MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 30.7.2010
3

Problem sa virusom
Pagination Prethodna strana

Idi na vrh

Poslao: 02 Avg 2010 12:46
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Napisano: 02 Avg 2010 12:21

Jel to znaci da cu kad to zavrsim i nakon svega sto smo uradili do sada imati cist racunar i usb uredjaje koje mogu slobodno koristiti? Koliko bi bilo pametno sve usb uredjaje i komp "vakcinisati" pandom?

Dopuna: 02 Avg 2010 12:46

Sad tek primjetih da mi se na svim lokalnim diskovima vide skriveni sistemski fajlovi iako su cekirane opcije u tools>folder options da budu skriveni.

Poslao: 02 Avg 2010 15:07
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Samo ti uradi kako sam ti rekao, nismo zavrsili...

Poslao: 02 Avg 2010 15:21
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Aha, zavrsio sam i to.

Poslao: 02 Avg 2010 16:17
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ok.

Sad ces ga ponovo instalirati Smile :

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 03 Avg 2010 14:21
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Evo i taj log:

ComboFix 10-08-02.03 - mladen 03.08.2010 14:14:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1368 [GMT 2:00]
Running from: c:\documents and settings\mladen\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Win

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-07-31 17:04 . 2010-07-31 17:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-07-31 12:39 . 2010-08-01 20:13 164880 ---ha-w- c:\documents and settings\mladen\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-07-31 12:36 . 2010-07-31 12:36 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-07-31 09:34 . 2010-07-31 09:34 -------- d-----w- c:\program files\oDesk
2010-07-31 09:34 . 2010-07-31 09:35 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\oDesk
2010-07-30 15:36 . 2010-08-01 19:05 -------- d-----w- C:\USBNoRisk
2010-07-30 14:54 . 2010-08-01 21:36 -------- d-----w- c:\program files\trend micro
2010-07-30 14:54 . 2010-07-30 14:55 -------- d-----w- C:\rsit
2010-07-27 12:32 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-27 12:16 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\winaspi.dll
2010-07-27 12:16 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\wowpost.exe
2010-07-27 12:13 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2010-07-27 12:13 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2010-07-27 12:08 . 2010-07-27 12:08 -------- d-----w- C:\adaptec
2010-07-27 11:28 . 2010-07-27 11:54 -------- d-----w- c:\documents and settings\mladen\Application Data\Ahead
2010-07-27 11:27 . 2004-03-03 19:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-07-27 11:27 . 2004-03-03 19:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-07-27 11:27 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-07-27 11:27 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-07-27 11:27 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-07-27 11:27 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-07-27 11:27 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-07-27 11:27 . 2010-07-27 11:27 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-27 11:27 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----w- c:\documents and settings\mladen\Application Data\Canneverbe_Limited
2010-07-27 11:01 . 2010-07-27 11:01 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-27 11:00 . 2010-07-27 11:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-27 10:59 . 2010-07-27 10:59 -------- d-----w- c:\program files\Reference Assemblies
2010-07-27 10:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-27 10:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2010-07-27 10:59 -------- d-----w- C:\038e1b9beb2292f7043d7a6b
2010-07-27 10:55 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-27 10:55 . 2010-07-27 10:55 -------- d-----w- c:\program files\MSXML 6.0
2010-07-27 10:53 . 2010-07-27 10:53 -------- d-----w- C:\582351f645d2f5d0f8
2010-07-27 10:52 . 2010-07-27 11:04 -------- d-----w- C:\20551b1787af0758a7
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\Ahead
2010-07-27 09:38 . 2010-07-27 12:30 -------- d-----w- c:\program files\Ahead
2010-07-27 09:25 . 2010-07-27 09:25 -------- d-----w- c:\program files\Common Files\Skype
2010-07-27 09:25 . 2010-07-27 10:22 -------- d-----r- c:\program files\Skype
2010-07-26 19:51 . 2010-07-26 19:51 -------- d-s---w- c:\documents and settings\mladen\UserData
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\documents and settings\mladen\Application Data\TeamViewer
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\program files\TeamViewer
2010-07-26 11:57 . 2010-07-26 11:57 -------- d-----w- c:\documents and settings\mladen\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 11:33 . 2010-07-26 11:33 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ESET
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\IsolatedStorage
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\HP
2010-07-26 10:20 . 2010-07-26 10:20 129 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\fusioncache.dat
2010-07-26 10:20 . 2010-08-03 08:40 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ApplicationHistory
2010-07-26 10:18 . 2010-07-26 10:18 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-07-26 10:18 . 2010-07-26 10:18 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-07-26 10:18 . 2010-07-26 10:18 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-26 10:17 . 2010-07-26 10:17 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-26 10:17 . 2010-07-26 10:18 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-26 10:17 . 2010-07-26 10:17 -------- d-----w- c:\program files\Acronis
2010-07-26 09:02 . 2010-07-26 09:02 -------- d-----w- c:\program files\Common Files\HP
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-26 09:00 . 2004-05-11 08:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-07-26 09:00 . 2004-05-11 08:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-07-26 09:00 . 2004-05-11 08:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-07-26 09:00 . 2004-05-11 08:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-07-26 09:00 . 2004-05-11 08:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-07-26 09:00 . 2004-05-11 08:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2010-07-26 09:00 . 2010-07-26 09:00 45056 ----a-r- c:\documents and settings\mladen\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-07-26 08:59 . 2010-07-26 08:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-26 08:58 . 2010-07-26 08:58 -------- d-----w- c:\windows\system32\URTTemp
2010-07-26 08:56 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-07-26 08:56 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-07-26 08:56 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-26 08:53 . 2004-03-18 14:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-26 08:53 . 2004-03-18 14:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-07-26 08:53 . 2004-03-18 14:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-26 08:53 . 2004-03-18 14:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-07-26 08:53 . 2004-03-18 14:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-26 08:53 . 2004-03-18 14:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-07-26 08:53 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-26 08:42 . 2010-07-26 09:04 -------- d-----w- c:\program files\HP
2010-07-26 08:33 . 2010-07-26 09:05 104257 ----a-w- c:\windows\hpoins04.dat
2010-07-26 08:33 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 08:41 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\mladen\Application Data\Skype
2010-08-03 08:41 . 2010-07-25 16:57 -------- d-----w- c:\documents and settings\mladen\Application Data\skypePM
2010-07-27 11:03 . 2010-07-25 16:01 68456 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:25 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-26 10:25 . 2010-07-25 15:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-25 16:57 . 2010-07-25 16:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-25 16:38 . 2010-07-25 16:38 0 ----a-w- c:\windows\nsreg.dat
2010-07-25 16:36 . 2010-07-25 16:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 16:36 . 2010-07-25 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-07-25 16:36 . 2010-07-25 16:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-25 16:34 . 2010-07-25 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\Microsoft Works
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\MSBuild
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\program files\CyberLink
2010-07-25 16:23 . 2010-07-25 16:22 -------- d-----w- c:\program files\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\documents and settings\mladen\Application Data\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 16:21 . 2010-07-25 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 16:18 . 2010-07-25 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\program files\ESET
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-25 16:13 . 2010-07-25 16:13 -------- d-----w- c:\program files\XP Codec Pack
2010-07-25 16:10 . 2010-07-25 16:09 -------- d-----w- c:\program files\ATI Technologies
2010-07-25 16:05 . 2010-07-25 16:05 845968 ----a-w- c:\windows\system32\AI - Series.scr
2010-07-25 16:04 . 2010-07-25 16:04 -------- d-----w- c:\program files\Analog Devices
2010-07-25 15:52 . 2010-07-25 15:52 -------- d-----w- c:\program files\microsoft frontpage
2010-07-25 15:48 . 2010-07-25 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [25.7.2010 18:03 29056]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258-);c:\windows\system32\drivers\tdrpm258.sys [26.7.2010 12:18 911680]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26.7.2010 12:18 2480048]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 472280]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26.7.2010 12:18 160704]
R3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\drivers\ALILAN.SYS [25.7.2010 18:05 29184]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {38992B3B-D11C-404C-B7AC-34D33E93BAA9} = 212.103.128.66 213.253.112.8
FF - ProfilePath - c:\documents and settings\mladen\Application Data\Mozilla\Firefox\Profiles\xngwken2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-08-03 14:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\msi.dll
.
Completion time: 2010-08-03 14:19:25
ComboFix-quarantined-files.txt 2010-08-03 12:19
ComboFix2.txt 2010-07-30 13:48

Pre-Run: 14.812.884.992 bytes free
Post-Run: 14.837.948.416 bytes free

- - End Of File - - 941D5F4DBCA698BF2FA72348B9A1D1CF

Poslao: 03 Avg 2010 17:07
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Log je cist. Sta ti kazes, kako sada radi?

Poslao: 03 Avg 2010 17:16
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Radi super, jedino mi nije jasno sto mi se vide skriveni sistemski fajlovi i folderi na svim particijama kao da su obicni korisnicki. Kad idem na My computer pojavi se ona kao lampa prije nego sto prikaze sve particije, flopi i dvd rom drajv. Ostalo sve radi brzo i efikasno Very Happy

Poslao: 03 Avg 2010 17:19
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ne znam sta je sa tim skrivenim folderima.
------------


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Poslao: 03 Avg 2010 17:34
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

E sad je sve u najboljem redu. Za skrivene fajlove cu naci vec neko rjesenje. Veliki pozdrav i hvala na pomoci Helen

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu
 

Ukupno su 1027 korisnika na forumu :: 16 registrovanih, 2 sakrivenih i 1009 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, Bane san, Ben Roj, GandorCC, Georgius, HrcAk47, hyla, ILGromovnik, Krusarac, Kubovac, Lazarus, Mercury, mikrimaus, novator, Ripanjac, Sir Budimir