-03-16 20:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-08-18 15:58 49152 ----a-w- c:\windows\Domino.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-08-03 12:36 419088 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-02-10 15:00 1937408 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2009-09-15 18:49 4745216 ----a-w- c:\program files\Nexus Radio\Nexus Radio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-02-09 14:34 159744 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-12 17:16 65536 ----a-w- c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startccc]
2009-03-17 19:24 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2006-11-26 18:30 97357 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-17 18:06 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 10:06 57344 ----a-w- c:\windows\ZSSnp211.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"CLCapSvc"=2 (0x2)
"MDM"=2 (0x2)
"CCALib8"=2 (0x2)
"uxtuneup"=2 (0x2)
"tuneup.programstatisticssvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"IS360service"=2 (0x2)
"SPIDERNT"=2 (0x2)
"DrWebEngine"=2 (0x2)
"RichVideo"=2 (0x2)
"OAcat"=2 (0x2)
"MBAMService"=2 (0x2)
"a2free"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13.2.2009 10:33 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.1.2010 0:59 114768]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [13.10.2009 15:50 114312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.1.2010 0:59 20560]
R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [26.8.2009 20:49 3424]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30.10.2009 17:29 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [30.10.2009 16:18 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13.10.2009 15:50 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13.10.2009 15:50 101512]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [13.4.2009 20:44 6852]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [21.5.2008 14:30 2831232]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [21.5.2008 15:41 469935]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.12.2008 15:56 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.12.2008 15:56 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.12.2008 15:56 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [10.12.2008 15:56 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [10.12.2008 15:56 86368]
S3 NTGUARD;NTGUARD;\??\c:\program files\IKARUS\virus.utilities\bin\NTGUARD.SYS --> c:\program files\IKARUS\virus.utilities\bin\NTGUARD.SYS [?]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [20.8.2009 14:54 92464]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys --> c:\windows\system32\drivers\vvftav211.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [28.1.2009 19:07 1534464]
S4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [21.10.2009 23:35 1858144]
S4 TZKESOAZ;TZKESOAZ; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-24 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-07-28 15:45]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\6oxf5fhd.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-AdobeUpdater - :c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe
MSConfigStartUp-PWRISOVM - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-01-24 17:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-24 17:37:35
ComboFix-quarantined-files.txt 2010-01-24 16:37
Pre-Run: 30.907.056.128 bytes free
Post-Run: 30.931.251.200 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - C9205376E23581ABDF6800E251DDE54B