virus sa usba

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:20:40, on 19.2.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Win\lsass.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\nikola\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7338 bytes


kopirao sam nesto sa usba i racunar je poceo cudno da se ponasa. ne rade mi shift ni caps, a kada kucam, slova se pojavljuju veoma sporo. ponekad se ponasa kao da je taster shift zaglavljen. kada skeniram nod av javlja da je sve cisto. moze pomoc?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo ga:

ComboFix 09-02-18.01 - nikola 2009-02-19 17:12:56.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2037.1101 [GMT 1:00]
Running from: c:\users\nikola\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-19 13:54 . 2009-02-19 13:54 <DIR> d-------- c:\users\nikola\AppData\Roaming\Malwarebytes
2009-02-19 13:54 . 2009-02-19 13:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-19 13:54 . 2009-02-19 13:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 13:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-19 13:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-18 23:26 . 2009-02-18 23:26 <DIR> d-------- c:\programdata\Yahoo! Companion
2009-02-18 16:50 . 2008-04-18 22:43 170,032 --a------ c:\windows\System32\drivers\Apfiltr.sys
2009-02-18 16:50 . 2008-01-19 16:53 100,546 --a------ c:\windows\System32\Vxdif.dll
2009-02-18 16:40 . 2009-02-18 16:40 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-02-17 20:36 . 2009-02-17 20:37 <DIR> dr-hs---- C:\Win
2009-02-16 12:07 . 2009-02-16 12:07 <DIR> d-------- c:\program files\URUSoft
2009-02-15 22:30 . 2009-02-19 04:03 <DIR> d-------- c:\users\nikola\AppData\Roaming\skypePM
2009-02-15 22:30 . 2009-02-15 22:30 56 --ah----- c:\windows\System32\ezsidmv.dat
2009-02-15 22:28 . 2009-02-19 04:04 <DIR> d-------- c:\users\nikola\AppData\Roaming\Skype
2009-02-15 22:28 . 2009-02-15 22:28 <DIR> d-------- c:\programdata\Skype
2009-02-15 22:28 . 2009-02-15 22:28 <DIR> dr------- c:\program files\Skype
2009-02-15 22:28 . 2009-02-15 22:28 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-12 01:00 . 2009-02-12 01:01 <DIR> d-------- c:\programdata\Yahoo!
2009-02-10 19:47 . 2009-02-10 19:48 <DIR> d-------- C:\Total_Training
2009-02-10 03:25 . 2009-02-10 03:25 <DIR> d-------- c:\programdata\Adobe Systems
2009-02-10 03:19 . 2009-02-10 03:19 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-02-09 12:31 . 2009-02-10 15:06 <DIR> d-------- c:\program files\Macromedia
2009-02-09 12:31 . 2009-02-09 12:35 <DIR> d-------- c:\program files\Common Files\Macromedia
2009-01-30 18:52 . 2009-01-30 18:52 <DIR> d-------- c:\users\nikola\AppData\Roaming\vlc
2009-01-30 18:51 . 2009-01-30 18:51 <DIR> d-------- c:\program files\VideoLAN
2009-01-26 01:22 . 2009-01-26 01:41 <DIR> d-------- c:\program files\GRETECH
2009-01-24 23:47 . 2009-01-24 23:47 224,768 --a------ c:\windows\System32\drivers\usbport.sys
2009-01-24 23:47 . 2009-01-24 23:47 192,000 --a------ c:\windows\System32\drivers\usbhub.sys
2009-01-24 23:47 . 2009-01-24 23:47 73,216 --a------ c:\windows\System32\drivers\usbccgp.sys
2009-01-24 23:47 . 2009-01-24 23:47 38,912 --a------ c:\windows\System32\drivers\hidclass.sys
2009-01-24 23:47 . 2009-01-24 23:47 38,400 --a------ c:\windows\System32\drivers\usbehci.sys
2009-01-24 23:47 . 2009-01-24 23:47 25,472 --a------ c:\windows\System32\drivers\hidparse.sys
2009-01-24 23:47 . 2009-01-24 23:47 23,040 --a------ c:\windows\System32\drivers\usbuhci.sys
2009-01-24 23:47 . 2009-01-24 23:47 12,288 --a------ c:\windows\System32\drivers\hidusb.sys
2009-01-24 23:47 . 2009-01-24 23:47 8,704 --a------ c:\windows\System32\hccoin.dll
2009-01-24 23:47 . 2009-01-24 23:47 5,888 --a------ c:\windows\System32\drivers\usbd.sys
2009-01-24 23:46 . 2009-01-24 23:46 414,208 --a------ c:\windows\System32\msdri.dll
2009-01-24 23:46 . 2009-01-24 23:46 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-01-24 23:46 . 2009-01-24 23:46 218,624 --a------ c:\windows\System32\psisrndr.ax
2009-01-24 23:46 . 2009-01-24 23:46 110,264 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-24 23:46 . 2009-01-24 23:46 80,384 --a------ c:\windows\System32\MSNP.ax
2009-01-24 23:46 . 2009-01-24 23:46 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-24 23:46 . 2009-01-24 23:46 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-24 23:46 . 2009-01-24 23:46 53,760 --a------ c:\windows\System32\drivers\hdaudbus.sys
2009-01-24 23:46 . 2009-01-24 23:46 45,240 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-24 23:46 . 2009-01-24 23:46 21,688 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-24 23:46 . 2009-01-24 23:46 17,592 --a------ c:\windows\System32\drivers\intelide.sys
2009-01-24 23:45 . 2009-01-24 23:45 242,688 --a------ c:\windows\System32\drivers\rdpdr.sys
2009-01-24 23:45 . 2009-01-24 23:45 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2009-01-24 23:45 . 2009-01-24 23:45 181,760 --a------ c:\windows\System32\fsquirt.exe
2009-01-24 23:45 . 2009-01-24 23:45 140,392 --a------ c:\windows\System32\drivers\pci.sys
2009-01-24 23:45 . 2009-01-24 23:45 50,792 --a------ c:\windows\System32\drivers\termdd.sys
2009-01-24 23:45 . 2009-01-24 23:45 50,280 --a------ c:\windows\System32\drivers\volmgr.sys
2009-01-24 23:45 . 2009-01-24 23:45 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2009-01-24 23:45 . 2009-01-24 23:45 28,776 --a------ c:\windows\System32\drivers\mssmbios.sys
2009-01-24 23:45 . 2009-01-24 23:45 22,632 --a------ c:\windows\System32\streamci.dll
2009-01-24 23:45 . 2009-01-24 23:45 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2009-01-24 23:45 . 2009-01-24 23:45 13,928 --a------ c:\windows\System32\drivers\msisadrv.sys
2009-01-24 23:45 . 2009-01-24 23:45 12,776 --a------ c:\windows\System32\drivers\swenum.sys
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Videos
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> d-------- c:\users\RA Media Server\Saved Games
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Pictures
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Music
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Links
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Downloads
2009-01-24 20:02 . 2009-01-24 20:03 <DIR> dr------- c:\users\RA Media Server\Documents
2009-01-24 20:02 . 2006-11-02 12:18 <DIR> d--h----- c:\users\RA Media Server\AppData
2009-01-24 20:02 . 2009-01-24 20:03 <DIR> d-------- c:\users\RA Media Server
2009-01-24 20:01 . 2009-01-24 23:33 <DIR> d-a------ c:\programdata\TEMP
2009-01-23 18:50 . 2009-02-05 00:08 <DIR> d-------- c:\users\Public\T.B.01.08
2009-01-20 15:45 . 2009-01-20 15:45 <DIR> d-------- c:\program files\MySQL
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\programdata\Apple
2009-01-20 15:01 . 2009-01-20 15:02 <DIR> d-------- c:\program files\QuickTime
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 13:57 --------- d-----w c:\program files\Live_TV
2009-02-19 03:03 --------- d-----w c:\users\nikola\AppData\Roaming\mIRC
2009-02-19 03:03 --------- d-----w c:\program files\mIRC
2009-02-19 02:15 --------- d-----w c:\users\nikola\AppData\Roaming\BitTorrent
2009-02-18 22:18 --------- d-----w c:\program files\Yahoo!
2009-02-18 15:51 --------- d-----w c:\program files\DellTPad
2009-02-18 15:41 --------- d-----w c:\program files\RADIO_USA
2009-02-18 14:15 --------- d-----w c:\programdata\Microsoft Help
2009-02-18 12:51 --------- d-----w c:\users\nikola\AppData\Roaming\DNA
2009-02-18 12:49 --------- d-----w c:\program files\DNA
2009-02-10 16:09 --------- d-----w c:\program files\Opera
2009-02-10 02:21 --------- d-----w c:\program files\Common Files\Adobe
2009-02-07 23:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-04 01:28 197 ----a-w c:\windows\system32\drivers\stwrte.log
2009-01-24 22:44 --------- d-----w c:\program files\Dell
2009-01-24 22:34 --------- d-----w c:\programdata\Dell
2009-01-15 22:53 --------- d-----w c:\users\nikola\AppData\Roaming\Winamp
2009-01-15 13:45 --------- d-----w c:\program files\Winamp
2008-12-27 15:20 --------- d-----w c:\program files\BitTorrent
2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-10-30 21:49 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-02-28 442433]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"run32"="c:\win\lsass.exe" [2002-01-01 551669]

c:\users\nikola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-08 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"CollaborationHost"=c:\windows\system32\p2phost.exe -s
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ioCentre"=c:\genius\ioCentre\gTaskBar.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1329787070-2645521928-1567272476-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE7511EF-99F9-4434-9010-85435EBCBB13}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{94CB31F3-FCB9-4AD6-9492-0A4D8193736B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{54F5AC86-A4AF-43CC-AB4D-B307FC2965E0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EBAA2C8F-4CF3-49EA-BCF0-BC45A3AB99C5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{68855544-459D-4E3D-9F3D-FE8E26E62AD8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{685F0990-1CF3-4318-B42C-26FCA2C75077}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E9314084-DAA7-4C20-A870-5A83909EA717}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{03CB32F6-74D3-4C91-94FA-0FDCA7568B91}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{902CD350-777D-4CEB-A59A-B65F37223EEE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{AAEB9DAA-69C0-4CE2-81FC-D4EA6C5B31BA}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{D706900C-1F42-4463-A6D9-5C805014BF27}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B8C2FCC-7512-4D6C-9BA6-BA21F1AB983F}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX8\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX8\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX8\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX8\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX13\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX13\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX13\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX13\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX17\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX17\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX17\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX17\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX18\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX18\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX18\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX18\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX21\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX21\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX21\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX21\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX24\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX24\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX24\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX24\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX26\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX26\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX26\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX26\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX27\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX27\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX27\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX27\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX29\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX29\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX29\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX29\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX31\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX31\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX31\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX31\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-08-18 34312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe [2008-10-30 73728]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-30 29736]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-11-17 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-11-17 9856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-10-30 111616]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [2008-01-29 203264]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-02-19 38496]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [2008-10-30 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [2008-10-30 277624]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\System32\drivers\gMouPS2.sys [2008-11-17 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\nikola\AppData\Roaming\Mozilla\Firefox\Profiles\5z9t70qh.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-19 17:15:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(2248-)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2009-02-19 17:17:19
ComboFix-quarantined-files.txt 2009-02-19 16:17:17

Pre-Run: 88.395.337.728 bytes free
Post-Run: 88,372,191,232 bytes free

259

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\win

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"run32"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo ga:

ComboFix 09-02-18.01 - nikola 2009-02-19 18:03:56.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2037.1015 [GMT 1:00]
Running from: c:\users\nikola\Desktop\ComboFix.exe
Command switches used :: c:\users\nikola\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\win
c:\win\1.exe
c:\win\lsass.exe
c:\win\names.txt

.
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-19 13:54 . 2009-02-19 13:54 <DIR> d-------- c:\users\nikola\AppData\Roaming\Malwarebytes
2009-02-19 13:54 . 2009-02-19 13:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-19 13:54 . 2009-02-19 13:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 13:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-19 13:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-18 23:26 . 2009-02-18 23:26 <DIR> d-------- c:\programdata\Yahoo! Companion
2009-02-18 16:50 . 2008-04-18 22:43 170,032 --a------ c:\windows\System32\drivers\Apfiltr.sys
2009-02-18 16:50 . 2008-01-19 16:53 100,546 --a------ c:\windows\System32\Vxdif.dll
2009-02-18 16:40 . 2009-02-18 16:40 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-02-16 12:07 . 2009-02-16 12:07 <DIR> d-------- c:\program files\URUSoft
2009-02-15 22:30 . 2009-02-19 04:03 <DIR> d-------- c:\users\nikola\AppData\Roaming\skypePM
2009-02-15 22:30 . 2009-02-15 22:30 56 --ah----- c:\windows\System32\ezsidmv.dat
2009-02-15 22:28 . 2009-02-19 04:04 <DIR> d-------- c:\users\nikola\AppData\Roaming\Skype
2009-02-15 22:28 . 2009-02-15 22:28 <DIR> d-------- c:\programdata\Skype
2009-02-15 22:28 . 2009-02-15 22:28 <DIR> dr------- c:\program files\Skype
2009-02-15 22:28 . 2009-02-15 22:28 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-12 01:00 . 2009-02-12 01:01 <DIR> d-------- c:\programdata\Yahoo!
2009-02-10 19:47 . 2009-02-10 19:48 <DIR> d-------- C:\Total_Training
2009-02-10 03:25 . 2009-02-10 03:25 <DIR> d-------- c:\programdata\Adobe Systems
2009-02-10 03:19 . 2009-02-10 03:19 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-02-09 12:31 . 2009-02-10 15:06 <DIR> d-------- c:\program files\Macromedia
2009-02-09 12:31 . 2009-02-09 12:35 <DIR> d-------- c:\program files\Common Files\Macromedia
2009-01-30 18:52 . 2009-01-30 18:52 <DIR> d-------- c:\users\nikola\AppData\Roaming\vlc
2009-01-30 18:51 . 2009-01-30 18:51 <DIR> d-------- c:\program files\VideoLAN
2009-01-26 01:22 . 2009-01-26 01:41 <DIR> d-------- c:\program files\GRETECH
2009-01-24 23:47 . 2009-01-24 23:47 224,768 --a------ c:\windows\System32\drivers\usbport.sys
2009-01-24 23:47 . 2009-01-24 23:47 192,000 --a------ c:\windows\System32\drivers\usbhub.sys
2009-01-24 23:47 . 2009-01-24 23:47 73,216 --a------ c:\windows\System32\drivers\usbccgp.sys
2009-01-24 23:47 . 2009-01-24 23:47 38,912 --a------ c:\windows\System32\drivers\hidclass.sys
2009-01-24 23:47 . 2009-01-24 23:47 38,400 --a------ c:\windows\System32\drivers\usbehci.sys
2009-01-24 23:47 . 2009-01-24 23:47 25,472 --a------ c:\windows\System32\drivers\hidparse.sys
2009-01-24 23:47 . 2009-01-24 23:47 23,040 --a------ c:\windows\System32\drivers\usbuhci.sys
2009-01-24 23:47 . 2009-01-24 23:47 12,288 --a------ c:\windows\System32\drivers\hidusb.sys
2009-01-24 23:47 . 2009-01-24 23:47 8,704 --a------ c:\windows\System32\hccoin.dll
2009-01-24 23:47 . 2009-01-24 23:47 5,888 --a------ c:\windows\System32\drivers\usbd.sys
2009-01-24 23:46 . 2009-01-24 23:46 414,208 --a------ c:\windows\System32\msdri.dll
2009-01-24 23:46 . 2009-01-24 23:46 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-01-24 23:46 . 2009-01-24 23:46 218,624 --a------ c:\windows\System32\psisrndr.ax
2009-01-24 23:46 . 2009-01-24 23:46 110,264 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-24 23:46 . 2009-01-24 23:46 80,384 --a------ c:\windows\System32\MSNP.ax
2009-01-24 23:46 . 2009-01-24 23:46 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-24 23:46 . 2009-01-24 23:46 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-24 23:46 . 2009-01-24 23:46 53,760 --a------ c:\windows\System32\drivers\hdaudbus.sys
2009-01-24 23:46 . 2009-01-24 23:46 45,240 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-24 23:46 . 2009-01-24 23:46 21,688 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-24 23:46 . 2009-01-24 23:46 17,592 --a------ c:\windows\System32\drivers\intelide.sys
2009-01-24 23:45 . 2009-01-24 23:45 242,688 --a------ c:\windows\System32\drivers\rdpdr.sys
2009-01-24 23:45 . 2009-01-24 23:45 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2009-01-24 23:45 . 2009-01-24 23:45 181,760 --a------ c:\windows\System32\fsquirt.exe
2009-01-24 23:45 . 2009-01-24 23:45 140,392 --a------ c:\windows\System32\drivers\pci.sys
2009-01-24 23:45 . 2009-01-24 23:45 50,792 --a------ c:\windows\System32\drivers\termdd.sys
2009-01-24 23:45 . 2009-01-24 23:45 50,280 --a------ c:\windows\System32\drivers\volmgr.sys
2009-01-24 23:45 . 2009-01-24 23:45 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2009-01-24 23:45 . 2009-01-24 23:45 28,776 --a------ c:\windows\System32\drivers\mssmbios.sys
2009-01-24 23:45 . 2009-01-24 23:45 22,632 --a------ c:\windows\System32\streamci.dll
2009-01-24 23:45 . 2009-01-24 23:45 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2009-01-24 23:45 . 2009-01-24 23:45 13,928 --a------ c:\windows\System32\drivers\msisadrv.sys
2009-01-24 23:45 . 2009-01-24 23:45 12,776 --a------ c:\windows\System32\drivers\swenum.sys
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Videos
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> d-------- c:\users\RA Media Server\Saved Games
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Pictures
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Music
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Links
2009-01-24 20:02 . 2006-11-02 11:23 <DIR> dr------- c:\users\RA Media Server\Downloads
2009-01-24 20:02 . 2009-01-24 20:03 <DIR> dr------- c:\users\RA Media Server\Documents
2009-01-24 20:02 . 2006-11-02 12:18 <DIR> d--h----- c:\users\RA Media Server\AppData
2009-01-24 20:02 . 2009-01-24 20:03 <DIR> d-------- c:\users\RA Media Server
2009-01-24 20:01 . 2009-01-24 23:33 <DIR> d-a------ c:\programdata\TEMP
2009-01-23 18:50 . 2009-02-05 00:08 <DIR> d-------- c:\users\Public\T.B.01.08
2009-01-20 15:45 . 2009-01-20 15:45 <DIR> d-------- c:\program files\MySQL
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\programdata\Apple
2009-01-20 15:01 . 2009-01-20 15:02 <DIR> d-------- c:\program files\QuickTime
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 15:01 . 2009-01-20 15:01 <DIR> d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 13:57 --------- d-----w c:\program files\Live_TV
2009-02-19 03:03 --------- d-----w c:\users\nikola\AppData\Roaming\mIRC
2009-02-19 03:03 --------- d-----w c:\program files\mIRC
2009-02-19 02:15 --------- d-----w c:\users\nikola\AppData\Roaming\BitTorrent
2009-02-18 22:18 --------- d-----w c:\program files\Yahoo!
2009-02-18 15:51 --------- d-----w c:\program files\DellTPad
2009-02-18 15:41 --------- d-----w c:\program files\RADIO_USA
2009-02-18 14:15 --------- d-----w c:\programdata\Microsoft Help
2009-02-18 12:51 --------- d-----w c:\users\nikola\AppData\Roaming\DNA
2009-02-18 12:49 --------- d-----w c:\program files\DNA
2009-02-10 16:09 --------- d-----w c:\program files\Opera
2009-02-10 02:21 --------- d-----w c:\program files\Common Files\Adobe
2009-02-07 23:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-04 01:28 197 ----a-w c:\windows\system32\drivers\stwrte.log
2009-01-24 22:44 --------- d-----w c:\program files\Dell
2009-01-24 22:34 --------- d-----w c:\programdata\Dell
2009-01-15 22:53 --------- d-----w c:\users\nikola\AppData\Roaming\Winamp
2009-01-15 13:45 --------- d-----w c:\program files\Winamp
2008-12-27 15:20 --------- d-----w c:\program files\BitTorrent
2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-10-30 21:49 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 15:09:10 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-19 16:15:29 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-02-28 442433]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\users\nikola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-08 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"CollaborationHost"=c:\windows\system32\p2phost.exe -s
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ioCentre"=c:\genius\ioCentre\gTaskBar.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1329787070-2645521928-1567272476-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE7511EF-99F9-4434-9010-85435EBCBB13}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{94CB31F3-FCB9-4AD6-9492-0A4D8193736B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{54F5AC86-A4AF-43CC-AB4D-B307FC2965E0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EBAA2C8F-4CF3-49EA-BCF0-BC45A3AB99C5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{68855544-459D-4E3D-9F3D-FE8E26E62AD8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{685F0990-1CF3-4318-B42C-26FCA2C75077}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E9314084-DAA7-4C20-A870-5A83909EA717}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{03CB32F6-74D3-4C91-94FA-0FDCA7568B91}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{902CD350-777D-4CEB-A59A-B65F37223EEE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{AAEB9DAA-69C0-4CE2-81FC-D4EA6C5B31BA}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{D706900C-1F42-4463-A6D9-5C805014BF27}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B8C2FCC-7512-4D6C-9BA6-BA21F1AB983F}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX8\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX8\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX8\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX8\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX13\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX13\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX13\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX13\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX17\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX17\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX17\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX17\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX18\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX18\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX18\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX18\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX21\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX21\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX21\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX21\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX24\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX24\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX24\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX24\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX26\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX26\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX26\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX26\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX27\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX27\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX27\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX27\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX29\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX29\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX29\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX29\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX31\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX31\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"c:\\Users\\nikola\\AppData\\Local\\Temp\\RarSFX31\\Yahoo!\\Messenger\\YServer.exe"= c:\users\nikola\AppData\Local\Temp\RarSFX31\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-08-18 34312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe [2008-10-30 73728]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-30 29736]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-11-17 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-11-17 9856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-10-30 111616]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [2008-01-29 203264]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-02-19 38496]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [2008-10-30 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [2008-10-30 277624]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\System32\drivers\gMouPS2.sys [2008-11-17 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\nikola\AppData\Roaming\Mozilla\Firefox\Profiles\5z9t70qh.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-19 18:05:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-19 18:07:35
ComboFix-quarantined-files.txt 2009-02-19 17:07:33
ComboFix2.txt 2009-02-19 16:17:20

Pre-Run: 87.887.003.648 bytes free
Post-Run: 87,858,851,840 bytes free

261

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upakuj u zip/rar kompletan folder: C:\qoobox\quarantine

i upload-uj tu arhivu preko ovog linka: [Link mogu videti samo ulogovani korisnici]



-------------------------------------------------------------------------------------



Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

upload-ovao.


nemam taj usb kod sebe, a takodje ne posedujem ni licni usb, tako da ne znam da li treba da skidam ovaj USBNoRisk?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nema potrebe...

Kakvo je trenutno stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

radi bez problema, cini mi se...obicno se problem javljao posle prijavljivanja na FB, ali sad sam prijavljen, i sve funkcionise ok. jel to sad gotovo?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imao si jednog crva - to je obrisano.

Sudeći po logovima, PC je sada čist. Preostaje da uradiš sledeće:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve.