Problem sa brisanjem virusom

1

Problem sa brisanjem virusom

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Postovani,

Treba mi pomoc oko brisanje virusom koji vec postoji u mom kompjuteru vec dve nedelje a moze i vise koji ne mogu ga izbrisati i mi usporava kompjuter.Imam Anti Virus Nod 32, virus koji mi se pojavljuje vec toliko vremena nalazi se u Quarantine u samom antivirusni program, i ne mogu ga izbisati sa remove, nakon izvjesno vreme opet se pojavluje a naziv virus je Win32\Kryptik.SGEtrojan, njegova lokacija nalazi se u C:WINDOWS\TEMP\conhost.exe
Koristim ADSL konekcija.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by korisnik at 11:36:28 on 2011-09-10
Microsoft Windows XP Professional 5.1.2600.3.1251.389.1033.18.446.60 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - Dealio Toolbar
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [EPSON Stylus CX3600 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O6 "USB003" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus CX3600 Series on ESPRIMO] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p42 "auto epson stylus cx3600 series on esprimo" /o18 "\\esprimo\Printer7" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus C46 Series on ESPRIMO] c:\windows\system32\spool\drivers\w32x86\3\e_s4i0t1.exe /p39 "auto epson stylus c46 series on esprimo" /o18 "\\esprimo\Printer8" /M "Stylus C46"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p49 "auto epson stylus cx3600 series on kancelarija-pc" /o30 "\\kancelarija-pc\EPSON-CX-3650" /M "Stylus CX3600"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [EPSON Stylus CX3600 Series (Copy 2)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus CX3600 Series on SERVERDOMA] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p45 "auto epson stylus cx3600 series on serverdoma" /o20 "\\serverdoma\Printer" /M "Stylus CX3600"
mRun: [\\Serverdoma\EPSON Stylus CX3600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p39 "\\serverdoma\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p58 "auto epson stylus cx3600 series on kancelarija-pc (copy 1)" /o43 "\\kancelarija-pc\EPSON Stylus CX3600 Series" /M "Stylus CX3600"
mRun: [<NO NAME>]
mRun: [RegTool] c:\program files\gemalto\classic client\bin\RegTool.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [run32] c:\win\lsass.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Google Update] c:\documents and settings\networkservice\local settings\application data\google\update\gupdate.exe
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoWinKeys = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B2333126-28F6-4C39-AC79-9F0F631E6873} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-5-28 5632]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 GslShmSrvc;GSL Share Memory;c:\program files\gemalto\classic client\bin\GslShmSrvc.exe [2009-2-26 69632]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2006-12-27 5504]
S2 gupdate1ca2652add2798a;Google Update Service (gupdate1ca2652add2798a);c:\program files\google\update\GoogleUpdate.exe [2009-8-26 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 nvUpdService;NVIDIA Update Service;c:\documents and settings\networkservice\local settings\application data\nvidia corporation\update\daemonupd.exe /svc --> c:\documents and settings\networkservice\local settings\application data\nvidia corporation\update\daemonupd.exe [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2011-5-4 87424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-26 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2009-1-25 1044480]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2009-1-25 1216512]
S3 TridVid;USB TV Tuner Analog Video;c:\windows\system32\drivers\TridVid.sys [2010-9-1 77824]
S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [2007-7-31 163456]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-08-25 13:45:31 -------- dc----w- c:\documents and settings\korisnik\chardata
2011-08-22 19:54:50 -------- dc----w- c:\program files\Elcoma
2011-08-19 06:27:12 -------- dc----w- c:\documents and settings\all users\Microsoft
2011-08-19 06:25:00 -------- dc----w- c:\program files\Microsoft Analysis Services
2011-08-18 11:36:23 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Microsoft Help
2011-08-18 10:10:13 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-08-18 10:10:13 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-08-18 10:10:12 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-08-18 10:04:06 -------- dc----w- c:\windows\ServicePackFiles
2011-08-18 09:56:51 19569 -c--a-w- c:\windows\003330_.tmp
2011-08-17 09:49:14 0 -c--a-w- c:\documents and settings\korisnik\ntuser.tmp
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4032GAX rev.AD101A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8573F730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85745a10]; MOV EAX, [0x85745a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8578C9C0]
3 CLASSPNP[0xF784FFD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000069[0x8572A960]
5 ACPI[0xF77A6620] -> nt!IofCallDriver[0x804E37C5] -> [0x85729030]
\Driver\atapi[0x856EA420] -> IRP_MJ_CREATE -> 0x8573F730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8573F57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:39:43,45 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png


Pozdrav

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav adelita!











U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow Korak 1


Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)






Arrow Korak 2



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.










goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Napisano: 14 Sep 2011 13:42

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 14 Sep 2011 13:47

mycity.rs/must-login.png

mycity.rs/must-login.png



Mislim da sam to uradila kako sto treba.
Pozdrav,

Dopuna: 14 Sep 2011 13:49

Jas sam txt stavila dva put izvinjavam se.
Pozdrav







ComboFix 11-09-14.01 - korisnik 14.09.2011 13:16:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.389.1033.18.446.63 [GMT 2:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\korisnik\Application Data\Dealio\res\widgets.xml
c:\documents and settings\korisnik\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\korisnik\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\korisnik\ntuser.tmp
c:\documents and settings\NetworkService\Start Menu\Programs\Startup\WinUpdate.lnk
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\win\1.exe
c:\win\names.txt
c:\windows\system32\d3d9caps.dat
c:\windows\system32\E_FBCB9BE.DLL
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVUPDSERVICE
-------\Legacy_SSHNAS
-------\Service_nvUpdService
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-08-25 13:45 . 2011-08-25 13:45 -------- dc----w- c:\documents and settings\korisnik\chardata
2011-08-22 19:54 . 2011-08-22 19:54 -------- dc----w- c:\program files\Elcoma
2011-08-19 06:27 . 2011-08-19 06:27 -------- dc----w- c:\documents and settings\All Users\Microsoft
2011-08-19 06:25 . 2011-08-19 06:25 -------- dc----w- c:\program files\Microsoft Analysis Services
2011-08-18 11:36 . 2011-08-18 11:36 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\Microsoft Help
2011-08-18 11:34 . 2011-08-19 06:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-08-18 10:10 . 2008-04-14 03:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-08-18 10:10 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-08-18 10:10 . 2008-04-14 03:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-08-18 10:04 . 2011-08-18 10:10 -------- dc----w- c:\windows\ServicePackFiles
2011-08-18 09:56 . 2006-12-28 22:31 19569 -c--a-w- c:\windows\003330_.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" [2007-08-27 200704]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 577536]
"EPSON Stylus CX3600 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus CX3600 Series on ESPRIMO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus C46 Series on ESPRIMO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-20 198160]
"EPSON Stylus CX3600 Series (Copy 2)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus CX3600 Series on SERVERDOMA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"\\Serverdoma\EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-07 21:54 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series]
2004-01-13 18:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 3)]
2004-01-13 18:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 4)]
2004-01-13 18:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
2004-03-04 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-05-28 18:11 94208 -c--a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-01-28 20:56 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegTool]
2009-11-06 09:55 861696 -c--a-w- c:\program files\Gemalto\Classic Client\BIN\RegTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 19:50 15147400 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2004-12-29 05:01 544768 ----a-w- c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVRemote]
2006-01-09 06:31 24576 -c--a-r- c:\program files\SVRemote\USB20Remote.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 12:11 PM 33800]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [5/28/2003 8:01 PM 5632]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 12:08 PM 472320]
R2 GslShmSrvc;GSL Share Memory;c:\program files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2/26/2009 2:45 PM 69632]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [12/27/2006 2:29 PM 5504]
S2 gupdate1ca2652add2798a;Google Update Service (gupdate1ca2652add2798a);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 3:39 PM 133104]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [5/4/2011 11:43 AM 87424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 3:39 PM 133104]
S3 TridVid;USB TV Tuner Analog Video;c:\windows\system32\drivers\TridVid.sys [9/1/2010 8:36 PM 77824]
S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [7/31/2007 8:12 AM 163456]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 13:39]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-run32 - c:\win\lsass.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-RWFren32 - D:\setup.exe
AddRemove-Sparkplayer (Beta) - e:\dokumenti\Sparkplay Media\Sparkplayer (Beta)\Update.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-09-14 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3688-)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-14 13:37:52
ComboFix-quarantined-files.txt 2011-09-14 11:37
.
Pre-Run: 2.843.586.560 bytes free
Post-Run: 2.844.000.256 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - DF22D64DD9F9DA1101363BC2553BADEC

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ukljuci Firewall:


Start -> Control Panel -> Windows Firewall -> On




Arrow Korak 1


Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\documents and settings\korisnik\Application Data\Dealio
c:\program files\Dealio Toolbar
c:\win


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




Arrow Korak 2

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).





Arrow Korak 3



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.













goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

mycity.rs/must-login.png

mycity.rs/must-login.png



Za programom USBNoRisk na Desktop ne znam sta da radim jer na laptopu nemam USB memorijske uredjaje on radi u mrezu , jel treba da ga instaliram i da uradim to sta ste mi pisali na forumu u vezi ovog programa.


Pozdrav,
Adelita Ilic

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Koristis prastaru - krekovanu verziju Anti-Virusa. Moja preporuka je da ga deinstaliras (jer ti je zastita pod znakom pitanja) i instaliras licenciran AV - besplatan, ako nemas licencu za komercijalnu verziju.

Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan.

Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa





- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes izvestaj u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html












Kakvo je stanje sistema sada? Jel imas problema?











goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Zdravo,

Za anti virusni program nema problema instaliracu drugi anti virusni program, isto tako i za onaj program za USB i to cu uraditi, no stanje sistema je mnogo spori i jos se nalazi onaj virus ili sta je u Quarantine u ESET NOD32. Kada mu napravim remove u samom Qurantine tada ga nema ali nakon restarta ili gasenje kompjutera opet mi se pojavljuje, isto tako i kompjuter mi mnogo sporo radi , ne znam kako da ubrzam rad kompjutera.

Pozdrav

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

adelita ::jos se nalazi onaj virus ili sta je u Quarantine u ESET NOD32. Kada mu napravim remove u samom Qurantine tada ga nema ali nakon restarta ili gasenje kompjutera opet mi se pojavljuje, isto tako i kompjuter mi mnogo sporo radi , ne znam kako da ubrzam rad kompjutera.



Prikaci mi screenshot tog karantina da pogledam o cemu ti pises.

Kako napraviti screenshot: http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html


Takodje, postavi mi svez DDS izvestaj.








goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Zdravo,

Sada sam videla da u Eset Nod 32 u Quarantine ne postoji taj virus.Sada samo treba da instaliram drugi antivirusni program.


Pozdrav

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

adelita ::Sada sam videla da u Eset Nod 32 u Quarantine ne postoji taj virus.Sada samo treba da instaliram drugi antivirusni program.




Deinstaliraj NOD32 jer je u pitanju stara i krekovana verzija.

Start -> Control Panel -> Add or Remove programs -> pronadjes Eset NOD32, izaberes opciju Uninstall i ispratis proces deinstalacije


Nakon toga restartuj sistem i instaliraj drugi AV (besplatni).





Tek onda napravi svez DDS izvestaj i okaci mi u sledecoj poruci da pogledam.






Takodje, odradi i ovo ...


Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.








goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 781 korisnika na forumu :: 11 registrovanih, 2 sakrivenih i 768 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, DejanSt, Dragomir1970, havoc995, Koca Popovic, mane123, milenko crazy north, NoOneEver Dreams, pein, sabros, tubular