Virus kojeg ESS4 ne može obrisati i usporen rad kompa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav, nemam pojma kako je uletio ESS4 mi je stalno uključen, ne znam tačno o kojem virusu se radi, evo log ESS pa pogledajte mycity.rs/must-login.png (mada vam ovaj log i ne treba pretjerano, možete vidjeti iz ostalih logova, ali eto)
, uglavnom 3 je našao dva izbrisao jedan ostao, taj što je ostao nalazi se na particiji D: kada se gleda iz XP-a, a to je Vista(ta D: particija) jer imam db.
Znači koristim ESS4 na oba os-a, ESS4 su redovno updateovani, internet konekcije je kablovski net 2,5mbps i 512kbps uploada. Kompjuter je za nijansu sporiji nego inače. Izvolite i logove


DDS (Ver_09-12-01.01) - NTFSx86
Run by NediM&UnA at 19:29:06,93 on źet 31.12.2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.387.1033.18.1527.730 [GMT 1:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\NediM&UnA\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live Pomoc za prijavu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {5D3E1576-9E60-4913-B16A-56383F0E4C8E} = 91.191.38.7 91.191.38.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nedim&~1\appdata\roaming\mozilla\firefox\profiles\w7tc6gqi.default\
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-1-28 185640]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2009-12-5 179712]

=============== Created Last 30 ================

2009-12-30 20:41:57 6144 --sha-w- c:\windows\system32\access.ctl
2009-12-30 20:41:49 0 d-----w- c:\program files\Audio CD Maker
2009-12-30 20:28:59 0 d-----w- c:\program files\AltoMP3 Gold
2009-12-30 20:20:57 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-12-25 14:21:30 0 d-----w- c:\users\nedim&~1\appdata\roaming\uTorrent
2009-12-25 14:01:05 0 d-----w- c:\program files\Jufsoft
2009-12-25 13:24:40 68232 ----a-w- c:\windows\UnDeployV.exe
2009-12-25 13:13:21 0 d-----w- c:\program files\DiskInternals
2009-12-24 18:42:10 0 d-----w- c:\users\nedim&~1\appdata\roaming\ZipGenius
2009-12-22 17:07:02 0 d-----w- c:\program files\Luxor Amun Rising
2009-12-22 17:06:53 0 d-----w- c:\program files\ReflexiveArcade
2009-12-19 11:15:44 0 d-----w- c:\windows\system32\eu-ES
2009-12-19 11:15:44 0 d-----w- c:\windows\system32\ca-ES
2009-12-19 11:15:33 0 d-----w- c:\windows\system32\vi-VN
2009-12-19 11:10:53 0 d-----w- c:\windows\system32\SPReview
2009-12-19 10:53:43 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-12-19 10:53:31 57856 ----a-w- c:\windows\system32\compcln.exe
2009-12-19 10:51:59 1591296 ----a-w- c:\windows\system32\setupapi.dll
2009-12-19 10:50:59 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-12-19 10:49:59 83456 ----a-w- c:\windows\system32\SMBHelperClass.dll
2009-12-19 10:44:40 0 d-----w- c:\windows\system32\EventProviders
2009-12-19 08:24:19 0 d-----w- c:\windows\system32\appmgmt
2009-12-19 08:19:59 0 d-----w- c:\programdata\VistaCodecs
2009-12-18 20:48:53 0 d-----w- c:\program files\The KMPlayer
2009-12-16 16:58:34 0 d-----w- c:\program files\CCleaner
2009-12-16 16:43:28 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-16 16:43:24 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-16 16:43:21 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-12-16 16:43:17 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-16 16:43:11 0 d-----w- c:\users\nedim&~1\appdata\roaming\TuneUp Software
2009-12-16 16:42:22 0 d-----w- c:\program files\TuneUp Utilities 2009
2009-12-16 16:42:21 0 d-----w- c:\programdata\TuneUp Software
2009-12-16 16:41:20 0 d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-12-12 12:44:08 0 d-----w- c:\program files\ZipGenius 5
2009-12-12 12:18:56 266293 ----a-w- c:\windows\system\MSVCRT.DLL
2009-12-12 11:33:17 0 d-----w- c:\users\nedim&~1\appdata\roaming\TeamViewer
2009-12-12 11:33:10 0 d-----w- c:\program files\TeamViewer
2009-12-12 11:32:37 0 d-----w- c:\users\nedim&una\temp
2009-12-12 11:26:20 0 d-----w- c:\program files\uTorrent
2009-12-12 11:19:51 32768 ----a-w- c:\windows\system32\wnaspi32.dll
2009-12-12 11:18:19 0 d-----w- c:\program files\common files\Xing Shared
2009-12-12 11:18:17 995383 ----a-w- c:\windows\system32\temp.000
2009-12-12 11:18:17 317952 ----a-w- c:\windows\system32\Roboex32.dll
2009-12-12 11:18:17 0 d-----w- c:\program files\Xing
2009-12-11 20:37:46 0 d-----w- c:\programdata\Nero
2009-12-11 20:37:46 0 d-----w- c:\program files\Nero
2009-12-11 20:37:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-11 20:20:10 0 d-----w- c:\programdata\{342DB4AA-29BF-43ED-9286-D8D3C134C6C2}
2009-12-11 20:20:09 0 d-----w- c:\program files\NeoSmart Technologies
2009-12-06 16:06:54 0 d-----w- c:\programdata\Adobe
2009-12-05 19:55:28 0 d-----w- C:\PerfLogs
2009-12-05 19:14:49 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-12-05 19:14:44 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-12-05 19:14:17 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-12-05 19:12:59 95232 ----a-w- c:\windows\system32\migisol.dll
2009-12-05 19:11:59 6144 ----a-w- c:\windows\system32\drivers\beep.sys
2009-12-05 19:10:59 22016 ----a-w- c:\windows\system32\wmpcm.dll
2009-12-05 19:07:22 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-12-05 19:04:49 131072 ----a-w- c:\windows\SPInstall.etl
2009-12-05 18:59:21 0 d-----w- c:\windows\pss

==================== Find3M ====================

2009-12-19 11:24:29 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-19 11:24:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-19 11:24:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-19 11:15:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-19 11:05:36 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-05 20:07:44 174 --sha-w- c:\program files\desktop.ini
2009-12-05 19:40:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-12-05 19:40:39 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-20 17:07:35 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:29:32,36 ===============


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-12-31.08 - NediM&UnA 01.01.2010 11:08:49.1.1 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.387.1033.18.1527.717 [GMT 1:00]
Running from: c:\users\NediM
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\recycler\S-1-5-21-1715567821-1972579041-839522115-1003
c:\users\NediM&UnA\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\users\NediM&UnA\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[1].tmp
c:\users\NediM&UnA\AppData\Local\Microsoft\Windows\Temporary Internet Files\udRemove.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 10:17 . 2010-01-01 10:18 -------- d-----w- c:\users\NediM&UnA\AppData\Local\temp
2010-01-01 10:17 . 2010-01-01 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-01 10:08 . 2010-01-01 10:08 -------- d-----w- c:\users\NediM&UnA\AppData\Local\ESET
2009-12-30 20:41 . 2009-12-30 20:43 -------- d-----w- c:\program files\Audio CD Maker
2009-12-30 20:28 . 2009-12-30 20:36 -------- d-----w- c:\program files\AltoMP3 Gold
2009-12-30 20:20 . 2002-01-05 14:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-12-25 14:21 . 2009-12-25 14:26 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\uTorrent
2009-12-25 14:01 . 2009-12-25 14:01 -------- d-----w- c:\program files\Jufsoft
2009-12-25 13:24 . 2009-02-09 02:10 68232 ----a-w- c:\windows\UnDeployV.exe
2009-12-25 13:13 . 2009-12-25 13:58 -------- d-----w- c:\program files\DiskInternals
2009-12-24 18:42 . 2009-12-24 18:42 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\ZipGenius
2009-12-22 17:07 . 2009-12-24 20:44 -------- d-----w- c:\program files\Luxor Amun Rising
2009-12-22 17:06 . 2009-12-22 17:06 -------- d-----w- c:\program files\ReflexiveArcade
2009-12-19 11:15 . 2009-12-19 11:17 -------- d-----w- c:\windows\system32\ca-ES
2009-12-19 11:15 . 2009-12-19 11:17 -------- d-----w- c:\windows\system32\eu-ES
2009-12-19 11:15 . 2009-12-19 11:17 -------- d-----w- c:\windows\system32\vi-VN
2009-12-19 11:10 . 2009-12-19 11:10 -------- d-----w- c:\windows\system32\SPReview
2009-12-19 10:53 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-12-19 10:53 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-12-19 10:51 . 2009-04-10 22:28 1591296 ----a-w- c:\windows\system32\setupapi.dll
2009-12-19 10:50 . 2009-04-10 22:32 161752 ----a-w- c:\windows\system32\drivers\msrpc.sys
2009-12-19 10:49 . 2009-04-10 22:28 83456 ----a-w- c:\windows\system32\SMBHelperClass.dll
2009-12-19 10:44 . 2009-12-19 10:44 -------- d-----w- c:\windows\system32\EventProviders
2009-12-19 08:19 . 2009-12-19 08:24 -------- d-----w- c:\programdata\VistaCodecs
2009-12-18 20:48 . 2009-12-18 20:49 -------- d-----w- c:\program files\The KMPlayer
2009-12-18 19:40 . 2009-12-18 19:40 -------- d-----w- c:\users\NediM&UnA\AppData\Local\Microsoft Corporation
2009-12-17 13:55 . 2009-12-17 14:05 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\Media Player Classic
2009-12-16 16:58 . 2009-12-16 16:58 -------- d-----w- c:\program files\CCleaner
2009-12-16 16:43 . 2009-12-16 16:43 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-16 16:43 . 2008-11-12 15:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-16 16:43 . 2008-11-12 15:44 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-12-16 16:43 . 2009-12-16 16:43 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-16 16:43 . 2009-12-16 16:43 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\TuneUp Software
2009-12-16 16:42 . 2009-12-16 16:43 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-16 16:42 . 2009-12-16 16:42 -------- d-----w- c:\programdata\TuneUp Software
2009-12-16 16:41 . 2009-12-16 16:41 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-12-12 12:48 . 2009-12-12 12:48 -------- d-----w- c:\users\NediM&UnA\AppData\Local\Google
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\program files\Google
2009-12-12 12:44 . 2009-12-12 12:45 -------- d-----w- c:\program files\ZipGenius 5
2009-12-12 12:18 . 2009-12-12 12:18 266293 ----a-w- c:\windows\system\MSVCRT.DLL
2009-12-12 11:33 . 2009-12-20 18:41 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\TeamViewer
2009-12-12 11:33 . 2009-12-12 11:33 -------- d-----w- c:\program files\TeamViewer
2009-12-12 11:32 . 2009-12-12 11:32 -------- d-----w- c:\users\NediM&UnA\temp
2009-12-12 11:26 . 2009-12-12 11:26 -------- d-----w- c:\program files\uTorrent
2009-12-12 11:19 . 2009-12-12 11:19 32768 ----a-w- c:\windows\system32\wnaspi32.dll
2009-12-12 11:18 . 2009-12-12 11:18 -------- d-----w- c:\program files\Common Files\Xing Shared
2009-12-12 11:18 . 2009-12-12 11:18 -------- d-----w- c:\program files\Xing
2009-12-12 11:18 . 1998-12-16 11:08 317952 ----a-w- c:\windows\system32\Roboex32.dll
2009-12-11 21:04 . 2009-12-11 21:04 -------- d-----w- c:\users\NediM&UnA\AppData\Local\Microsoft Games
2009-12-11 20:43 . 2009-12-11 20:43 -------- d-----w- c:\users\NediM&UnA\AppData\Local\Ahead
2009-12-11 20:42 . 2009-12-11 20:42 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\Nero
2009-12-11 20:37 . 2009-12-11 20:40 -------- d-----w- c:\program files\Common Files\Nero
2009-12-11 20:37 . 2009-12-11 20:37 -------- d-----w- c:\programdata\Nero
2009-12-11 20:37 . 2009-12-11 20:37 -------- d-----w- c:\program files\Nero
2009-12-11 20:20 . 2006-12-27 04:02 321108 ----a-w- c:\programdata\{342DB4AA-29BF-43ED-9286-D8D3C134C6C2}\mia.dll
2009-12-11 20:20 . 2009-12-11 20:20 -------- d-----w- c:\programdata\{342DB4AA-29BF-43ED-9286-D8D3C134C6C2}
2009-12-11 20:20 . 2006-12-27 04:02 2484662 ----a-w- c:\programdata\{342DB4AA-29BF-43ED-9286-D8D3C134C6C2}\easybcd.exe
2009-12-11 20:20 . 2009-12-11 20:20 -------- d-----w- c:\program files\NeoSmart Technologies
2009-12-11 20:19 . 2009-12-11 20:19 -------- d-----w- c:\users\NediM&UnA\AppData\Local\Seven Zip
2009-12-06 16:11 . 2009-12-06 16:12 -------- d-----w- c:\users\NediM&UnA\AppData\Local\Adobe
2009-12-06 16:06 . 2009-12-06 16:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 19:55 . 2009-12-05 19:55 -------- d-----w- C:\PerfLogs
2009-12-05 19:14 . 2008-01-18 22:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-12-05 19:14 . 2008-01-18 22:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-12-05 19:14 . 2008-01-18 22:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-12-05 19:12 . 2008-01-18 22:42 94776 ----a-w- c:\windows\system32\MigAutoPlay.exe
2009-12-05 19:11 . 2008-01-18 22:33 48128 ----a-w- c:\windows\system32\bcdprov.dll
2009-12-05 19:10 . 2008-01-18 22:37 22016 ----a-w- c:\windows\system32\wmpcm.dll
2009-12-05 19:07 . 2007-12-06 04:04 6656 ----a-w- c:\windows\system32\kbd106n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 10:06 . 2009-11-20 10:37 680 ----a-w- c:\users\NediM&UnA\AppData\Local\d3d9caps.dat
2009-12-27 20:20 . 2009-11-28 19:46 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\Winamp
2009-12-19 11:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-12-19 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-19 11:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-12-19 11:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-12-19 11:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-12-19 11:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-19 11:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-12-19 11:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-19 08:45 . 2009-11-25 14:08 -------- d-----w- c:\program files\GRETECH
2009-12-12 11:36 . 2009-11-20 12:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 20:37 . 2009-12-11 20:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-05 19:40 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-12-05 19:40 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-28 19:47 . 2009-11-28 19:46 -------- d-----w- c:\program files\Winamp
2009-11-28 19:46 . 2009-11-28 19:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-21 09:00 . 2009-11-20 10:38 99864 ----a-w- c:\users\NediM&UnA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-20 18:21 . 2009-11-20 17:17 -------- d-----w- c:\programdata\Microsoft Help
2009-11-20 18:15 . 2009-11-20 18:15 -------- d-----w- c:\program files\Microsoft Works
2009-11-20 18:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-11-20 18:11 . 2009-11-20 18:11 -------- d-----w- c:\program files\Microsoft.NET
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-20 17:12 . 2009-11-20 17:12 -------- d-----w- c:\program files\Alcohol Soft
2009-11-20 17:07 . 2009-11-20 17:07 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-20 12:51 . 2009-11-20 12:50 -------- d-----w- c:\program files\Windows Live
2009-11-20 12:51 . 2009-11-20 12:51 -------- d-----w- c:\program files\Microsoft
2009-11-20 12:50 . 2009-11-20 12:50 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-20 12:46 . 2009-11-20 12:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-20 12:43 . 2009-11-20 12:43 -------- d-----w- c:\program files\Analog Devices
2009-11-20 12:43 . 2009-11-20 12:43 -------- d-----w- c:\users\NediM&UnA\AppData\Roaming\InstallShield
2009-11-20 12:31 . 2009-11-20 12:29 240128 ----a-w- c:\users\NediM&UnA\AppData\Local\royal86.sys
2009-11-20 11:05 . 2009-11-20 11:05 -------- d-----w- c:\program files\ESET
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:43 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):14,d7,3c,d9,9d,80,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-970062700-2512175642-1388874279-1000]
"EnableNotificationsRef"=dword:00000002

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28.1.2009 8:39 185640]
R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [5.12.2009 20:11 179712]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [20.11.2009 18:07 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\NediM&UnA\AppData\Roaming\Mozilla\Firefox\Profiles\w7tc6gqi.default\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-01 11:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-01 11:23:02
ComboFix-quarantined-files.txt 2010-01-01 10:22

Pre-Run: 9.324.314.624 bytes free
Post-Run: 10.816.638.976 bytes free

- - End Of File - - D55BE0A8F16C0477DF31E506F8C11C6E

Usput svim korisnicima foruma sretna nova 2010 i sve najbolje u životu!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

NediM17 ::Usput svim korisnicima foruma sretna nova 2010 i sve najbolje u životu!
Hvala, takođe sve najbolje!


Sad sve deluje Ok...

Jedino je još ostala arhiva koju je AV detektovao.

Ukoliko ti bude smetalo to što je detektuje možeš sam da je ukloniš.

Evo lokacije:

C:\Documents and Settings\NediM\Desktop\Motorola\Programi za flashanje i modding!!!\P2K Easy Tool V39\P2K Easy Tool V39.rar



Isprati još sledeće...



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@ProCarp
Hvala ti, a ovaj rar fajl mi je poznat, tako da neka stoji, zatrebat će nekad.