kako da obrisem win32/autrun.ABHWorm

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

CimboFix je rsdio, radi... pa trazio reset... .. pa radio posle reseta... i zgotovio izvestaj :
ComboFix 08-12-24.01 - drazen 2008-12-25 14:30:49.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.49 [GMT 1:00]
Running from: d:\documents and settings\drazen\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drazen\Desktop\CFScript.txt
* Resident AV is active


FILE ::
d:\windows\system32\dllcache\mkllb.dll
d:\windows\system32\dllcache\ntisapi.dll
d:\windows\system32\dllcache\ntoist.dll
d:\windows\system32\serhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\to_upload
d:\to_upload\mkllb.dll.vir
d:\to_upload\ntisapi.dll.vir
d:\to_upload\ntoist.dll.vir
d:\to_upload\serhost.exe.vir
d:\windows\system32\dllcache\mkllb.dll
d:\windows\system32\dllcache\ntisapi.dll
d:\windows\system32\dllcache\ntoist.dll
d:\windows\system32\serhost.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 13:43 . 2008-12-25 13:43 55,924 --a------ D:\to_upload.rar
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\drazen\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-03 19:52 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 16:32 . 2008-12-03 19:52 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-17 12:06 . 2008-12-17 12:07 <DIR> d-------- d:\program files\Common Files\Nokia
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> d-------- d:\program files\Makayama Software
2008-12-16 18:52 . 2004-09-07 12:16 626,688 --------- d:\windows\system32\DGPDVDRipperStudio.ocx
2008-12-15 16:27 . 2008-12-15 16:27 <DIR> d-------- d:\documents and settings\drazen\Application Data\ImTOO Software Studio
2008-12-15 01:58 . 2008-12-15 01:58 <DIR> d-------- d:\program files\CoreAAC
2008-12-05 08:33 . 2008-12-05 08:37 <DIR> d-------- d:\program files\PDFCreator
2008-12-05 08:33 . 2004-03-09 00:00 662,288 --a------ d:\windows\system32\MSCOMCT2.OCX
2008-12-05 08:33 . 2005-10-15 12:32 196,608 --a------ d:\windows\system32\pdfcmnnt.dll
2008-12-05 08:33 . 1998-06-24 00:00 137,000 --a------ d:\windows\system32\MSMAPI32.OCX
2008-12-05 08:33 . 1998-07-06 00:00 23,552 --a------ d:\windows\system32\MSMPIDE.DLL
2008-12-01 17:50 . 2008-12-01 17:49 410,976 --a------ d:\windows\system32\deploytk.dll
2008-11-29 10:23 . 2008-11-29 10:23 <DIR> d--hs---- d:\windows\system32\RECYCLER

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 13:41 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-25 13:16 --------- d-----w d:\documents and settings\drazen\Application Data\Skype
2008-12-25 13:15 --------- d-----w d:\documents and settings\drazen\Application Data\skypePM
2008-12-17 12:37 --------- d-----w d:\documents and settings\drazen\Application Data\Nokia
2008-12-17 11:07 --------- d-----w d:\program files\Common Files\PCSuite
2008-12-17 11:06 --------- d-----w d:\program files\Nokia
2008-12-16 08:10 --------- d-----w d:\program files\ImTOO
2008-12-15 00:58 --------- d-----w d:\program files\GRETECH
2008-12-05 07:35 14,290 -c--a-w d:\program files\settings.dat
2008-12-01 16:49 --------- d-----w d:\program files\Java
2008-11-26 21:27 --------- d-----w d:\program files\Common Files\Adobe
2008-11-25 23:14 --------- d-----w d:\program files\Opera
2008-11-04 07:59 --------- d-----w d:\documents and settings\All Users\Application Data\Installations
2008-03-01 23:39 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-07 15:26 56 -csh--r d:\windows\system32\DCF64F123F.sys
2008-08-07 15:26 10,022 -csha-w d:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-24_11.57.18.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w d:\windows\ERDNT\subs\ERDNT.EXE
- 2008-12-24 10:49:17 16,384 -c--a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-25 12:17:07 16,384 -c--a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-24 10:49:17 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-25 12:17:07 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-24 10:49:17 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-25 12:17:07 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-25 13:38:43 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_6c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "d:\progra~1\DAP\SBSearch.dll" [2008-08-24 32768]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"LogitechSoftwareUpdate"="d:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="d:\program files\DAP\DAP.EXE" [2008-08-24 3053056]
"JFSW2Launch"="d:\documents and settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2008-04-02 45056]
"Transparent Icon Labels"="d:\program files\Transparent Icon Labels\Transparent Icon Labels.exe" [2008-09-20 126976]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="d:\windows\system32\sistray.EXE" [2001-12-24 327680]
"SiS KHooker"="d:\windows\system32\khooker.exe" [2002-01-25 290816]
"SiSUSBRG"="d:\windows\sisUSBrg.exe" [2002-02-21 28675]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2007-04-25 949376]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.XVID"= xvid.dll
"msacm.enc"= ITIG726.acm
"vidc.I263"= i263_32.drv
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=d:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-08-24 10:47 3053056 d:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 d:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-11-28 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-05-26 d:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\program files\DAP\dapextie.htm
IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: d:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-25 14:38:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(696)
d:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\program files\ESET\nod32krn.exe
d:\windows\system32\slserv.exe
d:\windows\system32\wdfmgr.exe
d:\program files\Logitech\Video\FxSvr2.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
d:\windows\system32\wscntfy.exe
d:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-12-25 14:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-25 13:46:53
ComboFix2.txt 2008-12-25 12:26:22
ComboFix3.txt 2008-12-25 11:44:50
ComboFix4.txt 2008-12-24 21:28:44
ComboFix5.txt 2008-12-25 13:28:37

Pre-Run: 1,576,251,392 bytes free
Post-Run: 1,566,371,840 bytes free

197

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Treba mi i novi HijackThis log (napisao sam u prethodnoj poruci).

Kako se sada komp ponasa? Ima li jos vidljivih simptoma?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo onaj HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:09, on 25-Dec-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\sistray.EXE
D:\WINDOWS\system32\khooker.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAP\DAP.EXE
D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\drazen\Desktop\bobby\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - D:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SiS Tray] D:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] D:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [JFSW2Launch] D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKCU\..\Run: [Transparent Icon Labels] "D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe" 15726591
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nod 32 - Unknown owner - D:\WINDOWS\system32\serhost.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

--
End of file - 6442 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni ponovo HijackThis, klikni na Do a system scan only, pa stikliraj polje ispred sledece linije:
O23 - Service: Nod 32 - Unknown owner - D:\WINDOWS\system32\serhost.exe (file missing)
Klikni na Fix checked


Treba jos deinstalirati i ComboFix:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sada nista jos ne vidim kao promenu jer radi inace jako sporo pa od silnog rada sa combofihima i onoim Haj džekovima nista ne stižem raditi vidim jedino onaj crveni štit sa belim x kako dole pored sata i nadalje "pušta" balone sa upozorenjem... ps ja ya 15 tak minuta moram van pa se cujemo oko 17h. teško da mogu ranije. svestan sam da se sve radi u moju korist... ali imam i drugih obaveza danas... javim se čim upalim komp. p.s. imam samo 256 mb na Gericomu ddr1 i hocu da kupim 1gb da bi radio pristojno. ovako je spor kao vojnik u čišćenju kruga...

Dopuna: 25 Dec 2008 15:22

evo videh poruku, odmah pristupam radu i odlažem izlazak do završetka postupaka...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kad stignes, nije nikakva frka.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sve sam uradio kako si napisao... u toku procesa jedino pitanje je bilo "želim li da deinstaliram ComboFix"? .. i ja poželeh..! epilog : "želja" mi je ispunjena, u celosti. od silnijeh alata i pisanija ostade mi samo onaj hi Džek... al dobro "niko nije savršen" p.s. meni je sat na tačnom vremenu a dirao ga nisam. jedino onaj mali crvenilom ispunjen štit, sa svojim belim X-om u sebi, se neda! stoji i balone "pušta"...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Klikni duplo na njega.
Otvorice se dijalog u kojem sa leve strane imas opciju u fazonu "Promeni nacin na koji me Security Centar obavestava".
Udji u ta podesavanja i iskljuci opcije za one stavke za koje ne zelis da te davi.

HijackThis potrazi u Add/Remove programs, a ako se nije tamo ubacio onda ga jednostavno obrisi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok je sve. uradicu tako. jel sad moj komp bez virusa?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Od onoga sto ja mogu u logovima da vidim - cist je.