[ danka-lela @ 18.07.2010. 14:13 ] @
Cao svima,
Ako moze neko da mi pogleda ovo i da mi kaze gdje je virus i sta da radim. Hvala unaprijed !



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:58:40, on 18/07/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\VESELI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0956B7BB-90B9-43F7-AC9F-E57EAFF21608} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: 8053d50d - {913EB662-C088-50EE-16F2-0448C082EEFE} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/con....1/FacebookPhotoUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ES...stall-6u11-windows-i586-jc.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....lashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10461 bytes
[ magna86 @ 18.07.2010. 14:48 ] @
Pozdrav.

* Pokreni HijackThis
* Izaberi opciju "Do a system scan only"
* Stikliraj sledece linije:

Citat:
O2 - BHO: (no name) - {0956B7BB-90B9-43F7-AC9F-E57EAFF21608} - (no file)
O2 - BHO: 8053d50d - {913EB662-C088-50EE-16F2-0448C082EEFE} - (no file)


Klikni "Fix checked"


Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt

Oba izvestaja sacuvaj na Desktop.
Kopiraj mi DDS.txt


--> Navedi simptome infekcije.
--> Javi ima li poboljsanja.
[ danka-lela @ 18.07.2010. 15:39 ] @
Hvala Magna bas si drugar... evo idem da uradim ovo sto si mi rekao.. pozdrav !
[ danka-lela @ 18.07.2010. 15:51 ] @

DDS (Ver_10-03-17.01) - NTFSx86
Run by danka at 16:45:24.07 on 18/07/2010
Internet Explorer: 7.0.6000.16711
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.1014.398 [GMT 2:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\VESELI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\veselinka\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Tour]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\users\veseli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - d:\limewire\LimeWire.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231655736359&h=467ad19131b6aa6540c15fefb2489b34/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20091217.003\IDSvix86.sys [2009-12-30 286768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-9 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-30 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-11-21 37008]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-11 1174152]

=============== Created Last 30 ================

2010-07-18 13:01:24 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-18 13:01:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-07-18 13:01:20 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-07-18 13:01:20 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-07-18 13:01:19 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-18 12:57:27 0 d-----w- c:\program files\TrendMicro
2010-07-18 12:37:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-07-18 11:53:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-18 11:53:06 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-18 11:53:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-18 11:53:02 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-18 11:30:22 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-07-18 09:18:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 19:30:30 0 d-----w- c:\windows\pss
2010-07-17 10:59:30 1860 ----a-w- c:\windows\GnuHashes.ini
2010-07-17 10:59:01 0 d-----w- c:\programdata\Apple Computer
2010-07-17 10:50:43 0 d-sh--w- c:\programdata\SysWoW32
2010-07-17 10:50:28 203776 --sh--w- c:\programdata\unrar.exe
2010-07-17 10:50:28 0 d-----w- c:\programdata\1108533823
2010-07-17 10:50:16 0 d-sh--w- c:\users\veseli~1\appdata\roaming\SystemProc
2010-07-17 10:39:39 0 d-----w- c:\users\veseli~1\appdata\roaming\LimeWire

==================== Find3M ====================

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-13 08:24:13 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-13 08:24:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-13 08:24:12 86016 ----a-w- c:\windows\inf\infstor.dat
2008-08-25 10:46:21 174 --sha-w- c:\program files\desktop.ini
2008-06-19 04:45:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-08 07:19:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:47:53.05 ===============
[ magna86 @ 18.07.2010. 16:24 ] @



Skini OTM na Desktop
http://oldtimer.geekstogo.com/OTM.exe

Pokreni program. U levi prozor programa ispod "Paste Instructions for Items to be Moved" kopiraj sledece


Citat:
:files
c:\windows\GnuHashes.ini
c:\programdata\SysWoW32
c:\program files\desktop.ini

:Commands
[purity]
[emptytemp]
[CLEARRESTOREPOINTS]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]



klikni na Move It!
Kompjuter ce se restartovati. Pri ponovnom podizanju sistema otvorice ti se notepad sa izvestajem.
--> Kopiraj mi sadrzaj tog izvestaja na forum.
--> Ponovo pokreni DDS i postavi mi svez DDS.txt log

[ danka-lela @ 18.07.2010. 17:37 ] @
Evo Magna :)
PS
Za sad vidim da mi komp brze radi... hvala ti :)


DDS (Ver_10-03-17.01) - NTFSx86
Run by danka at 18:26:45.68 on 18/07/2010
Internet Explorer: 7.0.6000.16711
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.1014.144 [GMT 2:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\VESELI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\danka\Desktop\dds.com
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lpremove.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Tour]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231655736359&h=467ad19131b6aa6540c15fefb2489b34/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-07-18 15:45:57 0 d-----w- C:\_OTM
2010-07-18 15:20:54 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-07-18 15:20:52 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-07-18 15:20:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-07-18 15:20:49 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-07-18 15:20:49 11264 ----a-w- c:\windows\system32\icardres.dll
2010-07-18 15:20:48 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-18 15:20:45 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-07-18 15:20:39 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-18 15:17:49 40271872 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-07-18 15:17:49 32768 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-07-18 15:17:49 16384 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-07-18 15:10:06 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-07-18 15:10:02 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-07-18 15:10:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-18 15:09:41 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-07-18 15:09:33 83968 ----a-w- c:\windows\system32\mscories.dll
2010-07-18 13:01:24 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-18 13:01:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-07-18 13:01:20 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-07-18 13:01:20 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-07-18 13:01:19 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-18 12:59:08 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-07-18 12:57:50 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-18 12:57:39 274432 ----a-w- c:\windows\system32\raschap.dll
2010-07-18 12:57:39 232960 ----a-w- c:\windows\system32\rastls.dll
2010-07-18 12:57:27 0 d-----w- c:\program files\TrendMicro
2010-07-18 12:57:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-07-18 12:57:25 1341440 ----a-w- c:\windows\system32\msxml6.dll
2010-07-18 12:37:50 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-07-18 12:37:49 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-07-18 12:37:48 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-07-18 12:37:46 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-07-18 12:37:45 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-07-18 12:37:45 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-07-18 12:37:44 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-07-18 12:37:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-07-18 12:37:40 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-07-18 12:37:39 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-07-18 12:37:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-07-18 11:53:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-18 11:53:06 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-18 11:53:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-18 11:53:02 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-18 11:30:22 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-07-18 09:18:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-17 19:30:30 0 d-----w- c:\windows\pss
2010-07-17 10:59:01 0 d-----w- c:\programdata\Apple Computer
2010-07-17 10:50:28 203776 --sh--w- c:\programdata\unrar.exe
2010-07-17 10:50:28 0 d-----w- c:\programdata\1108533823
2010-07-17 10:50:16 0 d-sh--w- c:\users\veseli~1\appdata\roaming\SystemProc
2010-07-17 10:39:39 0 d-----w- c:\users\veseli~1\appdata\roaming\LimeWire

==================== Find3M ====================

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-13 08:24:13 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-13 08:24:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-13 08:24:12 86016 ----a-w- c:\windows\inf\infstor.dat
2008-06-19 04:45:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-08 07:19:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:29:33.79 ===============
[ danka-lela @ 18.07.2010. 18:13 ] @
Magna, vidim da mi komp mnogo brze ide !! Puno ti hvala na pomoci, vrh si ! :):):)
[ magna86 @ 18.07.2010. 19:45 ] @
Citat:
danka-lela: Magna, vidim da mi komp mnogo brze ide !! Puno ti hvala na pomoci, vrh si ! :):):)


sto jes' ... jes'...

salim se

Imala si infekciju koja je dosla preko USB uredjaja (fleske)

sto znaci da se mozes ponovo inficirati ako ne ocistis fleske.
Poseti ovu temu i skini program zvan MCShield
Instaliraj i pokreni ga. Ubodi sve USB uredjaje koje imas i koristis.
Ovaj program ce skenirati svaki taj uredjaj i ocistiti ih od malware-a (virusa kako ih ti zoves)

http://www.elitesecurity.org/t...CShield-proizvod-domace-pameti

Posle ciscenja ako zelis mozes ga uninstalirati no ja ti jako preporucujem da ga ostavis na tvom kompjuteru radi sprecavanja buducih infekcije koje mogu doci preko fleski.


...........

Logovi su sad cisti. Mislim da nema potrebe ka dodatnim proverama no ukoliko ti se problem bude ponovo javio,osvezi ovu temu,resicemo ;)

Ponovo pokreni OTM program i klikni na CleanUp!

to je to. Prijatno


da,jos nesto..predpostavljam da je ovde laptop u pitanju i da si taj AV dobila na poklon..tj.da imas legalan kljuc.
Proveri da li ti on radi kako treba (update,real time protection,scan..etc)
Ukoliko ovo nije slucaj..predlazem zamenu AntiVirusa

neko besplatno resenje bi sasvim lepo posluzilo (verujem cak i bolje)

http://www.avast.com/index
or
http://www.avira.com/en/pages/index.php

[Ovu poruku je menjao magna86 dana 18.07.2010. u 21:00 GMT+1]
[ danka-lela @ 22.07.2010. 09:17 ] @
Magna dodjoh da ti kazem da mi komp radi brze nego ikad a ti vec krenuo da popravljas moj flash :)))
Uradicu i ostalim sto si rekao ali ne kontam kako mozes sve to da vidis ovako izdaleka;.. ma genije :):):)
PS
Eto ti jedna PP
[ danka-lela @ 22.07.2010. 09:33 ] @
Magna hvala i za ovo !!! :):):) Evo sad skenirah jedan flash i nasao 2 virusa ... a uradicu to i sa svim ostalim...


22/07/2010 10:28:07 > Checking F: ( ~123 MB, FAT removable drive )...


---> Note: INI.FakeRecycleBin has been found!

>>> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini - Malware > Deleted. (10.07.22. 10.28 Desktop.ini.187719)

>>> F:\NEZOVIME\Desktop.ini - Malware > Deleted. (10.07.22. 10.28 Desktop.ini.386791)

> F:\RECYCLER
> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
>>> F:\recycler - Malware.Folder > Deleted. (10.07.22. 10.28 recycler.447502)


Malicious files : 2/2 deleted.
Malicious folders : 1/1 deleted.