Problem sa brisanjem virusom

1

Problem sa brisanjem virusom

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Postovani,

Treba mi pomoc oko brisanje virusom koji vec postoji u mom kompjuteru vec dve nedelje a moze i vise koji ne mogu ga izbrisati i mi usporava kompjuter.Imam Anti Virus Nod 32, virus koji mi se pojavljuje vec toliko vremena nalazi se u Quarantine u samom antivirusni program, i ne mogu ga izbisati sa remove, nakon izvjesno vreme opet se pojavluje a naziv virus je Win32\Kryptik.SGEtrojan, njegova lokacija nalazi se u C:WINDOWS\TEMP\conhost.exe
Koristim ADSL konekcija.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by korisnik at 11:36:28 on 2011-09-10
Microsoft Windows XP Professional 5.1.2600.3.1251.389.1033.18.446.60 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - Dealio Toolbar
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [EPSON Stylus CX3600 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O6 "USB003" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus CX3600 Series on ESPRIMO] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p42 "auto epson stylus cx3600 series on esprimo" /o18 "\\esprimo\Printer7" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus C46 Series on ESPRIMO] c:\windows\system32\spool\drivers\w32x86\3\e_s4i0t1.exe /p39 "auto epson stylus c46 series on esprimo" /o18 "\\esprimo\Printer8" /M "Stylus C46"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p49 "auto epson stylus cx3600 series on kancelarija-pc" /o30 "\\kancelarija-pc\EPSON-CX-3650" /M "Stylus CX3600"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [EPSON Stylus CX3600 Series (Copy 2)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus CX3600 Series on SERVERDOMA] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p45 "auto epson stylus cx3600 series on serverdoma" /o20 "\\serverdoma\Printer" /M "Stylus CX3600"
mRun: [\\Serverdoma\EPSON Stylus CX3600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p39 "\\serverdoma\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
mRun: [Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fati9be.exe /p58 "auto epson stylus cx3600 series on kancelarija-pc (copy 1)" /o43 "\\kancelarija-pc\EPSON Stylus CX3600 Series" /M "Stylus CX3600"
mRun: [<NO NAME>]
mRun: [RegTool] c:\program files\gemalto\classic client\bin\RegTool.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [run32] c:\win\lsass.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Google Update] c:\documents and settings\networkservice\local settings\application data\google\update\gupdate.exe
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoWinKeys = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B2333126-28F6-4C39-AC79-9F0F631E6873} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-5-28 5632]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 GslShmSrvc;GSL Share Memory;c:\program files\gemalto\classic client\bin\GslShmSrvc.exe [2009-2-26 69632]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2006-12-27 5504]
S2 gupdate1ca2652add2798a;Google Update Service (gupdate1ca2652add2798a);c:\program files\google\update\GoogleUpdate.exe [2009-8-26 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 nvUpdService;NVIDIA Update Service;c:\documents and settings\networkservice\local settings\application data\nvidia corporation\update\daemonupd.exe /svc --> c:\documents and settings\networkservice\local settings\application data\nvidia corporation\update\daemonupd.exe [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2011-5-4 87424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-26 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2009-1-25 1044480]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2009-1-25 1216512]
S3 TridVid;USB TV Tuner Analog Video;c:\windows\system32\drivers\TridVid.sys [2010-9-1 77824]
S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [2007-7-31 163456]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-08-25 13:45:31 -------- dc----w- c:\documents and settings\korisnik\chardata
2011-08-22 19:54:50 -------- dc----w- c:\program files\Elcoma
2011-08-19 06:27:12 -------- dc----w- c:\documents and settings\all users\Microsoft
2011-08-19 06:25:00 -------- dc----w- c:\program files\Microsoft Analysis Services
2011-08-18 11:36:23 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Microsoft Help
2011-08-18 10:10:13 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-08-18 10:10:13 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-08-18 10:10:12 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-08-18 10:04:06 -------- dc----w- c:\windows\ServicePackFiles
2011-08-18 09:56:51 19569 -c--a-w- c:\windows\003330_.tmp
2011-08-17 09:49:14 0 -c--a-w- c:\documents and settings\korisnik\ntuser.tmp
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4032GAX rev.AD101A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8573F730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85745a10]; MOV EAX, [0x85745a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8578C9C0]
3 CLASSPNP[0xF784FFD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000069[0x8572A960]
5 ACPI[0xF77A6620] -> nt!IofCallDriver[0x804E37C5] -> [0x85729030]
\Driver\atapi[0x856EA420] -> IRP_MJ_CREATE -> 0x8573F730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8573F57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:39:43,45 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png


Pozdrav

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav adelita!











U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow Korak 1


Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)






Arrow Korak 2



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.










goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Napisano: 14 Sep 2011 13:42

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 14 Sep 2011 13:47

mycity.rs/must-login.png

mycity.rs/must-login.png



Mislim da sam to uradila kako sto treba.
Pozdrav,

Dopuna: 14 Sep 2011 13:49

Jas sam txt stavila dva put izvinjavam se.
Pozdrav







ComboFix 11-09-14.01 - korisnik 14.09.2011 13:16:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.389.1033.18.446.63 [GMT 2:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\korisnik\Application Data\Dealio\res\widgets.xml
c:\documents and settings\korisnik\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\korisnik\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\korisnik\ntuser.tmp
c:\documents and settings\NetworkService\Start Menu\Programs\Startup\WinUpdate.lnk
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\win\1.exe
c:\win\names.txt
c:\windows\system32\d3d9caps.dat
c:\windows\system32\E_FBCB9BE.DLL
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVUPDSERVICE
-------\Legacy_SSHNAS
-------\Service_nvUpdService
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-08-25 13:45 . 2011-08-25 13:45 -------- dc----w- c:\documents and settings\korisnik\chardata
2011-08-22 19:54 . 2011-08-22 19:54 -------- dc----w- c:\program files\Elcoma
2011-08-19 06:27 . 2011-08-19 06:27 -------- dc----w- c:\documents and settings\All Users\Microsoft
2011-08-19 06:25 . 2011-08-19 06:25 -------- dc----w- c:\program files\Microsoft Analysis Services
2011-08-18 11:36 . 2011-08-18 11:36 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\Microsoft Help
2011-08-18 11:34 . 2011-08-19 06:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-08-18 10:10 . 2008-04-14 03:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-08-18 10:10 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-08-18 10:10 . 2008-04-14 03:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-08-18 10:04 . 2011-08-18 10:10 -------- dc----w- c:\windows\ServicePackFiles
2011-08-18 09:56 . 2006-12-28 22:31 19569 -c--a-w- c:\windows\003330_.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" [2007-08-27 200704]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 577536]
"EPSON Stylus CX3600 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus CX3600 Series on ESPRIMO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus C46 Series on ESPRIMO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-20 198160]
"EPSON Stylus CX3600 Series (Copy 2)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus CX3600 Series on SERVERDOMA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"\\Serverdoma\EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"Auto EPSON Stylus CX3600 Series on KANCELARIJA-PC (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-07 21:54 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series]
2004-01-13 18:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 3)]
2004-01-13 18:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 4)]
2004-01-13 18:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
2004-03-04 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-05-28 18:11 94208 -c--a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-01-28 20:56 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegTool]
2009-11-06 09:55 861696 -c--a-w- c:\program files\Gemalto\Classic Client\BIN\RegTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 19:50 15147400 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2004-12-29 05:01 544768 ----a-w- c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVRemote]
2006-01-09 06:31 24576 -c--a-r- c:\program files\SVRemote\USB20Remote.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 12:11 PM 33800]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [5/28/2003 8:01 PM 5632]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 12:08 PM 472320]
R2 GslShmSrvc;GSL Share Memory;c:\program files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2/26/2009 2:45 PM 69632]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [12/27/2006 2:29 PM 5504]
S2 gupdate1ca2652add2798a;Google Update Service (gupdate1ca2652add2798a);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 3:39 PM 133104]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [5/4/2011 11:43 AM 87424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 3:39 PM 133104]
S3 TridVid;USB TV Tuner Analog Video;c:\windows\system32\drivers\TridVid.sys [9/1/2010 8:36 PM 77824]
S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [7/31/2007 8:12 AM 163456]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 13:39]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-run32 - c:\win\lsass.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-RWFren32 - D:\setup.exe
AddRemove-Sparkplayer (Beta) - e:\dokumenti\Sparkplay Media\Sparkplayer (Beta)\Update.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-09-14 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3688-)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-14 13:37:52
ComboFix-quarantined-files.txt 2011-09-14 11:37
.
Pre-Run: 2.843.586.560 bytes free
Post-Run: 2.844.000.256 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - DF22D64DD9F9DA1101363BC2553BADEC

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ukljuci Firewall:


Start -> Control Panel -> Windows Firewall -> On




Arrow Korak 1


Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\documents and settings\korisnik\Application Data\Dealio
c:\program files\Dealio Toolbar
c:\win


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




Arrow Korak 2

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).





Arrow Korak 3



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.













goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

mycity.rs/must-login.png

mycity.rs/must-login.png



Za programom USBNoRisk na Desktop ne znam sta da radim jer na laptopu nemam USB memorijske uredjaje on radi u mrezu , jel treba da ga instaliram i da uradim to sta ste mi pisali na forumu u vezi ovog programa.


Pozdrav,
Adelita Ilic

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Koristis prastaru - krekovanu verziju Anti-Virusa. Moja preporuka je da ga deinstaliras (jer ti je zastita pod znakom pitanja) i instaliras licenciran AV - besplatan, ako nemas licencu za komercijalnu verziju.

Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan.

Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa





- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes izvestaj u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html












Kakvo je stanje sistema sada? Jel imas problema?











goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Zdravo,

Za anti virusni program nema problema instaliracu drugi anti virusni program, isto tako i za onaj program za USB i to cu uraditi, no stanje sistema je mnogo spori i jos se nalazi onaj virus ili sta je u Quarantine u ESET NOD32. Kada mu napravim remove u samom Qurantine tada ga nema ali nakon restarta ili gasenje kompjutera opet mi se pojavljuje, isto tako i kompjuter mi mnogo sporo radi , ne znam kako da ubrzam rad kompjutera.

Pozdrav

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

adelita ::jos se nalazi onaj virus ili sta je u Quarantine u ESET NOD32. Kada mu napravim remove u samom Qurantine tada ga nema ali nakon restarta ili gasenje kompjutera opet mi se pojavljuje, isto tako i kompjuter mi mnogo sporo radi , ne znam kako da ubrzam rad kompjutera.



Prikaci mi screenshot tog karantina da pogledam o cemu ti pises.

Kako napraviti screenshot: http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html


Takodje, postavi mi svez DDS izvestaj.








goran9888 (AMF Tim)

offline
  • Pridružio: 02 Okt 2007
  • Poruke: 50

Zdravo,

Sada sam videla da u Eset Nod 32 u Quarantine ne postoji taj virus.Sada samo treba da instaliram drugi antivirusni program.


Pozdrav

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

adelita ::Sada sam videla da u Eset Nod 32 u Quarantine ne postoji taj virus.Sada samo treba da instaliram drugi antivirusni program.




Deinstaliraj NOD32 jer je u pitanju stara i krekovana verzija.

Start -> Control Panel -> Add or Remove programs -> pronadjes Eset NOD32, izaberes opciju Uninstall i ispratis proces deinstalacije


Nakon toga restartuj sistem i instaliraj drugi AV (besplatni).





Tek onda napravi svez DDS izvestaj i okaci mi u sledecoj poruci da pogledam.






Takodje, odradi i ovo ...


Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.








goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1219 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 1172 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., AK - 230, AMCXXL, Andrija357, Asparagus, babaroga, Boris90, BORUTUS, Bubimir, DonRumataEstorski, Duh sa sekirom, FOX, GenZee, Georgius, goxin, GveX, havoc995, ILGromovnik, jaeger, krkalon, Kruger, Krusarac, Krvava Devetka, kybonacci, ladro, Lieutenant, ljuba, lord sir giga, Lubica, manda87, mercedesamg, samsung, Sančo, sombrero, theNedjeljko, tubular, vasa.93, VJ, Vlada78, voja64, vukovi