Problem sa Virusom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Nov 2009 0:23

ComboFix 09-10-30.01 - SINIŠA 11/01/2009 0:15.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.199 [GMT 1:00]
Running from: c:\documents and settings\SINIŠA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SINIŠA\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2014-11-20 14:37 . 2014-11-20 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-14 17:45 . 2009-10-14 17:45 -------- d-----w- C:\PRIMATRON
2009-10-14 17:16 . 2009-10-14 17:16 -------- d-----w- c:\program files\Common Files\Corel
2009-10-14 17:15 . 2009-10-14 17:15 -------- d-----w- c:\program files\Corel
2009-10-13 19:59 . 2009-10-14 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-04 09:00 . 2009-10-04 09:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-10-04 08:50 . 2007-02-13 04:56 38480 ------w- c:\windows\system32\IJRMF.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 20:09 . 2008-11-21 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-31 17:17 . 2008-11-10 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-28 21:04 . 2007-01-13 18:17 -------- d-----w- c:\program files\mIRC
2009-10-26 19:22 . 2009-10-13 20:02 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-14 17:38 . 2009-10-13 20:02 88 --sh--r- c:\documents and settings\All Users\Application Data\E5041DF6BC.sys
2009-10-13 19:43 . 2007-02-15 19:58 3764 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-13 16:12 . 2009-09-06 14:42 -------- d-----w- c:\program files\IGEMS_R8
2009-10-07 21:23 . 2009-04-01 20:52 943920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-04 09:37 . 2008-05-28 21:42 -------- d-----w- c:\program files\Canon
2009-10-04 08:19 . 2006-12-21 14:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 07:35 . 2009-09-27 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\VMLakiraona
2009-09-22 18:34 . 2009-09-22 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-09-13 11:43 . 2009-09-13 11:12 -------- d-----w- c:\program files\BumpTop
2009-09-05 21:28 . 2009-09-05 21:28 -------- d-----w- c:\program files\Switch Off
2009-08-14 14:20 . 2009-08-13 20:25 738304 ----a-w- c:\windows\GPInstall.exe
2009-08-12 10:50 . 2009-08-18 17:47 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-08-12 10:50 . 2009-08-18 17:47 18632 ----a-w- c:\windows\system32\dopdfmi6.dll
2006-11-22 18:07 . 2007-02-15 19:58 88 --sh--r- c:\windows\system32\590D0E0B75.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-07-21 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\SINIŠA\Application Data\iolo\

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxCmd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [4/20/2008 10:27 PM 13696]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\SINIA~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\docume~1\SINIA~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
S3 SmartKeyDriver;SmartKeyDriver;c:\program files\MSI\SmartKey\SMemory.sys [12/30/2006 6:45 PM 8676]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - FWTCRPOG
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - fwtcrpog
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{32124A26-D946-4D64-BDA6-4278B39C2005}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-11-01 00:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1004336348-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1177238915-1004336348-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FEF7500-86C3-9C7A-A2F8-D1C7658849CA}*]
"jagjdjmpeenllkaojpod"=hex:62,61,69,67,00,00
"iagmhhpcfgdmpnckcc"=hex:6b,61,68,64,6d,69,63,6a,6e,6c,61,69,70,6f,6f,64,6e,6a,
6f,66,63,6c,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-31 0:22
ComboFix-quarantined-files.txt 2009-10-31 23:21
ComboFix2.txt 2009-10-31 22:52

Pre-Run: 21,099,786,240 bytes free
Post-Run: 21,089,673,216 bytes free

- - End Of File - - 85C7FECEF2D748230C1933253DEA1073

Dopuna: 01 Nov 2009 0:24





Dopuna: 01 Nov 2009 0:25

treba li sta jos. ? Sta dalje?

Dopuna: 01 Nov 2009 0:50

instalirao sam AVG
Puno HVALAAA...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK. Još samo ovo:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Reci mi samo jos ovo kako da ne izlazi ovo u donjem desnom uglu i sta treba da je upaljeno a sta ne?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Na drugoj slici, sa leve strane, postoji opcija Change the way Security Center alerts me - tu možeš isključiti obaveštenja.



Takođe, poželjno je da aktiviraš Windows-ov firewall (Control Panel > Windows Firewall: On (recommended)).