Molio bih pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:28:35, on 04-Jan-09
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\POPA\Desktop\Gotov je\got.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google,rs/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E6CC2F9-A924-4A22-9D98-646734D906A2} - (no file)
O2 - BHO: (no name) - {2521D1DE-70C0-4B43-ABBE-258A8C9D0221} - C:\WINDOWS\system32\tuvSkJAr.dll
O2 - BHO: (no name) - {2AE6A28C-3466-4B50-8D9D-DE05EB0E56B4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {545DF286-FC8F-4017-870F-CFC493025DCC} - (no file)
O2 - BHO: (no name) - {5CAB59B4-55A3-4737-9FD5-B93C6430BF77} - C:\WINDOWS\system32\uhlspywq.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - C:\WINDOWS\system32\cbXNHAtu.dll
O2 - BHO: (no name) - {B674EFDA-4BD4-406E-B4F3-4886B2B4D7A9} - (no file)
O2 - BHO: (no name) - {D74AB87D-CBEE-43C1-A0AC-3FB195EBDC61} - (no file)
O2 - BHO: (no name) - {EE376D8F-1119-4490-8F63-C7FA4F66C0E6} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=58813
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXNHAtu - C:\WINDOWS\SYSTEM32\cbXNHAtu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5959 bytes

I jos kad ubacim kao sto je sad bio slucaj MP4 Player pojavi se

Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Izvinjavam se nije stalo sve pa kacim fajl. Unapred se zahvaljujem na pomoci.
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

------------------------------------------

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-------------------------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jedini problem imam sto ne mogu da nadjem AMON u Nod 32! jel moze malo detaljnije kako da dodjem do njega?

Dopuna: 04 Jan 2009 11:52

imam opciju Disable antivirus and antispyware protection tako mi pocrveni ikonica

Dopuna: 04 Jan 2009 12:50

A evo i log:

ComboFix 09-01-02.01 - POPA 2009-01-04 12:30:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.243 [GMT 1:00]
Running from: c:\documents and settings\POPA\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\adkvqfxs.ini
c:\windows\system32\aijjweec.ini
c:\windows\system32\anypfxpb.dll
c:\windows\system32\bpxfpyna.ini
c:\windows\system32\cbXNHAtu.dll
c:\windows\system32\chmbfsqa.ini
c:\windows\system32\dbqpdfsp.ini
c:\windows\system32\dhmduhvv.ini
c:\windows\system32\dybkotgq.ini
c:\windows\system32\ejgplndh.ini
c:\windows\system32\emmbyesl.ini
c:\windows\system32\etxhqlbi.ini
c:\windows\system32\feirnmkg.ini
c:\windows\system32\fhjkcopd.ini
c:\windows\system32\fsswcbih.ini
c:\windows\system32\gbycrxmj.ini
c:\windows\system32\gdkahson.ini
c:\windows\system32\gugmdooe.ini
c:\windows\system32\hcvigasl.ini
c:\windows\system32\hibcwssf.dll
c:\windows\system32\hsmsmwta.ini
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\indnpfls.ini
c:\windows\system32\inprmxhq.ini
c:\windows\system32\iolveqwa.ini
c:\windows\system32\ipgmxyur.ini
c:\windows\system32\ivuexkys.ini
c:\windows\system32\jinbmmrc.ini
c:\windows\system32\juichbxa.ini
c:\windows\system32\jvtashyq.ini
c:\windows\system32\kaarjgfr.ini
c:\windows\system32\kkhuwkfb.ini
c:\windows\system32\kpmcjbuo.ini
c:\windows\system32\kpsvndld.ini
c:\windows\system32\kshkmvbl.dll
c:\windows\system32\lbvmkhsk.ini
c:\windows\system32\lcdghaws.ini
c:\windows\system32\liuimdte.ini
c:\windows\system32\logfdbkv.ini
c:\windows\system32\lrwbscmk.ini
c:\windows\system32\lsagivch.dll
c:\windows\system32\lsydxmdq.dll
c:\windows\system32\ltdwcmcd.ini
c:\windows\system32\mikdakus.ini
c:\windows\system32\moxgfpuy.dll
c:\windows\system32\nemcqxvm.dll
c:\windows\system32\ngxschck.ini
c:\windows\system32\nuslfutp.dll
c:\windows\system32\nxddxwoc.ini
c:\windows\system32\okdulllf.dll
c:\windows\system32\oksrnbwi.ini
c:\windows\system32\oojbudul.ini
c:\windows\system32\osvugrln.ini
c:\windows\system32\oypjtfwr.ini
c:\windows\system32\pciuorco.ini
c:\windows\system32\ptotsclx.ini
c:\windows\system32\ptuflsun.ini
c:\windows\system32\puqangqt.ini
c:\windows\system32\pxwnmvda.ini
c:\windows\system32\pytvhldy.ini
c:\windows\system32\qcqhqjix.ini
c:\windows\system32\qdmxdysl.ini
c:\windows\system32\qphmlvkt.ini
c:\windows\system32\rAJkSvut.ini
c:\windows\system32\rAJkSvut.ini2
c:\windows\system32\rlkllqce.ini
c:\windows\system32\rtifnwbx.ini
c:\windows\system32\rupyurtp.ini
c:\windows\system32\sehstrsa.ini
c:\windows\system32\snhvuvhw.ini
c:\windows\system32\soefidba.ini
c:\windows\system32\sotnrrcc.ini
c:\windows\system32\sslhvwsm.ini
c:\windows\system32\sukadkim.dll
c:\windows\system32\svepfhur.ini
c:\windows\system32\sxfqvkda.dll
c:\windows\system32\sykxeuvi.dll
c:\windows\system32\tcwvlxeu.ini
c:\windows\system32\tuvSkJAr.dll
c:\windows\system32\uhlspywq.dll
c:\windows\system32\vamhwnwg.ini
c:\windows\system32\vigeqfyp.ini
c:\windows\system32\vldggjdy.ini
c:\windows\system32\vvhudmhd.dll
c:\windows\system32\vyardstu.ini
c:\windows\system32\wgmkkcxh.ini
c:\windows\system32\wjrlxfxv.ini
c:\windows\system32\wpbpyfmy.ini
c:\windows\system32\wsojrcvh.ini
c:\windows\system32\wvddpvmx.ini
c:\windows\system32\xagfnyli.ini
c:\windows\system32\xkjvovvd.ini
c:\windows\system32\xuchmcvw.ini
c:\windows\system32\xvfanuty.ini
c:\windows\system32\xvwmtnxk.ini
c:\windows\system32\xxvuiwhf.ini
c:\windows\system32\yahvxiat.ini
c:\windows\system32\yqtjrlis.ini
c:\windows\system32\yupfgxom.ini
M:\autorun.inf
M:\Knight.exe
N:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 03:58 . 2009-01-04 03:58 <DIR> d-------- c:\program files\Trend Micro
2009-01-04 02:35 . 2009-01-04 02:35 <DIR> d-------- c:\program files\ESET
2009-01-04 02:35 . 2009-01-04 02:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-28 18:46 . 2008-12-28 18:46 <DIR> d-------- c:\program files\aSkola
2008-12-28 18:46 . 2008-12-28 18:46 <DIR> d-------- C:\askola
2008-12-28 17:42 . 2008-12-28 17:42 <DIR> d-------- c:\program files\Otpor
2008-12-16 17:36 . 2008-12-16 17:36 <DIR> d-------- c:\program files\Runtime Software
2008-12-15 18:43 . 2008-12-15 18:43 <DIR> d-------- c:\program files\Gear Ratio Calculator
2008-12-14 17:30 . 2008-12-14 17:30 964,714 --a------ c:\windows\kingbright.exe
2008-12-14 17:30 . 2008-12-14 17:30 677,986 --a------ c:\windows\kingbright.prv
2008-12-14 17:30 . 2008-12-14 17:30 108,456 --a------ c:\windows\kingbright.scr
2008-12-13 18:13 . 2008-02-12 03:20 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-13 18:13 . 2008-02-12 03:20 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-13 18:13 . 2008-02-12 03:12 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-13 18:13 . 2008-02-12 03:12 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-13 18:11 . 2008-02-12 03:20 48,128 --a------ c:\windows\system32\drivers\61883.sys
2008-12-13 18:11 . 2008-02-12 03:20 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-12-06 04:08 . 2008-12-06 04:08 <DIR> d-------- c:\program files\EAGLE-4.09r2
2008-12-06 04:07 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe
2008-12-06 02:44 . 2008-12-06 02:46 <DIR> d-------- c:\program files\POV-Ray for Windows v3.6
2008-12-05 16:28 . 2008-12-05 16:34 12 --a------ c:\windows\dirsaver.ini
2008-12-05 16:21 . 2008-12-05 16:21 28,672 --a------ c:\windows\gscr.dll
2008-12-05 16:06 . 2008-12-06 03:54 <DIR> d-------- c:\program files\EWB512
2008-12-05 16:06 . 2008-12-05 16:06 216,064 --a------ c:\windows\iun3405.exe
2008-12-04 18:26 . 2008-12-04 18:26 151 --a------ c:\windows\PhotoSnapViewer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 03:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 16:54 --------- d-----w c:\program files\Pure Sudoku
2008-12-28 19:06 --------- d-----w c:\documents and settings\POPA\Application Data\BSplayer PRO
2008-12-18 17:42 --------- d-----w c:\program files\Di recnik
2008-12-13 20:14 --------- d-----w c:\documents and settings\POPA\Application Data\Ahead
2008-12-13 17:24 --------- d-----w c:\program files\Total Video Converter
2008-12-02 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 00:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-27 22:30 --------- d-----w c:\program files\PDF 2 Word 2
2008-11-24 22:48 116,224 ----a-w c:\windows\system32\qpwfrwoe.dll
2008-11-24 18:46 33,792 ----a-w c:\windows\system32\qoMeEWnn.dll
2008-11-24 18:46 33,792 ----a-w c:\windows\system32\iiffCRiF.dll
2008-11-24 18:45 33,792 ----a-w c:\windows\system32\nnnmlLBT.dll
2008-11-23 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\NFS Underground
2008-11-23 16:10 --------- d-----w c:\program files\Common Files\DirectX
2008-11-18 15:39 --------- d-----w c:\program files\Common Files\Adobe
2008-11-18 15:39 --------- d-----w c:\documents and settings\POPA\Application Data\InterTrust
2008-11-18 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-18 15:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 15:10 --------- d-----w c:\program files\MSBuild
2008-11-18 15:10 --------- d-----w c:\program files\Microsoft Works
2008-11-18 14:44 --------- d-----w c:\documents and settings\POPA\Application Data\Ulead Systems
2008-11-18 14:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:33 72,192 ----a-w c:\windows\cadkasdeinst01e.exe
2008-11-17 15:27 --------- d-----w c:\program files\Common Files\Vbox
2008-11-17 14:27 --------- d-----w c:\documents and settings\POPA\Application Data\DivX
2008-11-17 00:22 --------- d-----w c:\program files\ABBYY PDF Transformer 2.0
2008-11-16 14:44 --------- d-----w c:\documents and settings\POPA\Application Data\CyberLink
2008-11-16 09:39 --------- d-----w c:\program files\JetAudio
2008-11-16 09:39 --------- d-----w c:\documents and settings\POPA\Application Data\COWON
2008-11-16 09:38 --------- d-----w c:\program files\DivX
2008-11-16 09:33 --------- d-----w c:\program files\AC3Filter
2008-11-14 00:36 --------- d-----w c:\documents and settings\POPA\Application Data\GRETECH
2008-11-13 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-13 22:17 --------- d-----w c:\program files\VirtualDub1.8.6
2008-11-13 22:15 --------- d-----w c:\program files\Windows Media Components
2008-11-13 22:15 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-13 22:15 --------- d-----w c:\program files\Common Files\InterVideo
2008-11-13 22:15 --------- d-----w c:\documents and settings\POPA\Application Data\InstallShield
2008-11-13 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-11-13 22:14 --------- d-----w c:\program files\Ulead Systems
2008-11-13 22:11 --------- d-----w c:\program files\URUSoft
2008-11-13 22:10 43,602 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-11-13 22:10 --------- d-----w c:\program files\Gabest
2008-11-13 22:10 --------- d-----w c:\program files\AviSynth 2.5
2008-11-13 22:10 --------- d-----w c:\program files\AutoGK
2008-11-13 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-13 22:07 --------- d-----w c:\program files\CyberLink
2008-11-13 22:06 --------- d-----w c:\program files\Common Files\COWON
2008-11-13 22:04 --------- d-----w c:\program files\GRETECH
2008-11-13 21:58 --------- d-----w c:\program files\Common Files\Ahead
2008-11-13 21:57 --------- d-----w c:\program files\Nero
2008-11-13 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-13 21:45 --------- d-----w c:\program files\DAEMON Tools
2008-11-13 21:43 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-13 21:42 --------- d-----w c:\program files\Opera
2008-11-13 21:35 --------- d-----w c:\program files\Symantec
2008-11-13 21:33 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 21:29 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-13 21:28 --------- d-----w c:\documents and settings\POPA\Application Data\URSoft
2008-11-13 21:25 --------- d-----w c:\program files\Webteh
2008-11-13 21:20 --------- d-----w c:\program files\Java
2008-11-13 21:20 --------- d-----w c:\program files\Common Files\Java
2008-11-13 17:38 --------- d-----w c:\program files\MultiRes
2008-11-13 17:37 451,072 ------w c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2008-11-13 17:37 --------- d-----w c:\program files\Radeon Omega Drivers
2008-11-13 17:36 --------- d-----w c:\program files\AvRack
2008-11-13 17:35 --------- d-----w c:\program files\Realtek AC97
2008-11-13 17:01 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Igre\\Live for Speed S2\\LFS.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 34824]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\POPA\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\POPA\LOCALS~1\Temp\ATICDSDr.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d10f140-b4b3-11dd-811e-000a94165c79}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1E6CC2F9-A924-4A22-9D98-646734D906A2} - (no file)
BHO-{2AE6A28C-3466-4B50-8D9D-DE05EB0E56B4} - (no file)
BHO-{545DF286-FC8F-4017-870F-CFC493025DCC} - (no file)
BHO-{A4B22E59-E64E-40CF-B445-954660EFC84E} - c:\windows\system32\tuvSkJAr.dll
BHO-{B674EFDA-4BD4-406E-B4F3-4886B2B4D7A9} - (no file)
BHO-{D74AB87D-CBEE-43C1-A0AC-3FB195EBDC61} - (no file)
BHO-{EE376D8F-1119-4490-8F63-C7FA4F66C0E6} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google,rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
TCP: {58034173-1A1E-465B-BCC7-1CA39748133D} = 80.74.160.38 80.74.160.12
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-04 12:37:29
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"="Student Edition"
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000000
"ProductCode"="{4EAE8F8E-0C2E-4814-9A04-635AFB9050AA}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="3.0.684.0"
"UniqueId"="012E6219496012AF"
"ScannerBuild"=dword:00000ed0
"ScannerVersionId"=dword:00000de1
"ScannerVersion"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
**************************************************************************
.
Completion time: 2009-01-04 12:39:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 11:39:36

Pre-Run: 8,637,149,184 bytes free
Post-Run: 9,088,700,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(b9a0b99)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(b9a0b99)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

324

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E, to. Ta opcija.

Dobro si postavio. Javljam se kasnije....

Dopuna: 04 Jan 2009 16:37

Ponovo iskljuci i Spybot i Antivirus.



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\qpwfrwoe.dll
c:\windows\system32\qoMeEWnn.dll
c:\windows\system32\iiffCRiF.dll
c:\windows\system32\nnnmlLBT.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d10f140-b4b3-11dd-811e-000a94165c79}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo me stigo sam

ComboFix 09-01-02.01 - POPA 2009-01-04 18:22:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.231 [GMT 1:00]
Running from: c:\documents and settings\POPA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\POPA\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\iiffCRiF.dll
c:\windows\system32\nnnmlLBT.dll
c:\windows\system32\qoMeEWnn.dll
c:\windows\system32\qpwfrwoe.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iiffCRiF.dll
c:\windows\system32\nnnmlLBT.dll
c:\windows\system32\qoMeEWnn.dll
c:\windows\system32\qpwfrwoe.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 03:58 . 2009-01-04 03:58 <DIR> d-------- c:\program files\Trend Micro
2009-01-04 02:35 . 2009-01-04 02:35 <DIR> d-------- c:\program files\ESET
2009-01-04 02:35 . 2009-01-04 02:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-28 18:46 . 2008-12-28 18:46 <DIR> d-------- c:\program files\aSkola
2008-12-28 18:46 . 2008-12-28 18:46 <DIR> d-------- C:\askola
2008-12-28 17:42 . 2008-12-28 17:42 <DIR> d-------- c:\program files\Otpor
2008-12-16 17:36 . 2008-12-16 17:36 <DIR> d-------- c:\program files\Runtime Software
2008-12-15 18:43 . 2008-12-15 18:43 <DIR> d-------- c:\program files\Gear Ratio Calculator
2008-12-14 17:30 . 2008-12-14 17:30 964,714 --a------ c:\windows\kingbright.exe
2008-12-14 17:30 . 2008-12-14 17:30 677,986 --a------ c:\windows\kingbright.prv
2008-12-14 17:30 . 2008-12-14 17:30 108,456 --a------ c:\windows\kingbright.scr
2008-12-13 18:13 . 2008-02-12 03:20 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-13 18:13 . 2008-02-12 03:20 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-13 18:13 . 2008-02-12 03:12 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-13 18:13 . 2008-02-12 03:12 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-13 18:11 . 2008-02-12 03:20 48,128 --a------ c:\windows\system32\drivers\61883.sys
2008-12-13 18:11 . 2008-02-12 03:20 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-12-06 04:08 . 2008-12-06 04:08 <DIR> d-------- c:\program files\EAGLE-4.09r2
2008-12-06 04:07 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe
2008-12-06 02:44 . 2008-12-06 02:46 <DIR> d-------- c:\program files\POV-Ray for Windows v3.6
2008-12-05 16:28 . 2008-12-05 16:34 12 --a------ c:\windows\dirsaver.ini
2008-12-05 16:21 . 2008-12-05 16:21 28,672 --a------ c:\windows\gscr.dll
2008-12-05 16:06 . 2008-12-06 03:54 <DIR> d-------- c:\program files\EWB512
2008-12-05 16:06 . 2008-12-05 16:06 216,064 --a------ c:\windows\iun3405.exe
2008-12-04 18:26 . 2008-12-04 18:26 151 --a------ c:\windows\PhotoSnapViewer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 03:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 16:54 --------- d-----w c:\program files\Pure Sudoku
2008-12-28 19:06 --------- d-----w c:\documents and settings\POPA\Application Data\BSplayer PRO
2008-12-18 17:42 --------- d-----w c:\program files\Di recnik
2008-12-13 20:14 --------- d-----w c:\documents and settings\POPA\Application Data\Ahead
2008-12-13 17:24 --------- d-----w c:\program files\Total Video Converter
2008-12-02 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 00:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-27 22:30 --------- d-----w c:\program files\PDF 2 Word 2
2008-11-23 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\NFS Underground
2008-11-23 16:10 --------- d-----w c:\program files\Common Files\DirectX
2008-11-18 15:39 --------- d-----w c:\program files\Common Files\Adobe
2008-11-18 15:39 --------- d-----w c:\documents and settings\POPA\Application Data\InterTrust
2008-11-18 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-18 15:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-18 15:10 --------- d-----w c:\program files\MSBuild
2008-11-18 15:10 --------- d-----w c:\program files\Microsoft Works
2008-11-18 14:44 --------- d-----w c:\documents and settings\POPA\Application Data\Ulead Systems
2008-11-18 14:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:33 72,192 ----a-w c:\windows\cadkasdeinst01e.exe
2008-11-17 15:27 --------- d-----w c:\program files\Common Files\Vbox
2008-11-17 14:27 --------- d-----w c:\documents and settings\POPA\Application Data\DivX
2008-11-17 00:22 --------- d-----w c:\program files\ABBYY PDF Transformer 2.0
2008-11-16 14:44 --------- d-----w c:\documents and settings\POPA\Application Data\CyberLink
2008-11-16 09:39 --------- d-----w c:\program files\JetAudio
2008-11-16 09:39 --------- d-----w c:\documents and settings\POPA\Application Data\COWON
2008-11-16 09:38 --------- d-----w c:\program files\DivX
2008-11-16 09:33 --------- d-----w c:\program files\AC3Filter
2008-11-14 00:36 --------- d-----w c:\documents and settings\POPA\Application Data\GRETECH
2008-11-13 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-13 22:17 --------- d-----w c:\program files\VirtualDub1.8.6
2008-11-13 22:15 --------- d-----w c:\program files\Windows Media Components
2008-11-13 22:15 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-13 22:15 --------- d-----w c:\program files\Common Files\InterVideo
2008-11-13 22:15 --------- d-----w c:\documents and settings\POPA\Application Data\InstallShield
2008-11-13 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-11-13 22:14 --------- d-----w c:\program files\Ulead Systems
2008-11-13 22:11 --------- d-----w c:\program files\URUSoft
2008-11-13 22:10 43,602 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-11-13 22:10 --------- d-----w c:\program files\Gabest
2008-11-13 22:10 --------- d-----w c:\program files\AviSynth 2.5
2008-11-13 22:10 --------- d-----w c:\program files\AutoGK
2008-11-13 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-13 22:07 --------- d-----w c:\program files\CyberLink
2008-11-13 22:06 --------- d-----w c:\program files\Common Files\COWON
2008-11-13 22:04 --------- d-----w c:\program files\GRETECH
2008-11-13 21:58 --------- d-----w c:\program files\Common Files\Ahead
2008-11-13 21:57 --------- d-----w c:\program files\Nero
2008-11-13 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-13 21:45 --------- d-----w c:\program files\DAEMON Tools
2008-11-13 21:43 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-13 21:42 --------- d-----w c:\program files\Opera
2008-11-13 21:35 --------- d-----w c:\program files\Symantec
2008-11-13 21:33 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 21:29 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-13 21:28 --------- d-----w c:\documents and settings\POPA\Application Data\URSoft
2008-11-13 21:25 --------- d-----w c:\program files\Webteh
2008-11-13 21:20 --------- d-----w c:\program files\Java
2008-11-13 21:20 --------- d-----w c:\program files\Common Files\Java
2008-11-13 17:38 --------- d-----w c:\program files\MultiRes
2008-11-13 17:37 451,072 ------w c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2008-11-13 17:37 --------- d-----w c:\program files\Radeon Omega Drivers
2008-11-13 17:36 --------- d-----w c:\program files\AvRack
2008-11-13 17:35 --------- d-----w c:\program files\Realtek AC97
2008-11-13 17:01 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Igre\\Live for Speed S2\\LFS.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 34824]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\POPA\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\POPA\LOCALS~1\Temp\ATICDSDr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google,rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
TCP: {58034173-1A1E-465B-BCC7-1CA39748133D} = 80.74.160.38 80.74.160.12
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-04 18:23:26
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-04 18:24:34
ComboFix-quarantined-files.txt 2009-01-04 17:24:16
ComboFix2.txt 2009-01-04 11:39:42

Pre-Run: 9,089,531,904 bytes free
Post-Run: 9,079,504,896 bytes free

182

Dopuna: 04 Jan 2009 18:35

imao sam usput i problema sa nekim wirtualom koji je javljao Spybot ovih dana a primetio sam ga i na flesevima ako to nesto znaci. Inace su non stoop od prvog posta ukljuceni u ceo ovaj proces ciscenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mozes da primetis na pocetku prvog ComboFix loga gomilu obrisanih fajlova. To je taj Vundo sto ga je Spybot nalazio.


Kakvo je sad stanje, trebalo bi da je OK?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

za sada je sve u redu radim update nod-a i spybota pa cu da se javim. Ali inace nema vise prozora od spybota. Hvala puno na pomoci pravi ste.

Dopuna: 04 Jan 2009 20:20

Sve je u redu hvala puno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


Ako bude problema, javi se....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala puno gotovo je.