moze li neko da mi procita oval log file?
ranije nije ostavljao ovoliki log...
nesto je fix-ovao koliko vidim

ovo je log file from ComboFix...
unapred hvala na strpljenju
PS:rekao je u toku skena da nije mogao pronaci neki AWD ili ADW...nesto...zato i pitam jel ovo ok?
please read me this ok people?

ComboFix 08-03-07.1 - genije 2008-03-07 16:45:11.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1618 [GMT 1:00]
Running from: C:\Documents and Settings\genije\Desktop\ComboFix-scen from DOS.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-02-07 to 2008-03-07  )))))))))))))))))))))))))))))))
.

2008-03-06 23:24 . 2008-03-07 16:33   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-03-06 23:23 . 2008-03-06 23:23   3,705,654   --a------   C:\WINDOWS\ACD Wallpaper.bmp
2008-03-06 23:22 . 2008-03-06 23:23   <DIR>   d--------   C:\Documents and Settings\genije\Application Data\ACD Systems
2008-03-06 23:08 . 2008-03-06 23:08   <DIR>   d--------   C:\Program Files\VisualTaskTips
2008-03-06 23:08 . 2008-03-06 23:08   <DIR>   d--------   C:\Program Files\styler
2008-03-06 23:07 . 2004-08-03 23:56   218,624   --a------   C:\WINDOWS\system32\uxtheme.backup
2008-03-06 23:04 . 2008-03-06 23:08   <DIR>   d--------   C:\WINDOWS\VistaMizer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 10:46   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\avg7
2008-03-07 09:41   ---------   d-----w   C:\Documents and Settings\genije\Application Data\AVG7
2008-03-06 22:59   ---------   d-----w   C:\Documents and Settings\genije\Application Data\MailFrontier
2008-03-06 22:07   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-03-06 21:51   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 21:50   ---------   d-----w   C:\Program Files\MSBuild
2008-03-06 21:50   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-06 21:44   306,432   ----a-w   C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-06 21:44   ---------   d-----w   C:\Program Files\TuneUp Utilities 2008
2008-03-06 21:44   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 21:44   ---------   d-----w   C:\Documents and Settings\genije\Application Data\TuneUp Software
2008-03-06 21:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-06 21:41   ---------   d-----w   C:\Program Files\Webteh
2008-03-06 21:41   ---------   d-----w   C:\Documents and Settings\genije\Application Data\BSplayer Pro
2008-03-06 21:40   ---------   d-----w   C:\Program Files\AltoMP3 Maker
2008-03-06 21:38   ---------   d-----w   C:\Program Files\Common Files\ACD Systems
2008-03-06 21:38   ---------   d-----w   C:\Program Files\ACD Systems
2008-03-06 21:38   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-06 21:36   400,064   ----a-w   C:\WINDOWS\Coke.scr
2008-03-06 21:36   341,102   ----a-w   C:\WINDOWS\Coke.exe
2008-03-06 21:36   29,696   ----a-w   C:\WINDOWS\mickey32.dll
2008-03-06 21:35   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-06 21:35   ---------   d-----w   C:\Program Files\CyberLink
2008-03-06 21:35   ---------   d-----w   C:\Documents and Settings\genije\Application Data\CyberLink
2008-03-06 21:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-06 21:34   ---------   d-----w   C:\Documents and Settings\genije\Application Data\Winamp
2008-03-06 21:33   ---------   d-----w   C:\Program Files\Winamp
2008-03-06 21:29   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-03-06 21:23   ---------   d-----w   C:\Documents and Settings\genije\Application Data\GRETECH
2008-03-06 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-06 21:22   ---------   d-----w   C:\Program Files\XP Codec Pack
2008-03-06 21:22   ---------   d-----w   C:\Program Files\GRETECH
2008-03-06 21:19   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 21:16   ---------   d-----w   C:\Program Files\Zone Labs
2008-03-06 21:13   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2008-03-06 21:13   ---------   d-----w   C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-06 21:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-06 21:09   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-03-06 21:09   ---------   d-----w   C:\Program Files\Ahead
2008-03-06 20:46   ---------   d-----w   C:\Program Files\GDI
2008-03-06 20:46   ---------   d-----w   C:\Program Files\Cyclone PVR
2008-03-06 20:46   ---------   d-----w   C:\Program Files\Conexant
2008-03-06 20:45   ---------   d-----w   C:\Program Files\Windows Media Components
2008-03-06 20:45   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-06 20:42   315,392   ------w   C:\WINDOWS\HideWin.exe
2008-03-06 20:42   ---------   d-----w   C:\Program Files\Realtek
2008-03-06 20:42   ---------   d-----w   C:\Documents and Settings\genije\Application Data\InstallShield
2008-03-06 20:41   15,600   ------w   C:\WINDOWS\gdrv.sys
2008-03-06 20:40   ---------   d-----w   C:\Program Files\Intel
2008-03-06 20:31   ---------   d-----w   C:\Program Files\microsoft frontpage
2007-12-20 09:41   29,440   ----a-w   C:\WINDOWS\system32\uxtuneup.dll
.

------- Sigcheck -------

99945674c9445809f48cb0357d725a80  C:\WINDOWS\system32\wininet.dll
----a-w           801,280 2004-08-03 22:56:48  C:\WINDOWS\system32\wininet.dll
-c--a-w           801,280 2004-08-03 22:56:48  C:\WINDOWS\system32\dllcache\wininet.dll
----a-w           656,384 2004-08-03 22:56:48  C:\WINDOWS\VistaMizer\old\wininet.dll

55aca85eb80e2155e20211aaaddd711a  C:\WINDOWS\system32\winlogon.exe
----a-w           541,696 2004-08-03 22:56:58  C:\WINDOWS\system32\winlogon.exe
-c--a-w           541,696 2004-08-03 22:56:58  C:\WINDOWS\system32\dllcache\winlogon.exe
----a-w           502,272 2004-08-03 22:56:58  C:\WINDOWS\VistaMizer\old\winlogon.exe

98bc2dc6cfc30b7a3501bcf884fa5dc3  C:\WINDOWS\system32\ntkrnlpa.exe
----a-w         2,178,560 2004-08-03 23:05:44  C:\WINDOWS\system32\ntkrnlpa.exe
----a-w         2,015,232 2004-08-03 23:05:44  C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

70b7388bddb9fa71b1e29a051ab78627  C:\WINDOWS\system32\ntoskrnl.exe
----a-w         2,311,680 2004-08-03 21:18:32  C:\WINDOWS\system32\ntoskrnl.exe
----a-w         2,148,352 2004-08-03 21:18:32  C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

b708561748cea933f50f4dd5c1951755  C:\WINDOWS\explorer.exe
----a-w         1,550,336 2004-08-03 22:56:50  C:\WINDOWS\explorer.exe
-c--a-w         1,550,336 2004-08-03 22:56:50  C:\WINDOWS\system32\dllcache\explorer.exe
----a-w         1,032,192 2004-08-03 22:56:50  C:\WINDOWS\VistaMizer\old\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1799168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-07 01:49 8425472]
"nwiz"="nwiz.exe" [2007-03-07 01:49 1622016 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 03:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 03:58 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 03:59 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-07 01:49 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"TvrRemote"="C:\Program Files\Cyclone PVR\Remote.exe" [2005-09-14 11:49 241664]
"TvrSchedule"="C:\Program Files\Cyclone PVR\Schedule.exe" [2005-09-27 19:03 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 22:13 579072]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-06 22:13 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2006-07-31 12:33:50 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-06 21:41]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-06 22:44]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 21:44:29 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 16:45:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\VisualTaskTips\VttHooks.dll
.
Completion time: 2008-03-07 16:46:01
ComboFix-quarantined-files.txt  2008-03-07 15:46:00
ComboFix2.txt  2008-03-06 21:59:37

Fiksovao je i to lepo. Imas ostatke u Registry-ju.
Daj mi HJT log.
Iskljuci ZA i AV i daj mi novi Combo log.

@Ze...
hvala ti na paznji!
Evo ga HJT log...


Logfile of HijackThis v1.99.1
Scan saved at 6:16:04 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Cyclone PVR\Remote.exe
C:\Program Files\Cyclone PVR\Schedule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\genije\Desktop\HijackThis 2008.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [TvrRemote] "C:\Program Files\Cyclone PVR\Remote.exe"
O4 - HKLM\..\Run: [TvrSchedule] "C:\Program Files\Cyclone PVR\Schedule.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FB93444-731F-4CF9-9E75-D34991A03C07}: NameServer = 212.124.160.1 212.124.160.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe





evo ga i log od ComboFix...


ComboFix 08-03-07.1 - genije 2008-03-07 18:18:04.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1583 [GMT 1:00]
Running from: C:\Documents and Settings\genije\Desktop\ComboFix-scen from DOS.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-02-07 to 2008-03-07  )))))))))))))))))))))))))))))))
.

2008-03-07 18:04 . 2008-03-07 18:04   1,353,016   --a------   C:\WINDOWS\system32\vete.dll
2008-03-06 23:24 . 2008-03-07 16:33   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-03-06 23:23 . 2008-03-06 23:23   3,705,654   --a------   C:\WINDOWS\ACD Wallpaper.bmp
2008-03-06 23:22 . 2008-03-06 23:23   <DIR>   d--------   C:\Documents and Settings\genije\Application Data\ACD Systems
2008-03-06 23:08 . 2008-03-06 23:08   <DIR>   d--------   C:\Program Files\VisualTaskTips
2008-03-06 23:08 . 2008-03-06 23:08   <DIR>   d--------   C:\Program Files\styler
2008-03-06 23:07 . 2004-08-03 23:56   218,624   --a------   C:\WINDOWS\system32\uxtheme.backup
2008-03-06 23:04 . 2008-03-06 23:08   <DIR>   d--------   C:\WINDOWS\VistaMizer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 17:04   896,472   ----a-w   C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-03-07 17:04   114,856   ----a-w   C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-03-07 16:34   ---------   d-----w   C:\Documents and Settings\genije\Application Data\AVG7
2008-03-07 16:02   ---------   d-----w   C:\Program Files\Cyclone PVR
2008-03-07 10:46   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\avg7
2008-03-06 22:59   ---------   d-----w   C:\Documents and Settings\genije\Application Data\MailFrontier
2008-03-06 22:07   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-03-06 21:51   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 21:50   ---------   d-----w   C:\Program Files\MSBuild
2008-03-06 21:50   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-06 21:44   306,432   ----a-w   C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-06 21:44   ---------   d-----w   C:\Program Files\TuneUp Utilities 2008
2008-03-06 21:44   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 21:44   ---------   d-----w   C:\Documents and Settings\genije\Application Data\TuneUp Software
2008-03-06 21:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-06 21:41   ---------   d-----w   C:\Program Files\Webteh
2008-03-06 21:41   ---------   d-----w   C:\Documents and Settings\genije\Application Data\BSplayer Pro
2008-03-06 21:40   ---------   d-----w   C:\Program Files\AltoMP3 Maker
2008-03-06 21:38   ---------   d-----w   C:\Program Files\Common Files\ACD Systems
2008-03-06 21:38   ---------   d-----w   C:\Program Files\ACD Systems
2008-03-06 21:38   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-06 21:36   400,064   ----a-w   C:\WINDOWS\Coke.scr
2008-03-06 21:36   341,102   ----a-w   C:\WINDOWS\Coke.exe
2008-03-06 21:36   29,696   ----a-w   C:\WINDOWS\mickey32.dll
2008-03-06 21:35   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-06 21:35   ---------   d-----w   C:\Program Files\CyberLink
2008-03-06 21:35   ---------   d-----w   C:\Documents and Settings\genije\Application Data\CyberLink
2008-03-06 21:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-06 21:34   ---------   d-----w   C:\Documents and Settings\genije\Application Data\Winamp
2008-03-06 21:33   ---------   d-----w   C:\Program Files\Winamp
2008-03-06 21:29   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-03-06 21:23   ---------   d-----w   C:\Documents and Settings\genije\Application Data\GRETECH
2008-03-06 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-06 21:22   ---------   d-----w   C:\Program Files\XP Codec Pack
2008-03-06 21:22   ---------   d-----w   C:\Program Files\GRETECH
2008-03-06 21:19   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 21:16   ---------   d-----w   C:\Program Files\Zone Labs
2008-03-06 21:13   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2008-03-06 21:13   ---------   d-----w   C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-06 21:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-06 21:09   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-03-06 21:09   ---------   d-----w   C:\Program Files\Ahead
2008-03-06 20:46   ---------   d-----w   C:\Program Files\GDI
2008-03-06 20:46   ---------   d-----w   C:\Program Files\Conexant
2008-03-06 20:45   ---------   d-----w   C:\Program Files\Windows Media Components
2008-03-06 20:45   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-06 20:42   315,392   ------w   C:\WINDOWS\HideWin.exe
2008-03-06 20:42   ---------   d-----w   C:\Program Files\Realtek
2008-03-06 20:42   ---------   d-----w   C:\Documents and Settings\genije\Application Data\InstallShield
2008-03-06 20:41   15,600   ------w   C:\WINDOWS\gdrv.sys
2008-03-06 20:40   ---------   d-----w   C:\Program Files\Intel
2008-03-06 20:31   ---------   d-----w   C:\Program Files\microsoft frontpage
2007-12-20 09:41   29,440   ----a-w   C:\WINDOWS\system32\uxtuneup.dll
.

------- Sigcheck -------

99945674c9445809f48cb0357d725a80  C:\WINDOWS\system32\wininet.dll
----a-w           801,280 2004-08-03 22:56:48  C:\WINDOWS\system32\wininet.dll
-c--a-w           801,280 2004-08-03 22:56:48  C:\WINDOWS\system32\dllcache\wininet.dll
----a-w           656,384 2004-08-03 22:56:48  C:\WINDOWS\VistaMizer\old\wininet.dll

55aca85eb80e2155e20211aaaddd711a  C:\WINDOWS\system32\winlogon.exe
----a-w           541,696 2004-08-03 22:56:58  C:\WINDOWS\system32\winlogon.exe
-c--a-w           541,696 2004-08-03 22:56:58  C:\WINDOWS\system32\dllcache\winlogon.exe
----a-w           502,272 2004-08-03 22:56:58  C:\WINDOWS\VistaMizer\old\winlogon.exe

98bc2dc6cfc30b7a3501bcf884fa5dc3  C:\WINDOWS\system32\ntkrnlpa.exe
----a-w         2,178,560 2004-08-03 23:05:44  C:\WINDOWS\system32\ntkrnlpa.exe
----a-w         2,015,232 2004-08-03 23:05:44  C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

70b7388bddb9fa71b1e29a051ab78627  C:\WINDOWS\system32\ntoskrnl.exe
----a-w         2,311,680 2004-08-03 21:18:32  C:\WINDOWS\system32\ntoskrnl.exe
----a-w         2,148,352 2004-08-03 21:18:32  C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

b708561748cea933f50f4dd5c1951755  C:\WINDOWS\explorer.exe
----a-w         1,550,336 2004-08-03 22:56:50  C:\WINDOWS\explorer.exe
-c--a-w         1,550,336 2004-08-03 22:56:50  C:\WINDOWS\system32\dllcache\explorer.exe
----a-w         1,032,192 2004-08-03 22:56:50  C:\WINDOWS\VistaMizer\old\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1799168]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-07 01:49 8425472]
"nwiz"="nwiz.exe" [2007-03-07 01:49 1622016 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 03:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 03:58 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 03:59 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-07 01:49 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"TvrRemote"="C:\Program Files\Cyclone PVR\Remote.exe" [2005-09-14 11:49 241664]
"TvrSchedule"="C:\Program Files\Cyclone PVR\Schedule.exe" [2005-09-27 19:03 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 22:13 579072]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-06 22:13 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2006-07-31 12:33:50 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-06 21:41]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-06 22:44]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 16:28:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 18:18:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\VisualTaskTips\VttHooks.dll
.
Completion time: 2008-03-07 18:18:59
ComboFix-quarantined-files.txt  2008-03-07 17:18:57
ComboFix2.txt  2008-03-07 15:46:02
ComboFix3.txt  2008-03-06 21:59:37

note: ComboFix opet javlja da nemoze da nadje neki AWF...

Oba loga su cista.
Udji u safe mode i pokreni registry cleaner ili system mechanic.

xocu,hvala ti