problem!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aj da pokusamo opet:
1.Sam sistem baguje, instalirao sam nod32, i non stop mi izbacuje da imam kojekakve trojance, i vidim da neku ip adresu kako oce da mi udje u komp, ali nod ga blokira i dr., skenirao sam i on je kao ocistio, ali i dalje me smaraju neke poruke "warning - wirus trojan spm/lx was found.." a sto me najvise smara jeste: "warning - application cannot be executed. The file is infected. Please activate your antivirus software." Dakle, neke aplikacije cak ne mogu ni da pokrenem

2. Ovo je log file napravljen u hjackthis programu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:40 AM, on 9/13/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\winupdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winupdate.exe] C:\Windows\system32\winupdate.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - (no file)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 3498 bytes


3. Nisam bas najbolje razumeo ovaj deo za 32-windows,al pokusacu :

Kada se taj problem počeo ispoljavati?
-Dan, dva posle reinstalacije sistema, dakle imam samo dva programcica koja rade, nemam cak ni winamp!

Ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku
- Pa obicno obrise, a neke stavi u karantin, samo ja to ne umem da iskopam, heh.

Na koji način ste pokušali rešiti problem?
-Skeniranjem, skeniranjem i opet skeniranjem

Kakvom internet konekcijom raspolažete (tip i brzina konekcije)?
-Kablovski Internet (RadijusVektor) - 1054 ili mislim da je 1504 tako nesto..uglavnom brzina je super.

DDS
Program "crah-uje", tacnije, kada ga pokrenem iskoci dos promt, ali mi opet iskoci ono "warning - application could not be open...bla bla" (nece ni kad sam iskljucio nod)

GMER
skenirao sam samo system C:

okacicu prvo ovo, a cim zavrsi skeniranje u gmeru okacicu i to.

Hvala velika i izvinte na prvobitnom upadu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 13 Sep 2009 14:12

Pa kako da vratim? valjda treba samo da "procitam" koji su to fajlovi?

Eh tek sad videh, naime, ja nemam nod 32 vec nod eset smart security

ne postoji tools opcija koliko ja vidim.

Dopuna: 13 Sep 2009 14:15

Ne mogu da otvorim ni notepad, stoga cu morati da vam okacim ovde za gmer autostart
mycity.rs/must-login.png

mycity.rs/must-login.png


GMER 1.0.15.15077 - gmer.net
Autostart scan 2009-09-13 14:11:54
Windows 6.0.6002 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\Windows\system32\userinit.exe, = C:\Windows\system32\userinit.exe,
@TaskmanC:\RECYCLER\S-1-5-21-9112914285-7552568607-157751278-2044\wmiprvse.exe /*file not found*/ = C:\RECYCLER\S-1-5-21-9112914285-7552568607-157751278-2044\wmiprvse.exe /*file not found*/

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Diskeeper@ = "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
ekrn@ = "C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Windows Defender%ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/ = %ProgramFiles%\Windows Defender\MSASCui.exe -hide /*file not found*/
@IgfxTrayC:\Windows\system32\igfxtray.exe = C:\Windows\system32\igfxtray.exe
@HotKeysCmdsC:\Windows\system32\hkcmd.exe = C:\Windows\system32\hkcmd.exe
@PersistenceC:\Windows\system32\igfxpers.exe = C:\Windows\system32\igfxpers.exe
@egui"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@winupdate.exeC:\Windows\system32\winupdate.exe = C:\Windows\system32\winupdate.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{E31004D1-A431-41B8-826F-E902F9D95C81}%SystemRoot%\System32\DreamScene.dll = %SystemRoot%\System32\DreamScene.dll
@{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}(null) =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{28803F59-3A75-4058-995F-4EE5503B023C} /*Wireless Devices*/%systemroot%\system32\FunctionDiscoveryFolder.dll = %systemroot%\system32\FunctionDiscoveryFolder.dll
@{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} /*Enhanced Storage Data Source*/%SystemRoot%\system32\EhStorShell.dll = %SystemRoot%\system32\EhStorShell.dll
@{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} /*Ave's FolderBg*/(null) =
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*Eset Smart Security - Context Menu Shell Extension*/C:\Program Files\ESET\ESET Smart Security\shellExt.dll = C:\Program Files\ESET\ESET Smart Security\shellExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET Smart Security\shellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{596AB062-B4D2-4215-9F74-E9109B0A8153} = %SystemRoot%\system32\twext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET Smart Security\shellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

---- EOF - GMER 1.0.15 ----

Dopuna: 13 Sep 2009 14:19

I da, pojavljuje se jos jedan problem, zaboravio sam da kazem.
Otvara mi se sam od sebe ms dos prompt prozor (crni)
i izlazi mi pored njega prozor koji kaze:
c:\windows\system32\18467.exe
The NTVDM CPU has encountered an illegal instruction.
CS:11e1 IP:0124 OP:63 75 72 69 74 Choose 'Close' to terminate the application

Ponudjeno Close i Ignore.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-09-12.A0 - Stefan 09/13/2009 15:49.1.1 - NTFSx86
Microsoft® Windows Vista™ Ion 6.0.6002.2.1252.1.1033.18.2939.2141 [GMT 2:00]
Running from: c:\users\Stefan\Downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-9112914285-7552568607-157751278-2044
c:\windows\ShellNew
c:\windows\ShellNew\Journal.jnt
c:\windows\system32\18467.exe
c:\windows\System32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 14:00 . 2009-09-13 14:01 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2009-09-13 14:00 . 2009-09-13 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 09:19 . 2009-09-13 09:19 -------- d-----w- c:\program files\Trend Micro
2009-09-12 21:32 . 2009-09-12 20:38 -------- d-----w- c:\windows\Panther
2009-09-12 21:32 . 2009-09-12 21:32 -------- d-----w- C:\Boot
2009-09-12 20:40 . 2009-09-12 12:21 -------- d-----w- c:\windows\Debug
2009-09-12 19:29 . 2009-09-12 19:30 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-09-12 13:29 . 2009-09-12 13:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-12 13:14 . 2009-09-12 13:14 -------- d-----w- c:\users\Stefan\AppData\Local\ESET
2009-09-12 13:01 . 2009-09-12 13:01 -------- d-----w- c:\windows\system32\Macromed
2009-09-12 12:59 . 2009-09-12 12:59 0 ----a-w- c:\windows\nsreg.dat
2009-09-12 12:59 . 2009-09-12 12:59 -------- d-----w- c:\users\Stefan\AppData\Local\Mozilla
2009-09-12 12:52 . 2008-09-12 13:20 290304 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2009-09-12 12:52 . 2009-09-12 12:52 -------- d-----w- c:\windows\OPTIONS
2009-09-12 12:52 . 2008-09-12 13:20 290304 ----a-w- c:\windows\system\rtl8187B.sys
2009-09-12 12:14 . 2009-09-12 12:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-12 12:03 . 2009-09-12 12:03 -------- d-----w- c:\program files\Intel
2009-09-12 12:03 . 2008-02-22 11:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-09-12 12:03 . 2009-09-12 12:03 -------- d-----w- C:\Intel
2009-09-12 11:53 . 2009-09-12 11:53 -------- d-----w- c:\windows\system32\x64
2009-09-12 11:53 . 2009-09-12 11:53 -------- d-----w- c:\windows\system32\Lang
2009-09-12 11:53 . 2008-09-12 13:16 920088 ----a-w- c:\windows\system32\igxpun.exe
2009-09-12 11:52 . 2008-09-12 13:17 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-09-12 11:51 . 2009-09-12 11:51 -------- d-----w- C:\Diskeeper
2009-09-12 11:44 . 2009-09-12 11:44 37008 ----a-w- c:\users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-12 11:42 . 2009-09-12 11:42 -------- d-----w- c:\programdata\Diskeeper Corporation
2009-09-12 11:42 . 2009-09-12 11:42 -------- d-----w- c:\program files\Diskeeper Corporation
2009-09-12 11:42 . 2009-09-12 11:42 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-09-12 11:42 . 2009-09-12 13:32 -------- d-sh--w- c:\windows\Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 12:52 . 2009-09-12 12:52 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-09-12 12:52 . 2009-09-12 12:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-12 12:47 . 2009-09-12 12:47 -------- d-----w- c:\program files\Realtek
2009-09-12 12:45 . 2009-09-12 12:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\InstallShield
2009-09-12 12:20 . 2009-09-12 12:20 -------- d-----w- c:\program files\ESET
2009-09-12 12:14 . 2009-09-12 12:14 -------- d-----w- c:\program files\TOSHIBA
2009-09-12 11:54 . 2009-09-12 11:43 680 ----a-w- c:\users\Stefan\AppData\Local\d3d9caps.dat
.

------- Sigcheck -------

[-] 2009-06-09 . BD7E6C2B85969E0AAF6201E4146A529F . 2947584 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[-] 2009-06-09 . BD7E6C2B85969E0AAF6201E4146A529F . 2947584 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[-] 2009-05-02 . E8F0D3B322C7C2DFE8F33BFF26F2A88B . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2009-05-02 . E8F0D3B322C7C2DFE8F33BFF26F2A88B . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-06-11 1287168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-12 145944]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):18,aa,f7,f7,a9,ba,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7/1/2008 9:02 AM 468224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [9/12/2009 2:14 PM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [9/12/2009 2:52 PM 290304]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\vnlv8vmk.default\
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-13 16:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-13 16:04
ComboFix-quarantined-files.txt 2009-09-13 14:04

Pre-Run: 27,649,523,712 bytes free
Post-Run: 27,632,762,880 bytes free

135

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


DEQUARANTINE::
C:\Qoobox\Quarantine\C\windows\ShellNew
QUIT::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

C:\Qoobox\Quarantine\C\windows\ShellNew\Journal.jnt -> C:\windows\ShellNew\Journal.jnt
1 File(s) copied

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 13 Sep 2009 22:07

Sve izgleda ok, samo mi nema ikonice od nod-a u system trayu?

Dopuna: 13 Sep 2009 22:09



Ovo me buni, zato sto na ranijim OS-ovima nisam primecivao ovu zastavicu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Prvo isprati uputstvo za deinstalaciju ComboFix_a.

2. Kada odradiš deinstalaciju restartuj računar.

3. Što se tiče "zastavice" ovo bi trebalo da pomogne...

http://www.howtogeek.com/howto/windows-vista/disab.....ows-vista/


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.