E evo sad zavrsilo skeniranje.

Malwarebytes' Anti-Malware 1.41
Verzija baze podataka: 3218
Windows 5.1.2600 Service Pack 2 (Safe Mode)

11/24/2009 11:17:39 AM
mbam-log-2009-11-24 (11-17-39).txt

Tip skeniranja: Kompletno Skeniranje (C:\|D:\|)
Skeniranih objekata: 186503
Proteklo vreme: 1 hour(s), 33 minute(s), 28 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 2
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
(Maliciozne stavke nisu detektovane)

I ponovo mi sam  pali msn i koci

kakva je ovo masina na kojoj nemas ni firewall ni anti-virus .. nije mi samo jasno .. klot sistem .. gde je harware gde je software .. drajveri .. digo si masinu i instalirao browser, msn i modem .. ili ja ne znam kakav je ovo log .. neki skraceni .. ili neki test za modove ovde..

skini sa neta Kaspersky antivirus, ili KIS, noviji neki, da ga ne bi updateovao dva milenijuma. Kad se skine pokreni ga, izaberi trial key od mesec dana i pokreni update baze, kad zavrsi sa updateom baze, pokreni scan i pusti ga da odradi. Brisi sve sta nadje. Omoguci ga da se dize sa sistemom i nek te cuva bar tih mesec dana. Kad istekne mesec dana, obzirom da je piraterija zabranjena, pricacemo na pp ako je potrebno, mada mislim da si dovoljno snalazljiv da to sam resis 
 
digni masinu u safe mode-u, u safe modu pokreni HJT, fiksuj ovo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
O4 - HKLM\..\Run: [WMI RPC Server] C:\WINDOWS\system32\wmisrpc.exe

Digni masinu u normal modu
Skini sa neta Combofix, preuzmi ga odavde, imas dva linka pa biraj
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
imas detaljan opis kako da pokrenes Combofix i tako i uradi. Deo sa Recovery Konzlom preskoci, jer je (verovatno) imas instaliranu, osim ako te pita da je instaliras pa je instaliraj ... Kad skripta zavrsi skeniranje i popravi unose, sacuvaj log kako je i opisano, pa ces ga staviti ovde nama da vidimo.

dakle kad combo zavrsi daj log i daj novi hjt log iz normal moda

Evo log sa Combo fix

ComboFix 09-11-23.04 - Stefan 11/25/2009  4:28.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2303.2014 [GMT -8:00]
Running from: c:\documents and settings\Stefan\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-7098453742-2117101659-700996965-4950

.
(((((((((((((((((((((((((   Files Created from 2009-10-25 to 2009-11-25  )))))))))))))))))))))))))))))))
.

2009-11-25 06:46 . 2009-11-25 06:46   932368   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-25 06:46 . 2009-11-25 06:46   678416   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-25 06:46 . 2009-11-25 06:46   604688   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-25 06:46 . 2009-11-25 06:46   522768   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-25 06:46 . 2009-11-25 06:46   1096208   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-24 21:20 . 2009-11-24 21:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-24 15:33 . 2009-11-24 15:35   --------   d-----w-   c:\windows\system32\NtmsData
2009-11-24 13:38 . 2009-11-24 13:38   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-11-24 13:37 . 2009-11-24 13:37   152576   --sha-w-   C:\mscmq.exe
2009-11-24 13:34 . 2009-11-24 13:34   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-11-23 22:02 . 2009-11-23 22:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
2009-11-22 10:07 . 2009-11-22 10:18   --------   d-----w-   c:\documents and settings\Stefan\Application Data\Winamp
2009-11-22 10:07 . 2009-11-22 10:10   --------   d-----w-   c:\program files\Winamp
2009-11-21 22:13 . 2009-11-24 17:01   --------   d-----w-   c:\documents and settings\Stefan\Local Settings\Application Data\BearShare
2009-11-21 22:11 . 2009-11-21 22:11   --------   d-----w-   c:\program files\BearShare Applications
2009-11-19 11:24 . 2004-08-04 07:08   26496   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
2009-11-18 23:39 . 2009-11-18 23:39   --------   d-----w-   c:\documents and settings\Stefan\Application Data\Malwarebytes
2009-11-18 23:39 . 2009-09-10 22:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 23:38 . 2009-11-18 23:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-18 23:38 . 2009-11-18 23:39   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-18 23:38 . 2009-09-10 22:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-18 23:11 . 2009-11-25 12:45   --------   d-----w-   c:\documents and settings\Stefan\Tracing
2009-11-18 23:07 . 2009-11-18 23:07   --------   d-----w-   c:\program files\Microsoft
2009-11-18 23:07 . 2009-11-18 23:07   --------   d-----w-   c:\program files\Windows Live SkyDrive
2009-11-18 23:06 . 2009-11-18 23:07   --------   d-----w-   c:\program files\Windows Live
2009-11-18 22:57 . 2009-11-18 22:57   --------   d-----w-   c:\program files\Common Files\Windows Live
2009-11-18 22:51 . 2009-11-18 22:51   --------   d-----w-   c:\documents and settings\Stefan\Application Data\Media Player Classic
2009-11-18 22:46 . 2009-11-18 22:46   0   ----a-w-   c:\windows\nsreg.dat
2009-11-18 22:46 . 2009-11-18 22:46   --------   d-----w-   c:\documents and settings\Stefan\Local Settings\Application Data\Mozilla
2009-11-18 22:40 . 2005-02-25 03:35   22752   ----a-w-   c:\windows\system32\spupdsvc.exe
2009-11-18 22:40 . 2009-11-24 16:18   --------   d--h--w-   c:\windows\$hf_mig$
2009-11-18 22:35 . 2001-05-14 18:26   155648   ----a-w-   c:\windows\878Map.drv
2009-11-18 22:35 . 2009-11-18 22:35   --------   d-----w-   c:\program files\KWorld
2009-11-18 22:29 . 2001-03-02 04:08   36867   ----a-r-   c:\windows\FindCD.exe
2009-11-18 22:29 . 1999-07-21 09:28   13308   ----a-r-   c:\windows\system32\drivers\btxbar.sys
2009-11-18 22:29 . 2001-03-07 10:30   18944   ----a-r-   c:\windows\system32\drivers\bttuner.sys
2009-11-18 22:28 . 2001-11-06 06:20   265512   ----a-r-   c:\windows\system32\drivers\BT848.sys
2009-11-18 22:27 . 2009-11-18 22:27   --------   d-----w-   c:\documents and settings\Stefan\WINDOWS
2009-11-18 22:23 . 2009-11-18 22:24   --------   d-----w-   C:\VP-EYE
2009-11-18 22:19 . 2009-11-18 23:11   12912   ----a-w-   c:\documents and settings\Stefan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-18 22:07 . 2009-04-28 20:20   44944   ------w-   c:\windows\system32\drivers\PxHelp20.sys
2009-11-18 22:07 . 2007-03-07 23:51   9336   ------w-   c:\windows\system32\drivers\cdr4_xp.sys
2009-11-18 22:07 . 2007-03-07 23:51   9464   ------w-   c:\windows\system32\drivers\cdralw2k.sys
2009-11-18 22:06 . 2009-04-28 20:20   129520   ------w-   c:\windows\system32\pxafs.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 12:45 . 2009-11-24 21:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-25 06:44 . 2009-11-25 06:44   397328   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2009-11-25 06:44 . 2009-11-25 06:44   19472   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2009-11-25 06:44 . 2009-11-25 06:44   109072   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-11-25 06:44 . 2009-11-25 06:44   315408   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-11-25 06:44 . 2009-11-25 06:44   397328   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2009-11-25 06:44 . 2009-11-25 06:44   109072   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-11-25 06:44 . 2009-11-25 06:44   17936   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2009-11-25 06:44 . 2009-11-25 06:44   315408   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-11-24 21:32 . 2009-11-24 21:32   108059   ----a-w-   c:\windows\system32\drivers\klin.dat
2009-11-24 21:32 . 2009-11-24 21:32   95259   ----a-w-   c:\windows\system32\drivers\klick.dat
2009-11-24 21:25 . 2009-11-24 21:25   --------   d-----w-   c:\program files\Kaspersky Lab
2009-11-19 21:13 . 2009-11-18 21:02   76487   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-18 22:51 . 2009-11-18 22:49   --------   d-----w-   c:\program files\K-Lite Codec Pack
2009-11-18 22:21 . 2009-11-18 21:45   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-11-18 21:50 . 2009-11-18 21:50   31   ----a-w-   c:\windows\system32\drivers\adidsl.cfg
2009-11-18 21:50 . 2009-11-18 21:50   --------   d-----w-   c:\program files\SAGEM
2009-11-18 21:50 . 2009-11-18 21:50   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-11-18 21:38 . 2009-11-18 21:38   --------   d-----w-   c:\program files\Alwil Software
2009-11-18 21:03 . 2009-11-18 21:03   --------   d-----w-   c:\program files\microsoft frontpage
2009-11-18 20:59 . 2009-11-18 20:59   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-11-09 18:00 . 2009-11-18 22:49   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
2009-10-21 04:34 . 2009-10-21 04:34   219664   ----a-w-   c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54   59992   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-15 05:18 . 2009-10-15 05:18   36880   ----a-w-   c:\windows\system32\drivers\klbg.sys
2009-10-03 03:39 . 2009-10-03 03:39   19472   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2009-09-14 22:42 . 2009-09-14 22:42   32272   ----a-w-   c:\windows\system32\drivers\klim5.sys
2009-09-10 03:01 . 2009-09-10 03:01   27675   ----a-w-   c:\windows\system32\drivers\klopp.dat
2009-09-01 23:29 . 2009-09-01 23:29   128016   ----a-w-   c:\windows\system32\drivers\kl1.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-03 63555]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-09-05 77056]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2001-11-06 265512]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-03-07 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [1999-07-21 13308]
S3 DivioUSBDCam;CMOS 330K Rev. 2.20;c:\windows\system32\DRIVERS\pcam.sys [2000-12-01 179468]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2009-09-14 32272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
TCP: {3D1CF411-FE66-42FE-A3AE-2F24342C3E02} = 194.106.162.10 194.106.162.3
FF - ProfilePath - c:\documents and settings\Stefan\Application Data\Mozilla\Firefox\Profiles\c3hxghhp.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BearShare - c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe c:\program files\BearShare Applications\BearShare\UnwiseLauncher.exe
AddRemove-CMOS 330K Rev. 2.20 - c:\windows\pcamrm.exe SC-630
AddRemove-HijackThis - c:\documents and settings\Stefan\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 04:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d9,07,0b,00,03,00,12,00,15,00,0b,00,31,00,de,02
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-11-25 04:55 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-25 12:55

Pre-Run: 28,730,798,080 bytes free
Post-Run: 28,756,316,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 11B235C063C37AD6B3C3E2B2663D0B9D

I log sa Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:17 AM, on 11/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Stefan\My Documents\Downloads\burek123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1CF411-FE66-42FE-A3AE-2F24342C3E02}: NameServer = 194.106.162.10 194.106.162.3
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

--
End of file - 2776 bytes

I da zaboravio sam da kazem pre ovoga sam skenirao ceo komp sa KIS 2010 i nasao je 25 trojanaca i crva i sve to je izbrisano

deinstaliraj plugin za bearshare u firefox-u i kazi mi jel se i sada problem ponavlja?

Nisam nasao pluin za Bear share ali sam ga uinstalirao i onako mi ne treba

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:05 PM, on 11/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Stefan\My Documents\Downloads\burek123.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1CF411-FE66-42FE-A3AE-2F24342C3E02}: NameServer = 194.106.162.10 194.106.162.3
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

--
End of file - 2263 bytes

Kakvo je sada stanje?

Sad  je super Mnooogoo je bolje nego pre ne koci nista i mnogo  je brze.
Hvala vam svima na pomoci