MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 30.7.2010
3

Problem sa virusom
Pagination Prethodna strana

Idi na vrh

Poslao: 02 Avg 2010 12:46
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Napisano: 02 Avg 2010 12:21

Jel to znaci da cu kad to zavrsim i nakon svega sto smo uradili do sada imati cist racunar i usb uredjaje koje mogu slobodno koristiti? Koliko bi bilo pametno sve usb uredjaje i komp "vakcinisati" pandom?

Dopuna: 02 Avg 2010 12:46

Sad tek primjetih da mi se na svim lokalnim diskovima vide skriveni sistemski fajlovi iako su cekirane opcije u tools>folder options da budu skriveni.

Poslao: 02 Avg 2010 15:07
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Samo ti uradi kako sam ti rekao, nismo zavrsili...

Poslao: 02 Avg 2010 15:21
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Aha, zavrsio sam i to.

Poslao: 02 Avg 2010 16:17
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ok.

Sad ces ga ponovo instalirati Smile :

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 03 Avg 2010 14:21
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Evo i taj log:

ComboFix 10-08-02.03 - mladen 03.08.2010 14:14:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1368 [GMT 2:00]
Running from: c:\documents and settings\mladen\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Win

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-07-31 17:04 . 2010-07-31 17:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-07-31 12:39 . 2010-08-01 20:13 164880 ---ha-w- c:\documents and settings\mladen\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-07-31 12:36 . 2010-07-31 12:36 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-07-31 09:34 . 2010-07-31 09:34 -------- d-----w- c:\program files\oDesk
2010-07-31 09:34 . 2010-07-31 09:35 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\oDesk
2010-07-30 15:36 . 2010-08-01 19:05 -------- d-----w- C:\USBNoRisk
2010-07-30 14:54 . 2010-08-01 21:36 -------- d-----w- c:\program files\trend micro
2010-07-30 14:54 . 2010-07-30 14:55 -------- d-----w- C:\rsit
2010-07-27 12:32 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-27 12:16 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\winaspi.dll
2010-07-27 12:16 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\wowpost.exe
2010-07-27 12:13 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2010-07-27 12:13 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2010-07-27 12:08 . 2010-07-27 12:08 -------- d-----w- C:\adaptec
2010-07-27 11:28 . 2010-07-27 11:54 -------- d-----w- c:\documents and settings\mladen\Application Data\Ahead
2010-07-27 11:27 . 2004-03-03 19:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-07-27 11:27 . 2004-03-03 19:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-07-27 11:27 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-07-27 11:27 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-07-27 11:27 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-07-27 11:27 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-07-27 11:27 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-07-27 11:27 . 2010-07-27 11:27 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-27 11:27 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----w- c:\documents and settings\mladen\Application Data\Canneverbe_Limited
2010-07-27 11:01 . 2010-07-27 11:01 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-27 11:00 . 2010-07-27 11:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-27 10:59 . 2010-07-27 10:59 -------- d-----w- c:\program files\Reference Assemblies
2010-07-27 10:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-27 10:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2010-07-27 10:59 -------- d-----w- C:\038e1b9beb2292f7043d7a6b
2010-07-27 10:55 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-27 10:55 . 2010-07-27 10:55 -------- d-----w- c:\program files\MSXML 6.0
2010-07-27 10:53 . 2010-07-27 10:53 -------- d-----w- C:\582351f645d2f5d0f8
2010-07-27 10:52 . 2010-07-27 11:04 -------- d-----w- C:\20551b1787af0758a7
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\Ahead
2010-07-27 09:38 . 2010-07-27 12:30 -------- d-----w- c:\program files\Ahead
2010-07-27 09:25 . 2010-07-27 09:25 -------- d-----w- c:\program files\Common Files\Skype
2010-07-27 09:25 . 2010-07-27 10:22 -------- d-----r- c:\program files\Skype
2010-07-26 19:51 . 2010-07-26 19:51 -------- d-s---w- c:\documents and settings\mladen\UserData
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\documents and settings\mladen\Application Data\TeamViewer
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\program files\TeamViewer
2010-07-26 11:57 . 2010-07-26 11:57 -------- d-----w- c:\documents and settings\mladen\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 11:33 . 2010-07-26 11:33 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ESET
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\IsolatedStorage
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\HP
2010-07-26 10:20 . 2010-07-26 10:20 129 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\fusioncache.dat
2010-07-26 10:20 . 2010-08-03 08:40 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ApplicationHistory
2010-07-26 10:18 . 2010-07-26 10:18 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-07-26 10:18 . 2010-07-26 10:18 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-07-26 10:18 . 2010-07-26 10:18 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-26 10:17 . 2010-07-26 10:17 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-26 10:17 . 2010-07-26 10:18 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-26 10:17 . 2010-07-26 10:17 -------- d-----w- c:\program files\Acronis
2010-07-26 09:02 . 2010-07-26 09:02 -------- d-----w- c:\program files\Common Files\HP
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-26 09:00 . 2004-05-11 08:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-07-26 09:00 . 2004-05-11 08:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-07-26 09:00 . 2004-05-11 08:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-07-26 09:00 . 2004-05-11 08:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-07-26 09:00 . 2004-05-11 08:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-07-26 09:00 . 2004-05-11 08:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2010-07-26 09:00 . 2010-07-26 09:00 45056 ----a-r- c:\documents and settings\mladen\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-07-26 08:59 . 2010-07-26 08:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-26 08:58 . 2010-07-26 08:58 -------- d-----w- c:\windows\system32\URTTemp
2010-07-26 08:56 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-07-26 08:56 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-07-26 08:56 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-26 08:53 . 2004-03-18 14:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-26 08:53 . 2004-03-18 14:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-07-26 08:53 . 2004-03-18 14:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-26 08:53 . 2004-03-18 14:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-07-26 08:53 . 2004-03-18 14:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-26 08:53 . 2004-03-18 14:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-07-26 08:53 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-26 08:42 . 2010-07-26 09:04 -------- d-----w- c:\program files\HP
2010-07-26 08:33 . 2010-07-26 09:05 104257 ----a-w- c:\windows\hpoins04.dat
2010-07-26 08:33 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 08:41 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\mladen\Application Data\Skype
2010-08-03 08:41 . 2010-07-25 16:57 -------- d-----w- c:\documents and settings\mladen\Application Data\skypePM
2010-07-27 11:03 . 2010-07-25 16:01 68456 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:25 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-26 10:25 . 2010-07-25 15:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-25 16:57 . 2010-07-25 16:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-25 16:38 . 2010-07-25 16:38 0 ----a-w- c:\windows\nsreg.dat
2010-07-25 16:36 . 2010-07-25 16:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 16:36 . 2010-07-25 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-07-25 16:36 . 2010-07-25 16:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-25 16:34 . 2010-07-25 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\Microsoft Works
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\MSBuild
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\program files\CyberLink
2010-07-25 16:23 . 2010-07-25 16:22 -------- d-----w- c:\program files\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\documents and settings\mladen\Application Data\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 16:21 . 2010-07-25 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 16:18 . 2010-07-25 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\program files\ESET
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-25 16:13 . 2010-07-25 16:13 -------- d-----w- c:\program files\XP Codec Pack
2010-07-25 16:10 . 2010-07-25 16:09 -------- d-----w- c:\program files\ATI Technologies
2010-07-25 16:05 . 2010-07-25 16:05 845968 ----a-w- c:\windows\system32\AI - Series.scr
2010-07-25 16:04 . 2010-07-25 16:04 -------- d-----w- c:\program files\Analog Devices
2010-07-25 15:52 . 2010-07-25 15:52 -------- d-----w- c:\program files\microsoft frontpage
2010-07-25 15:48 . 2010-07-25 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [25.7.2010 18:03 29056]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258-);c:\windows\system32\drivers\tdrpm258.sys [26.7.2010 12:18 911680]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26.7.2010 12:18 2480048]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 472280]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26.7.2010 12:18 160704]
R3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\drivers\ALILAN.SYS [25.7.2010 18:05 29184]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {38992B3B-D11C-404C-B7AC-34D33E93BAA9} = 212.103.128.66 213.253.112.8
FF - ProfilePath - c:\documents and settings\mladen\Application Data\Mozilla\Firefox\Profiles\xngwken2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-08-03 14:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\msi.dll
.
Completion time: 2010-08-03 14:19:25
ComboFix-quarantined-files.txt 2010-08-03 12:19
ComboFix2.txt 2010-07-30 13:48

Pre-Run: 14.812.884.992 bytes free
Post-Run: 14.837.948.416 bytes free

- - End Of File - - 941D5F4DBCA698BF2FA72348B9A1D1CF

Poslao: 03 Avg 2010 17:07
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Log je cist. Sta ti kazes, kako sada radi?

Poslao: 03 Avg 2010 17:16
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Radi super, jedino mi nije jasno sto mi se vide skriveni sistemski fajlovi i folderi na svim particijama kao da su obicni korisnicki. Kad idem na My computer pojavi se ona kao lampa prije nego sto prikaze sve particije, flopi i dvd rom drajv. Ostalo sve radi brzo i efikasno Very Happy

Poslao: 03 Avg 2010 17:19
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ne znam sta je sa tim skrivenim folderima.
------------


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Poslao: 03 Avg 2010 17:34
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

E sad je sve u najboljem redu. Za skrivene fajlove cu naci vec neko rjesenje. Veliki pozdrav i hvala na pomoci Helen

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu
 

Ukupno su 1080 korisnika na forumu :: 48 registrovanih, 6 sakrivenih i 1026 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksandarbl, bankulen, bladesu, Bokiboks, BRATORIII, cinoeye, darkangel, debeli, Dimitrije Paunovic, Dimitrise93, dragoljub11987, drimer, esx66, FileFinder, Fog of War, FOX, Georgius, goxin, ikan, ivan1973, jackreacher011011, Karla, Kibice, kokodakalo, kybonacci, Marko Marković, milenko crazy north, nebidrag, nemkea71, Nobunaga, NoOneEver Dreams, novator, ObelixSRB, offman, ozzy, Pikac-47, procesor, rajkoplje, rasok, RJ, robertino, Rogan33, slonic_tonic, Srle993, Stoilkovic, vladulns, 125