Imam virus koji ne mogu da sklonim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U prethodnom postu rekoh da ga vise nema u add/remove programs. Jedino je pitnaje da li je ostao negde sakriven. Ja sam na netu vrlo malo ovih dana, prakticno samo zbog ovoga i poste, pa ne mogu da govorim o ponasanju racunara.


ComboFix 08-07-20.A0 - Administrator 2008-07-23 13:12:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.196 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\MC\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-21 15:59 . 2008-07-21 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-21 15:59 . 2008-07-21 15:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 13:56 . 2008-07-09 13:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-08 21:17 . 2008-07-08 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Program Files\ACD Systems
2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-08 21:04 . 2008-07-08 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-08 18:42 . 2008-07-08 18:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-08 18:42 . 2008-07-08 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 18:35 . 2008-07-08 20:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-08 15:09 . 2003-08-19 13:36 65,536 --a------ C:\WINDOWS\system32\dllcache\a3d.dll
2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\Audio3D.dll
2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2008-07-05 14:25 . 2008-07-13 18:20 32 --a------ C:\WINDOWS\hip
2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-04 12:54 . 2008-07-04 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2008-07-04 12:52 . 2008-07-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-30 17:28 . 2008-06-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 17:27 . 2008-06-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 10:04 . 2008-06-26 10:04 268 --ah----- C:\sqmdata00.sqm
2008-06-26 10:04 . 2008-06-26 10:04 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 09:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-19 09:13 --------- d-----w C:\Program Files\mIRC
2008-07-16 21:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-16 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-15 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-08 19:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-08 18:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-30 15:29 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-18 16:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-16 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-14 18:51 0 ----a-w C:\Program Files\temp01
.

------- Sigcheck -------

2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys
2004-06-17 11:00 360448 65c34c093e839505636954ead50fa315 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat
+ 2008-07-23 11:11:53 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat
- 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat
+ 2008-07-23 11:11:53 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat
+ 2008-07-23 11:12:02 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\MSHist012008072320080724\index.dat
- 2008-07-21 19:30:45 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6a8.dat
+ 2008-07-23 11:11:36 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6a8.dat
- 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-23 11:11:53 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-06-17 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 18:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f95a11-c830-11dc-9a01-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-23 13:13:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 13:16:10
ComboFix-quarantined-files.txt 2008-07-23 11:15:32
ComboFix2.txt 2008-07-22 16:49:43
ComboFix3.txt 2008-07-22 09:50:56
ComboFix4.txt 2008-07-21 19:44:23

Pre-Run: 15,574,507,520 bytes free
Post-Run: 15,568,371,712 bytes free

136

Dopuna: 23 Jul 2008 14:47

Ovaj poslednji scan koji si mi rekao da uradim i koji sam postovala, nisam sigurna da li je stop on access avast bilo ukljuceno. za svaki slucaj, evo skena sa iskljucenom tom opcijom.
ComboFix 08-07-20.A0 - Administrator 2008-07-23 14:37:39.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.253 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\MC\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-21 15:59 . 2008-07-21 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-21 15:59 . 2008-07-21 15:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 13:56 . 2008-07-09 13:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-08 21:17 . 2008-07-08 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Program Files\ACD Systems
2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-08 21:04 . 2008-07-08 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-08 18:42 . 2008-07-08 18:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-08 18:42 . 2008-07-08 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 18:35 . 2008-07-08 20:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-08 15:09 . 2003-08-19 13:36 65,536 --a------ C:\WINDOWS\system32\dllcache\a3d.dll
2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\Audio3D.dll
2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2008-07-05 14:25 . 2008-07-13 18:20 32 --a------ C:\WINDOWS\hip
2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-04 12:54 . 2008-07-04 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2008-07-04 12:52 . 2008-07-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-30 17:28 . 2008-06-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 17:27 . 2008-06-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 10:04 . 2008-06-26 10:04 268 --ah----- C:\sqmdata00.sqm
2008-06-26 10:04 . 2008-06-26 10:04 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 09:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-19 09:13 --------- d-----w C:\Program Files\mIRC
2008-07-16 21:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-16 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-15 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-08 19:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-08 18:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-30 15:29 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-18 16:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-16 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-14 18:51 0 ----a-w C:\Program Files\temp01
.

------- Sigcheck -------

2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys
2004-06-17 11:00 360448 65c34c093e839505636954ead50fa315 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat
+ 2008-07-23 11:25:05 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat
- 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat
+ 2008-07-23 11:25:05 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat
+ 2008-07-23 12:35:24 49,152 ----a-w C:\WINDOWS\TEMP\History\History.IE5\MSHist012008072320080724\index.dat
+ 2008-07-23 11:24:52 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6a0.dat
- 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-23 11:25:05 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-06-17 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 18:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f95a11-c830-11dc-9a01-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-23 14:38:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 14:41:03
ComboFix-quarantined-files.txt 2008-07-23 12:40:33
ComboFix2.txt 2008-07-23 11:16:11
ComboFix3.txt 2008-07-22 16:49:43
ComboFix4.txt 2008-07-22 09:50:56
ComboFix5.txt 2008-07-23 12:37:28

Pre-Run: 15,559,868,416 bytes free
Post-Run: 15,565,340,672 bytes free

136

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo zadnje sto si mi dao da uradim za sklanjanje combo fix-a nije funkcionisalo. Pokrece ga, umesto da ga skloni. Posto mi je prosli put bobby rekao da mogu prosto da ga obrisem, ja sam to i uradila. Virus koji sam prijavila je nestao vec drugog dana (imam valjda dobru vilu , ali danas sam posle poslednjeg skena avastom sklonila dva ad-aware i dva trojanca. Ne znam kako se oni nisu videli u ovom izvestaju, ali nije ni vazno.

U svakom slucaju, hvala.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Onda odradi ovo:


Iskljucivanje System Restore-a

Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.


Ukljucivanje System Restore-a

Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.


Poz...