malo ti se sporije diže sistem, startup ti je pun svega pretpostavljam, a moguće i da te neki virus smara. uglavnom, ne izbaci ti odma taj prozorčić jer već nešto radi računar

Pa dobro sta sada da radim i na koji nacin jos mogu pokusati
da taj problem rijesim ?

ono sto jesam pokusao da uradim je sledece:

start/run/msconfig---enter i u novo otvorenom programu
systemconfig tamo gdje stoji ono da izaberem hide all microsoft....
prvo to izaberem a zatim deaktiviram sve ostalo i isto tako u
opciji gdje stoji start takodje sve deaktiviram osim antivirus
programa tako da je i dalje isti problem


Ma imam i jos jedno pitanje pored ovog koje je po mom
amaterskom znanju nekako neobicno to da skoro svaki
treci ili cetvrti dan se pojavi windows update pa kontam
da jedino to moze i biti uzrok svih ovih opterecenja i zajebancija

jer do laptop-a mi nebi trebalo biti kada je u pitanju dualcore 1.6 cpu,
2 gb ram i 160 gb hdd...

Dakle pored prvog problema sto imam sa sporiiiiim otvaranjem
te opcije drugo pitanje je KOLIKO JE DOBRO da se non-stop
windows updatira sa ni sam ne znam koliko sam extra mb instalirao
samim updatiranjem windows-a

Baratamo sa izuzetno malim brojem dodatnih informacija.
Ovako, čitajući tvoje pisanije, meni sve deluje normalno jer svaka Toshiba sa Norton AV radi tako.
Šalu na stranu, .... od kada se to dešava, da li si nešto instalirao u skorije vreme, da li si koristio neki od multipraktik alata koji čiste registry i sve okolo usput, da li si skenirao računar sa nekim od AV alata ....
Drugo, gledaj karticu StartUP i pogledaj koji se sve servisi dižu sa Vistom
Pratiš li CPU zauzeće?
Imaš li firewall?


Što se tiče opcije UPDATE , uvek je pametno i korisno da bude uključena.
E sad, šta ti smatraš pod tim STALNO?

Od antivirusa koristim free Antivir a firewall i defender od windows-a viste
uz kao sto sam spomenuo nonstop windows update.

Ma koliko se ja sjecam da mi je bas ta vrsta usporavanja i pocela
od kako sam u vise navrata updatirao sami windows.

Sto se tice neki posebnih programa na laptop-u nemam osim
onih standardnih kao na primer:msn,skype,free call,tomtom,ofice...
medjutim niti jedan od njih nije u opciji podesen na AUTO START
vec ih pokrecem samo po potrebi dakle manualno.

Nekoliko puta sam odradijo scan sa antivir-om isto tako sa win.defender-om
nema greski ili bar oni nemogu pronaci da ima bilo sta sto nebi trebalo imati.

Od toga multipraktik kako ti to nazivas alata za ciscenje registry i ostalog
nisam koristijo nista (moze li koja preporuka..?)

A to oko kartice startup i sta se sve podize sa vistom nerazumem na sta mislis?

Na koji nacin mogu pogledati to zauzece ili opterecenje CPU-a ?

"stalno" mislijo sam ucestalo mi se pojavljuje to win.update

Start => Run => msconfig pa pogledaj karticu StartUP
Što se tiče CPU, najlakše je da pokreneš Task Manager i pogledaš zauzetost CPU
A da ga pratiš konstatno pokreni Sidebar pa pronadji CPU meter

Avira jeste jedno od najboljih besplatnih rešenja ali nikako u vrhu onih koji odišu poverenjem
Skini Malwarebytes, instaliraj Kaspersky Trial (skini Aviru pre toga) a za registry možeš koristiti CC cleaner

NAravno, prvo pogledaj šta je u onoj StartUP kartici, ima li nekih sumnjivih procesa?
Da li ti je isključen UAC ?


I tako to ;)

Ovako kada je u pitanju kartica startup ....vec sam i naveo sta sam
po tom pitanju uradijo.

ono sto me zabrinjava u tom slucaju je to da mi je upravo u onom
delu opcije u systemconfig. dakle ispred startup gdje imam opciju
da cekiram ono hide all microsoft.... samo mi u tom delu ima
cekiranih 98 polja kojekakvih raznih procesa koji verovatno voze u pozadini
medjutim kod onog u start samo stoji avira

moze li neko da mi kaze upravo u tom delu systemconfig.gdje imam
opciju da cekiram hide all microsoft.... koliko onih cekiranih polja
treba biti kod viste?

CPU meter u side bar-u pokazuje da je ona veca ikona varira
izmedju 23 i 29 % a ona manja ikona pokazuje konstantno 54%

cc cleaner sam pokusao par puta ali nikakve promene,Malwarebytes
pokusacu veceras da skinem i odradim kad budem imao malo vise free.

veći sat predstavlja zauzeće procesora (što je bitno u tvom slučaju), a manji zauzeće ram memorije.
ukoliko ti kod većeg pokazuje konstanto 20% (kad su ti svi prozori i programi zatvoreni) to ne valja, jer računar radi nešto što ti ne vidiš
e to nešto može biti svašta, a najčešće virus. da bi video koji proces ti opterećuje procesor idi u task manager i u procesima pogledaj kolonu CPU i koji proces koristi tih 20ak posto (System Idle Process zanemari, jer on uver vrti na nekih 90%)
a što se systemconfiga tiče, hajduj sve majkrosoft procese i onda sam otprilike skontaj šta treba, a šta ne treba da je uključeno (bitne su ti neke stvari kao što je firewall, antivirus i sl, a ako imaš neke zajebancije kao što su nero, skype, acdsee i tako dalje, to možeš sve da isključiš)
uglavnom, moja pretpostavka je da je virus neki u pitanju.

Dakle veci sat pokazuje zauzece procesora a manji zauzece ram memorije

u tom slucaju kada su mi svi programi zatvoreni a samo internet stranica
ova kada je otvorena tada pokazuje i na primer i do 40% samo u slucaju
kada podizem i spustam sa vrha na dno stranicu misem a kada nista ne
diram misem niti pomeram stranicu gore dole onda varira izmedju 0.1%
do 0.6% dok sat za memoriju stoji konstantno na 45% a ne kao sto
sam vec naveo 54%(izvinjavam se)

Opet cisto sumnjam da je u pitanju neki virus jer sam system recovery
je deaktiviran zatim scaniranjem u safe modu antivira i win.defendera sve je ok

u systemconfig-u u opciji services sam cekiro hide all microsoft...a sve ostalo
u preostalim procesima osim antivire deaktivirao a zatim u opciju startup
takodje sve bas sve deaktivirao opet osim antivire i onda restartovao laptop

a kad sam kod tog cekiranog procesa microsofta ima ih 98 komada raznih aktivnih

i dalje je problem isti ali samo u slucaju kada kao sto sam naveo desnim klikom
misa kliknem na bilo koji folder ili file nikako da mi se pojavi lista sa opcijama
za najmanje skoro 2 minute.

Hajde da vidimo da li ovde ima tragova malware-a. Za pocetak skini program HijackThis.

Kada ga preuzmes preimenuj fajl u bilo sta npr. blabla.exe. Pokreni ga i klikni na "Do a system scan and save a logfile". Taj log fajl iskopiraj ovde da vidimo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:47:46, on 02-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Privat\Desktop\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 2057 bytes

Stikliraj ovde dve linije:

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

Pritisni Fix Checked i restartuj racunar. Daj mi sliku tog menija koji ti pravi problem. Znaci klikni desni klik na folder i uradi PrintScreen i daj ovde sliku. Kada ti se tacno javlja problem? Samo kada kliknes na folder ili uvek? U svakom slucaju, problem lezi u context menu-u, sto znaci da cemo morati da pogledamo malo tvoj Registry ili preko programa ShellExView.

Jedino od tog one note sto imam u laptop-u je da kada proverim sa search
pokaze mi da je to program microsoft office one note 2007

Uradijo sam i fix checked i restarto ali i dalje isto..........

Ma radi se o obicnom meniju kada na bilo koji folder,file ili ikonu koju imam
na desktopu ponisanim misem i pritisnem desnim klikom misa
pa se pojavi lista gdje pocinjem sa opcijijom OPEN .......

E TA LISTA MENIJA NIKAKO DA MI SE POJAVI MOMENTALNO KAO STO TREBA
vec kod viste ima onaj mali plave boje kruzic koji vrti,vrtiiiiii,vrtiiiiiiiiii skoro 2 minute.

Rekao bih po velicina log-a da ti je i sistem relativno skoro instaliran (ispravi me ako gresim). Probaj sledece:

• Preuzmi program CCleaner
• Snimi ga na desktop i pokreni CCleaner.exe
• Po otvaranja programa sa leve strane odaberi Cleaner, proveri da li su sve stavke pod Windows i Applications stiklirane i pritisni Analyze
• Analiziranje fajlova moze potrajati par desetina minuta (u zavisnosti od velicine hard diska i nepotrebnih fajlova)
• Kad se analiza zavrsi na vrhu desnog prozora pisace ANALYSIS COMPLETE
• Sada pritisni Run Cleaner u donjem desnom uglu i sacekaj da se obavi brisanje fajlova (moze potrajati par minuta)
• Posle uspesnog ciscenja u desnom prozoru na vrhu pisace CLEANING COMPLETE
• Posle ciscenja fajlova, prelazimo na ciscenje Registry baze
• Odaberi sa leve strane Registry
• Pritisni Scan for issues i sacekaj da se skeniranje zavrsi
• Kada je zavrseno skeniranje pritisni Fix selected issues
• Ovara se novi prozor - odgovorite sa No
• Ovara se novi prozor - odgovorite sa Fix All Selected Issues i potvrdite sa Ok
• Kad se zavrsi brisanje u istom prozoru pisace zelenim slovima Issue Fixed i kliknite Close
• Ovo ciscenje Registry baze mozete uraditi nekoliko puta za redom, dok vam se ne pojavi No issues were found


*************************

Ne bi bilo lose da sve particije defragmentiras (pokrenes sistemski program Disk Defragmenter, u programu oznaci C particiju i pritisni Defragment - ovo ponovi i za ostale particije).

*************************

Ako nista od navedenih saveta nije pomoglo uradi sledece:

• Preuzmi i instaliraj program Malwarebytes` Anti-Malware
• Pokreni ga i izvrsi update (Update > Check for Updates) i po zavrsetku potvrdi sa OK
• Posle update-a odaberi Scanner, oznaci Perform full scan i pritisni Scan
• Kada se zavrsi skeniranje videces spisak pronadjenih "stetocina" u levom prozoru (ako bude nasao neke tragove stetocina)
• Proveri da li su svi pronadjeni fajlovi stiklirani i pritisni Remove Selected i potvrdi sa OK
• Program ce te upitati da restartujes racunar i ti to potvrdi
• Takodje posle ukljanjanje malware-a sa racunara dobices log fajl (izvestaj) koji ces iskopirati ovde

*************************

Ako ni ovo ne pomogne, probacemo sa programom ShellExView.

Javi rezultate navedenih saveta.

_{[Ovu poruku je menjao Nemanja Živanović dana 06.04.2009. u 18:40 GMT+1]}

Sve sam uradijo kako si objasnijo.......ukljucujuci i defragment....problem i dalje isti

Da,sistem je instaliran otprilike prije 2-3 meseca


Evo kopije log fajl-a :

Windows 6.0.6001 Service Pack 1

08-04-2009 20:34:46
mbam-log-2009-04-08 (20-34-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 141919
Time elapsed: 1 hour(s), 36 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hajde da pogledamo malo detaljnije. Preuzmi program RSIT, pokreni ga i na pitanje odgovori sa Continue. Na kraju skeniranja otvoritice se log.txt i zakaci uz poruku (uploaduj), da vidimo. Ako ga slucajno zatvoris taj file ce biti sacuvan kao C:\rsit\log.txt.

Uradjeno i to samo sto ne znam kako da zakacim to ovdje nisam do sada nijednom
tako nesta radijo.......

Evo i sada isto kada sam otisao u C:\rsit\ pa zatim desnim misem kliknuo na (log.txt.)
da bi na pr.kopirao taj text fajl na desktop kod viste pocne onaj mali kruzic plave boje
da vrtiiii vrtiiiii i treba mu oko 2 skoro minute da bi se pojavila lista gdje trebam
izabrati opciju copy...ili cut ili bilo sta.....

Da bi upload-ovao fajl uz poruku potrebno je prvo da iskucas poruku i da je postavis (ides na Odgovori, iskucas poruku i pritisnes Posalji poruku). Kada si iskucao poruku i poslao je ispod nje ce se pojaviti 4 dugmeta (Upload uz poruku, Brza izmena, Izmena/Brisanje, Odgovor na temu). Odaberi Upload uz poruku i u novom prozoru pod Izbor fajla klikni na Browse, odaberi sa svog racunara izvestaj, pritisni Open. Kad se zatvori taj prozor pritisni Upload. Po zavrsenom postavljanju mozes kliknuti na Povratak na poruku.

_{[Ovu poruku je menjao Nemanja Živanović dana 09.04.2009. u 15:29 GMT+1]}

Evo izvestaja.

_{[Ovu poruku je menjao Nemanja Živanović dana 09.04.2009. u 15:23 GMT+1]}

Postoje tragovi malware-a. Prvo ugasi svu zastitu koji imas:

• Klikni desnim klikom na Avira ikonicu u donjem, desnom uglu ekrana i destikliraj AntiVir Guard Enable.
• Klikni desnim klikom na Malwarebytes` Antimalware ikonicu i pritisni Exit

Skini ComboFix na Desktop. Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva koja ti program zadaje. Kada se zavrsi proces skeniranja pojavice se izvestaj koji ces ovde iskopirati. Ako slucajno ugasis izvestaj on se nalazi na C:\ComboFix.txt.

Napomena: Prati pazljivo upustva koja ti budem pisao i dok radimo sa ovim programom nemoj nista raditi na svoju ruku - nemoj skenirati racunar sa antivirusima, skidati sa interneta ili instalirati neke programe. Imaj na umu da imas zarazeni USB disk (flash) pa bi bilo dobro da ga formatiras.

_{[Ovu poruku je menjao Nemanja Živanović dana 09.04.2009. u 15:29 GMT+1]}

Ako mogu samo jos ovo da dodam mozda ce za tebe da ima neko znacenje u smislu
da provalis odmah u cemu je problem kod mene.....

u zadnje vrijeme nije mi se pojavljivala nikako ona ikonica u desnom donjem uglu
od antivire i ako je ona u pozadini bila aktivna (enable)

to me je malo i nerviralo pa sam odlucijo da taj antivir uninstaliram i da ga ponovo
nakon restart racunara instaliram iz pocetka medjutim NEMA SANSE da ga ponovo
instaliram stalno mi pojavljuje gresku:

Run time error

Program:C...

This application has reqested the runtime to terminate it in an unusual way

Sta je razlog pa nemogu da instaliram iz pocetka taj antivir program?

Tako da sam odlucijo da instaliram AVG antivirusni program za pocetak dok
ne pronadjem neko resenje za ponovno instaliranje antivir-a

pa cu u ovoj sledecoj uputi koju si mi objasnijo samo iskljuciti disable avg umesto onog antivir
i onda cu kopirati izvestaj

ComboFix 09-04-04.01 - Privat 2009-04-09 22:11:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1108 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\Security-CleanUp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-09 til 2009-04-09 )))))))))))))))))))))))))))))))))))
.

2009-04-09 22:05 . 2009-04-09 22:05 <DIR> d-------- C:\ComboFix-4
2009-04-09 21:48 . 2009-04-09 21:48 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-09 21:48 . 2009-04-09 21:48 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-09 21:47 . 2009-04-09 21:49 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\users\All Users\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\programdata\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\program files\AVG
2009-04-09 21:47 . 2009-04-09 21:47 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-08 18:56 . 2009-04-08 18:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:56 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:56 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 20:06 . 2009-04-03 20:06 <DIR> d-------- c:\users\Privat\AppData\Roaming\HP
2009-04-03 20:01 . 2009-04-03 22:42 140,920 --------- c:\windows\hpoins14.dat.temp
2009-04-03 20:01 . 2007-09-20 17:56 2,000 --------- c:\windows\hpomdl14.dat.temp
2009-03-30 18:15 . 2009-03-30 18:15 <DIR> d-------- c:\windows\MaxSecureBackup
2009-03-30 17:53 . 2007-05-24 16:57 143,360 --a------ c:\windows\System32\GetHardDiskNo.dll
2009-03-30 17:53 . 2009-03-30 18:14 63 --a------ c:\windows\system\SYSRegC.dll
2009-03-30 17:23 . 2009-03-30 17:23 <DIR> d-------- c:\users\Privat\AppData\Roaming\SmartPCTools
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\programdata\TEMP
2009-03-30 17:19 . 2009-03-30 17:19 <DIR> d-------- c:\program files\CCleaner
2009-03-30 15:35 . 2009-03-30 15:35 738,304 --a------ c:\windows\GPInstall.exe
2009-03-30 15:35 . 2000-09-04 14:24 8,055 --a------ c:\windows\Serbian2.gpl
2009-03-21 19:20 . 2009-03-21 19:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-21 11:00 . 2009-03-30 00:05 <DIR> d-------- c:\program files\Google
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\HP
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-20 22:43 . 2007-03-17 18:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-20 22:43 . 2007-03-17 18:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-20 22:43 . 2007-03-08 06:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-20 22:43 . 2007-03-17 18:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-20 22:43 . 2007-03-30 17:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-20 22:43 . 2007-03-28 15:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\users\All Users\HP
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\programdata\HP
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\users\All Users\NOS
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\programdata\NOS
2009-03-15 15:44 . 2009-03-15 15:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-14 19:54 . 2009-03-14 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-13 19:09 . 2009-03-30 19:16 <DIR> d-------- C:\Downloads
2009-03-13 19:07 . 2009-04-09 08:43 <DIR> d-------- c:\users\Privat\AppData\Roaming\Free Download Manager
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\program files\Free Download Manager
2009-03-11 12:05 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 12:05 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 12:05 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 12:05 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 12:05 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 12:05 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-09 10:06 . 2009-03-10 22:55 <DIR> d-------- c:\program files\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-01-17 01:43 174 --sha-w c:\program files\desktop.ini
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-14 22:46 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGTDIX

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e222b03-e326-11dd-945d-0016d386ad45}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f39d5-f09b-11dd-b6d1-0016d386ad45}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8713ccbd-157a-11de-a3e0-0016d386ad45}]
\shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eba549e-e29f-11dd-9c6b-0016d386ad45}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - "resycled\boot.co

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 22:13:08
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-09 22:15:13
ComboFix-quarantined-files.txt 2009-04-09 20:15:10

Pre-Kørsel: 138.781.073.408 byte ledig
Post-Kørsel: 138,756,149,248 byte ledig

305 --- E O F --- 2009-03-28 10:30:22

Postoje fajlovi koji mi nisu poznati ili nisam siguran da su regularni, pa bih te zamolio da ispratis ovo upustvo:

• Poseti sajt Virus Total
• Klikni na Browse i nadji sledece fajlove (jedan po jedan obelezavaj):

c:\windows\System32\igfxpers.exe
c:\windows\System32\ieUnatt.exe
c:\windows\System32\wextract.exe

• Pritisni Send.
• Iskopiraj za svaki fajl izvestaj u sledecu poruku.

_{[Ovu poruku je menjao Nemanja Živanović dana 09.04.2009. u 23:13 GMT+1]}

1.Exception
Please report failure as: ErrorTime= "Apr 10 11:48:52"

2.Exception
Please report failure as: ErrorTime= "Apr 10 11:49:54"

3.Exception
Please report failure as: ErrorTime= "Apr 10 11:51:17"


Odradijo sam po dva puta pojedinacno isti odgovor mi se javlja na sva tri fajla

• Poseti sajt Jotti Online Malware Scan
• Klikni na Browse (na vrhu strane) i nadji sledece fajlove na svom racunaru:

c:\windows\System32\igfxpers.exe
c:\windows\System32\ieUnatt.exe
c:\windows\System32\wextract.exe

• Pritisni Submit.
• Iskopiraj za svaki fajl izvestaj u sledecu poruku.

_{[Ovu poruku je menjao Nemanja Živanović dana 10.04.2009. u 17:31 GMT+1]}

Sada me zabrinulo i to zasto nemogu NIKAKO da instaliram ponovo Antivir program
takodje sam zapazijo prilikom otvaranja internet stranica da mi je malo sporiji kompjuter.

Odgovor je na sva tri fajla ovakav:

Scanner results
Scan taken on 11 Apr 2009 17:27:30 (GMT)

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
------------------------------------------------

Iskljuci svu zastitu opet. Ako imas AVG prati sledece upustvo:

Otvori AVG 8 Control Center, desnim klikom na AVG 8 ikonicu na taskbar-a.

• Klikni na Tools.
• Odaberi Advanced.
• U levom delu prozora otvori "Resident Shield".
• U otvorenom prozoru deselektuj "Enable Resident Shield."

******************************

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

ComboFix 09-04-04.01 - Privat 2009-04-12 12:36:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1156 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Privat\Desktop\CFScript.txt.txt


(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 20:55 --------- d-----w c:\program files\Paint.NET
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-17 01:43 174 --sha-w c:\program files\desktop.ini
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e222b03-e326-11dd-945d-0016d386ad45}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f39d5-f09b-11dd-b6d1-0016d386ad45}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8713ccbd-157a-11de-a3e0-0016d386ad45}]
\shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eba549e-e29f-11dd-9c6b-0016d386ad45}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - "resycled\boot.co

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 12:38:42
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-12 12:40:35
ComboFix-quarantined-files.txt 2009-04-12 10:40:32

Pre-Kørsel: 138,766,331,904 byte ledig
Post-Kørsel: 138,734,845,952 byte ledig

290 --- E O F --- 2009-03-28 10:30:22

Ako si stavljao neki USB flash, on je zarazen i preporucujem ti da ga formatiras. Drzi SHIFT i ubaci taj(te) USB i formatiraga iz My Computer-a.

Iskljuci svu zastitu opet. Ako imas AVG prati sledece upustvo:

Otvori AVG 8 Control Center, desnim klikom na AVG 8 ikonicu na taskbar-a.

• Klikni na Tools.
• Odaberi Advanced.
• U levom delu prozora otvori "Resident Shield".
• U otvorenom prozoru deselektuj "Enable Resident Shield."

******************************

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

ComboFix 09-04-04.01 - Privat 2009-04-12 13:25:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1103 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Filer skabt fra 2009-03-12 til 2009-04-12 )))))))))))))))))))))))))))))))))))
.

2009-04-09 21:48 . 2009-04-09 21:48 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-09 21:48 . 2009-04-09 21:48 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-09 21:47 . 2009-04-11 21:59 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\users\All Users\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\programdata\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\program files\AVG
2009-04-09 21:47 . 2009-04-09 21:47 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-08 18:56 . 2009-04-08 18:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:56 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:56 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 20:06 . 2009-04-03 20:06 <DIR> d-------- c:\users\Privat\AppData\Roaming\HP
2009-04-03 20:01 . 2009-04-03 22:42 140,920 --------- c:\windows\hpoins14.dat.temp
2009-04-03 20:01 . 2007-09-20 17:56 2,000 --------- c:\windows\hpomdl14.dat.temp
2009-03-30 18:15 . 2009-03-30 18:15 <DIR> d-------- c:\windows\MaxSecureBackup
2009-03-30 17:53 . 2007-05-24 16:57 143,360 --a------ c:\windows\System32\GetHardDiskNo.dll
2009-03-30 17:53 . 2009-03-30 18:14 63 --a------ c:\windows\system\SYSRegC.dll
2009-03-30 17:23 . 2009-03-30 17:23 <DIR> d-------- c:\users\Privat\AppData\Roaming\SmartPCTools
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\programdata\TEMP
2009-03-30 17:19 . 2009-03-30 17:19 <DIR> d-------- c:\program files\CCleaner
2009-03-30 15:35 . 2009-03-30 15:35 738,304 --a------ c:\windows\GPInstall.exe
2009-03-21 19:20 . 2009-03-21 19:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-21 11:00 . 2009-03-30 00:05 <DIR> d-------- c:\program files\Google
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\HP
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-20 22:43 . 2007-03-17 18:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-20 22:43 . 2007-03-17 18:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-20 22:43 . 2007-03-08 06:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-20 22:43 . 2007-03-17 18:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-20 22:43 . 2007-03-30 17:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-20 22:43 . 2007-03-28 15:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\users\All Users\HP
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\programdata\HP
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\users\All Users\NOS
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\programdata\NOS
2009-03-15 15:44 . 2009-03-15 15:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-14 19:54 . 2009-03-14 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-13 19:09 . 2009-03-30 19:16 <DIR> d-------- C:\Downloads
2009-03-13 19:07 . 2009-04-09 08:43 <DIR> d-------- c:\users\Privat\AppData\Roaming\Free Download Manager
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 20:55 --------- d-----w c:\program files\Paint.NET
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-17 01:43 174 --sha-w c:\program files\desktop.ini
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e222b03-e326-11dd-945d-0016d386ad45}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f39d5-f09b-11dd-b6d1-0016d386ad45}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8713ccbd-157a-11de-a3e0-0016d386ad45}]
\shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eba549e-e29f-11dd-9c6b-0016d386ad45}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - "resycled\boot.co

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 13:27:44
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-12 13:29:41
ComboFix-quarantined-files.txt 2009-04-12 11:29:38

Pre-Kørsel: 138,770,886,656 byte ledig
Post-Kørsel: 138,737,979,392 byte ledig

288 --- E O F --- 2009-03-28 10:30:22

Nisi nesto dobro uradio. Ajde probaj ponovo:

Iskljuci svu zastitu opet. Ako imas AVG prati sledece upustvo:

Otvori AVG 8 Control Center, desnim klikom na AVG 8 ikonicu na taskbar-a.

• Klikni na Tools.
• Odaberi Advanced.
• U levom delu prozora otvori "Resident Shield".
• U otvorenom prozoru deselektuj "Enable Resident Shield."

******************************

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

ComboFix 09-04-04.01 - Privat 2009-04-12 13:57:28.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1031 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Privat\Desktop\CFScript.txt

FILE ::
c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\desktop.ini

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-12 til 2009-04-12 )))))))))))))))))))))))))))))))))))
.

2009-04-12 13:49 . 2009-04-12 13:49 <DIR> d-------- c:\program files\Panda Security
2009-04-12 13:49 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-04-12 13:44 . 2009-04-12 13:44 <DIR> d--h----- C:\$AVG8.VAULT$
2009-04-09 21:48 . 2009-04-09 21:48 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-09 21:48 . 2009-04-09 21:48 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-09 21:47 . 2009-04-11 21:59 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\users\All Users\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\programdata\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\program files\AVG
2009-04-09 21:47 . 2009-04-09 21:47 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-08 18:56 . 2009-04-08 18:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:56 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:56 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 20:06 . 2009-04-03 20:06 <DIR> d-------- c:\users\Privat\AppData\Roaming\HP
2009-04-03 20:01 . 2009-04-03 22:42 140,920 --------- c:\windows\hpoins14.dat.temp
2009-04-03 20:01 . 2007-09-20 17:56 2,000 --------- c:\windows\hpomdl14.dat.temp
2009-03-30 18:15 . 2009-03-30 18:15 <DIR> d-------- c:\windows\MaxSecureBackup
2009-03-30 17:53 . 2007-05-24 16:57 143,360 --a------ c:\windows\System32\GetHardDiskNo.dll
2009-03-30 17:53 . 2009-03-30 18:14 63 --a------ c:\windows\system\SYSRegC.dll
2009-03-30 17:23 . 2009-03-30 17:23 <DIR> d-------- c:\users\Privat\AppData\Roaming\SmartPCTools
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\programdata\TEMP
2009-03-30 17:19 . 2009-03-30 17:19 <DIR> d-------- c:\program files\CCleaner
2009-03-30 15:35 . 2009-03-30 15:35 738,304 --a------ c:\windows\GPInstall.exe
2009-03-21 19:20 . 2009-03-21 19:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-21 11:00 . 2009-03-30 00:05 <DIR> d-------- c:\program files\Google
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\HP
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-20 22:43 . 2007-03-17 18:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-20 22:43 . 2007-03-17 18:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-20 22:43 . 2007-03-08 06:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-20 22:43 . 2007-03-17 18:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-20 22:43 . 2007-03-30 17:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-20 22:43 . 2007-03-28 15:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\users\All Users\HP
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\programdata\HP
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\users\All Users\NOS
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\programdata\NOS
2009-03-15 15:44 . 2009-03-15 15:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-14 19:54 . 2009-03-14 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-13 19:09 . 2009-03-30 19:16 <DIR> d-------- C:\Downloads
2009-03-13 19:07 . 2009-04-09 08:43 <DIR> d-------- c:\users\Privat\AppData\Roaming\Free Download Manager
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 20:55 --------- d-----w c:\program files\Paint.NET
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-14 22:46 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 13:59:40
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-12 14:01:39
ComboFix-quarantined-files.txt 2009-04-12 12:01:37

Pre-Kørsel: 138,654,748,672 byte ledig
Post-Kørsel: 138,621,566,976 byte ledig

289 --- E O F --- 2009-03-28 10:30:22

Uradijo sam sve onako kako si objasnijo nema tu nista da je nejasno....

Meni se sve cini ako se nevaram da je sve ovo oko ove vrste zajebancije
sve pocelo od kako sam poceo sa windows updatiranjem......

Malo pre nisi dobro prekopirao skriptu u ComboFix, sada jesi i obrisalo se ono sto sam napisao. Jel ti to AVG nasao neki virus? Sta je sad ovo: Panda Security? Restartuj racunar u Safe Mode i uradi scan sa HijackThis-om i postavi ovde novi izvestaj. Formatiraj one USB flashove kao sto sam ti napisao. Kakvo je sada stanje?

Vidi sto se tice usb flasha to i nemam vise niti koristim....
a to panda sada to sam pokusao online scan my pc for virus

Ok. Hajde da uninstaliramo ComboFix:

Otvori Start > Run i ukucaj combofix /u

Program ce se automatski uninstalirati. Nemoj zaboraviti da ukljucis svu zastitu, posto si je gasio zbog rada ovog programa.

======================

Ja ne vidim ovde vise tragova malware-a. Hajde dok smo vec ovde da pogledamo jos nesto. Preuzmi program ShellExView. Instaliraj ga i pokreni. On ce automatski izvrsiti skeniranje racunara. Kad se skeniranje zavrsi (traje par sekundi) sortiraj spisak po tipu (Type) tako sto ces kliknuti na Type i spisak ce automatski biti sortiran. Potrebno je na vrhu spiska da dobijes Context Menu spisak kao na slici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:11, on 09-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\SndVol.exe
C:\Users\Privat\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Privat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2201 bytes

Extension Name : Display Effects CPL Extension
Disabled : No
Type : System
Description : API til Windows-tema
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name : Microsoft® Windows® Operativsystem
Company : Microsoft Corporation
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Windows\system32\themeui.dll
CLSID : {41E300E0-78B6-11ce-849B-444553540000}
File Created Time : 17-01-2009 02:57:12
CLSID Modified Time: 02-11-2006 14:53:15
Microsoft : Yes
File Extensions :
File Attributes : A
File Size : 615.424

A sada mi se pojavijo Resident Shield alert sa porukom
multiple threat detection
-c:\user\privat\appdata\roaming\microsoft\windows\cookies\low\privat@doubleclick(1).txt
--c:\user\privat\appdata\roaming\microsoft\windows\cookies\low\privat@statcounter(1).txt

To ti nije nista opasno. Slobodno obrisi. Sta bi sa ShellExView-om? Slika?

Kako sada tu sliku da kopiram memorisem ili sta vec da bi je ubacijo ovdje
razumeo sam kako sada da uploadujem ovdje .....

Da bi upload-ovao fajl uz poruku potrebno je prvo da iskucas poruku i da je postavis (ides na Odgovori, iskucas poruku i pritisnes Posalji poruku). Kada si iskucao poruku i poslao je ispod nje ce se pojaviti 4 dugmeta (Upload uz poruku, Brza izmena, Izmena/Brisanje, Odgovor na temu). Odaberi Upload uz poruku i u novom prozoru pod Izbor fajla klikni na Browse, odaberi sa svog racunara sliku, pritisni Open. Kad se zatvori taj prozor pritisni Upload. Po zavrsenom postavljanju mozes kliknuti na Povratak na poruku.

Ma to mi je sada jasno kao sto sam vec naveo ali kako samu sliku sada da memorisem na desktop
nakon sto mi se pojavi kada pokrenem onaj program shellexeview? mislim u jpeg fajlu

Ok, nismo se razumeli, uglavnom je problem da se slika uploaduje Kada otvoris prozor programa ShellExViewer i uradis sve sa sortiranjem pritisni Print Screen dugme na tastaturi (negde pise i prt sc). Zatim otvori recimo Paint i idi na Edit > Paste. Takvu sliku snimi (File > Save as.. > daj joj neko ime i izaberi pod Save as type u padajucem meniju JPEG) i pritisni Ok. Tu snimljenu sliku uploaduj uz sledecu poruku, po navedenom upustvu.

Vidi druze znam da sam i tebi mozda vec poceo biti dosadan ali sta cu kada i sam trazis
ko da znas gdje jos imam problema na racunaru.... hehehe

kada su u pitanju dugmad na ovom lap top-u nijedno dugme po pitanju extra funkcija
mi ne radi nemam pojma zasto a sve je radilo pretpostvaljam da se radi o disable ili slicno,
takodje dugmad pgdn i pgup mi neradi .....

dakle FN i dugme za smanjivanje i pojacavanje svetlosti ili zvuka isto tako i sada ovo dugme
za koje si mi objasnijo da pritisnem da bi kopirao sliku sa desktop-a pod imenom Prt.SC
takodje neradi mislim ne reaguje .....sta sada da radim kako da sve to enable da aktiviram?

Ma nisi mi dosadio. Problem je sto ne vidim sta tacno moze biti problem na tvom racunaru, pa pokusavam sto vise stvari da ispitam i eliminisem. Ako ti ne rade ti dugmici probaj da instaliras drajvere za te dugmice (Quick Buttons ili kako iz vec zove tvoj proizvodjac) sa zvanicnog sajta proizvodjaca tvog laptop-a (ako postoje za Vistu).

P.S. Kada pritisnes FN dugme i jos neko npr. prt sc (znaci drzis FN i pritisnes prt sc) tek onda si prakticno uradio Print Screen. Mozda se sad smejes sto ti ovo govorim, ali neki ljudi ne znaju da tako to funkcionise.

Ima koliko ja vidim sa vremena na vreme i nekih drugih nedostataka
kao na primer kada su u pitanju sada bas kad mi je potrebno
ovo sa dugmadima fn+prtsc/fn+pgdn-pgup/fn+ -> <- za kontrast/......
i ako sam jos jednom proverijo sve drivere oni su ok.
lanch menager instaliran,touchpad....

dakle sada trenutno zapazeni nedostatci i problemi su sledeci:

-nesta malo sporije mi otvara net stranice

-kao sto sam naveo oko desnog klika misem na bilo koju vrstu fajl-a
ceka se skoro 2 min. da se pojavi lista opcija (ikona misa,kruzic vrtiiiii u krug-kod viste)

-nakon sto sam uninstalirao antivir NEMA sanse da mogu ponovo
instalirati iznova Antivir program

-a sada jos i ovo sa dugmadima na tastaturi oko komandi sa FN

ako imas jos neku ideju samo napisi ili mozda bi i bilo najbolje da formatiram komplet sve pa iznova

ps...najgore mi je to sto sam to skoro radijo prije nepuna 3 meseca....a opet
i dalje mislim da mi je sve ovo pocelo nakon svih onih silnih update-a win viste

Evo opet se pojavijo isti problem kao i sa ANTIVIR programom ovoga puta sa AVG
ona mala ikona sto mora biti u donjem desnom uglu vise je NEMA dakle nevidljiva je
i ako nista nisam disable cekirao u start/RUN/msconfig

dakle isto mi je tako se desavalo i sa antivira programom


_{[Ovu poruku je menjao sen dana 12.04.2009. u 17:52 GMT+1]}

Uradi Online Scan sa Kaspersky's Online Scanner

• Klikni na Accept i program ce poceti da se update-uje.
• Sa leve strane, pod stavkom Scan odaberi My Computer, i proces skeniranja pocinje.
• Kada je skeniranje zavrseno, bice prikazanin rezultati. Klikni na View Scan Report.
• Videces spisak zarazenih fajlova. Klikni na Save Report As....
• Ovaj izvestaj treba da snimis na svoj racunar. Zadaj mu neko ime i obavezno promeni Files of type da bude Text file (.txt) pre nego sto snimis fajl.
• Iskopiraj izvestaj u sledecu poruku.


Napomena: Ako ti nesto nije jasno, postoji video upustvo ovde.

=========================

Ovo je moja poslednja ideja. Ako neku bude imao ideju neka predlozi. Moj predlog je da formatiras C i da ponovo instaliras Windows.

Pozdrav

Da li si proveravao sistemske logove ima li gresaka u kojim se spominju, AVG, Avira, Windows Installer...? Ja sam imao slicnu situaciju pre neki dan da nisam mogao da instaliram nekoliko aplikacija na sveze ociscenom racunaru, ukljucujuci i AVG, jer su uz viruse bili obrisani i neki dll-ovi iz Microsoftove C++ biblioteke, i cim sam to ponovo instalirao, instalacija AVG-a je prosla OK.

Ako ne znas kako se pristupa logovima, mozes npr. da kliknes desnim dugmetom na My Computer, odaberes "Manage", pa Event Viewer, ili kliknes na Start, Run, pa kucas "eventvwr.msc", ili "compmgmt.msc", ili otvoris Control Panel, pa Administrative Tools, pa Event Viewer. Na koji god nacin da dodjes do Event Viewera, pogledaj ima li gresaka (crveni kruzic sa belim X) u Application i System logovima gde se spominje Windows Installer ili neki od programa sa kojima imas problema.

-Nemanja evo sada sam uradijo ovo u vezi sa scaniranjem online kao sto si mi objasnijo...
trajalo je skoro 1 sat vremena nista nije nasao od virusa,spyware-a.....

-Valjan kada su u pitanju greske ovo sto mogu da vidim za sada (crveni kruzic sa belim X)
ima ih 3 komada gdje stoji nesta ApplicationExperienceInfrastructure nesta se spominje
DaemonTools koji nije navodno kompatibilan bla bla....

mada iskreno receno ovo je za mene ko spansko selo hehe...nisam siguran da
se mogu snaci u ovoj vrsti objasnjenja kako i sta da pogledam jer mi nije windows na engleskom

_{[Ovu poruku je menjao sen dana 12.04.2009. u 21:33 GMT+1]}

Ta greska "ApplicationExperienceInfrastructure" se najcesce javlja kod Viste kada instaliras aplikaciju koja nije podrzana na Visti. Drugim recima, pokusavas u dizelasa da sipas bezolovni benzin i onda se cudis sto nece da povuce... Skini DaemonTools ako ga ne koristis, ili ga azuriraj na noviju verziju (novije verzije imaju podrsku cak i za Windows 7).

Proveri jos jednom da li su ti drajveri bas za Vistu (imao sam na poslu slucaj da nije bilo drajvera za Win2003 x64 pa je neko poturio drajvere za WinXP x64, i radilo je sve to, ali jaaaaaako lose), azuriraj sve programe koje koristis na novije verzije (jer se cesto desava da starija verzija nekog programa nema podrsku za Vistu, ali novije imaju), odnosno proveri da li postoji zasebna verzija tih programa za Vistu. Nemoj instalirati nesto samo zato sto komsija to ima i tvrdi da je "najbolji program na svetu", jer vecina paketa poput Office-a, Corela, Adobe-a i slicnih imaju uz sebe i brdo servisa koji se pokrecu u pozadini, i sve to moze da ti stvara probleme ako nije kompatibilno sa hardverom ili drugim softverom na tvom racunaru.

Neces mi povjerovati znam sigurno da ja NIKADA jos nisam niti
instalirao a kamo li koristijo taj program Daemon Tools od kuda
i kako je dospijo unutar nemam blage veze a samo sam ja taj
koji koristi ovaj laptop.....

takodje da navedem i to da u racunaru nema nigdje niti postoji
program takav tako da nemam sta da REMOVE takodje
kada upisem u search ime tog programa nepostoji .....

a da u onim sistemskim logovima postoje te 3 kriticne greske
nerazumem nistaaaa...

tako da mi samo preostaje u ovom slucaju da sve iz pocetka
odradim u svakom slucaju ....HVALA VAM na trudu i pokusaju
da mi pomognete a posebno tebi Nemanja

pozdrav

Nema na cemu, zao mi je sto nismo uspeli da resimo problem. Ako ti Vista opet bude pravila problem, razmisli o vracanju na XP.

Srdacan pozdrav!

Mozda nije nikakav malware u pitanju, mozda samo neki glupi windowsov servis pravi probleme. Probaj na ovaj nacin: skini ProcExp, mozes sa ove adrese: http://filehippo.com/download_process_explorer/

Otvori ga i smanji malo sliku da vidis makar jednu ikonicu na desktopu, i onda uradi desni klik na neku ikonicu i prati kod kog procesa ti skace zauzece procesora. Zatim kad prestane predji misem preko tog procesa pa citaj koji su servisi iza tog procesora pa napisi ovde (i ime procesa i sve servise). Ili jos bolje (lakse i brze) uradi screenshot pa postuj ovde.