virus-kako ga obrisati

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Jul 2009 22:52

ComboFix 09-07-25.08 - Administrator 07/26/2009 22:48.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1072 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\.#
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\config.md
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\ipdata.md
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-162910.250.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-163014.000.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-163251.718.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-111738.671.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-112047.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-112211.843.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-112219.921.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090701-154536.312.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090701-205344.015.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090701-210633.921.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090702-092622.687.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090702-100633.171.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090705-122711.510.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090705-135418.791.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090706-214915.906.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090721-152716.531.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090721-152911.500.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090721-184637.250.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090723-174008.078.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090723-174053.750.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090723-174107.937.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090723-181127.687.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\rstatus.md
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-162916.640.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-163013.953.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-111738.593.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-112047.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-112211.828.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-112219.906.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090701-154536.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090701-205343.656.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090701-210633.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090702-092622.484.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090702-100633.156.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-122711.354.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-135418.760.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-214915.546.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090721-152716.390.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090721-152911.484.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090721-184637.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090723-174007.968.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090723-174053.734.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090723-174107.921.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090723-181127.593.log
c:\program files\DoubleD
c:\program files\FunWebProducts
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll
c:\program files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\hppx.exe
c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe
c:\program files\Media Access Startup\1.3.0.790\unins000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
c:\windows\Installer\19769d.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-25 15:01 . 2009-07-25 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-25 10:56 . 2009-07-25 15:00 -------- d-----w- c:\windows\ERDNT(2)
2009-07-23 17:55 . 2009-07-23 17:55 -------- d-----w- c:\program files\JoWooD
2009-07-20 19:27 . 2009-07-20 19:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2009-07-20 19:15 . 2009-07-20 19:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-07-20 19:15 . 2009-07-20 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-20 19:10 . 2009-07-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-20 19:10 . 2009-07-20 19:22 -------- d-----w- c:\program files\Yahoo!
2009-07-01 17:01 . 2009-07-01 17:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-07-01 14:15 . 2009-07-01 17:24 -------- d-----w- c:\program files\KeepV Converter
2009-07-01 12:48 . 2009-07-01 12:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-01 12:26 . 2009-07-19 08:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Real
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\program files\Real
2009-07-01 12:06 . 2009-07-01 18:04 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 12:05 . 2009-07-01 12:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 20:19 . 2008-12-30 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-26 14:00 . 2008-12-30 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-07-01 18:08 . 2008-12-30 14:25 71096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 17:30 . 2009-02-09 19:32 -------- d-----w- c:\program files\YouTube Downloader
2009-07-01 12:05 . 2008-12-30 18:20 -------- d-----w- c:\program files\Google
2009-06-29 09:30 . 2009-03-19 17:50 -------- d-----w- c:\program files\Opera
2009-06-12 11:49 . 2009-06-12 11:49 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-02 15:00 . 2009-06-02 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitstream
2009-06-02 15:00 . 2009-06-02 14:50 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-02 15:00 . 2009-06-02 14:50 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-02 14:51 . 2009-06-02 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2009-06-02 14:50 . 2009-06-02 14:50 8 --sh--r- c:\documents and settings\All Users\Application Data\E2E70C80C3.sys
2009-06-02 14:50 . 2009-06-02 14:50 8 --sh--r- c:\documents and settings\All Users\Application Data\E2E70C80C3.sys
2009-06-02 14:40 . 2009-06-02 14:40 -------- d-----w- c:\program files\Common Files\Protexis
2009-06-02 14:40 . 2009-06-02 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-06-02 14:39 . 2009-06-02 14:39 -------- d-----w- c:\program files\Common Files\Corel
2009-06-02 14:39 . 2009-06-02 14:39 -------- d-----w- c:\program files\Corel
2009-06-01 08:56 . 2009-06-01 08:56 7680 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Jasc Paint Shop Pro 9\4000007400002i\agent.exe
2009-06-01 08:56 . 2009-06-01 08:56 7680 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Jasc Paint Shop Pro 9\4000003000002i\JascUpdate.exe
2009-06-01 08:56 . 2009-06-01 08:56 7680 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Jasc Paint Shop Pro 9\1000000600002i\svchost.exe
2009-06-01 08:56 . 2009-06-01 08:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-24 20:28 . 2009-01-11 19:56 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-11-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-30 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-11-27 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\AntiVirusDisableNotify!=dword:0]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/9/2009 11:17 PM 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12/30/2008 4:29 PM 15424]
S2 gupdate1c9fa4440203a06;Google Update Service (gupdate1c9fa4440203a06);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 2:05 PM 133104]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [3/19/2009 3:58 PM 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [3/19/2009 3:58 PM 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [3/19/2009 3:58 PM 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [3/19/2009 3:58 PM 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [3/19/2009 3:58 PM 83344]
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 12:05]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 12:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ct7awr84.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\imon.dll
.
Completion time: 2009-07-26 22:51
ComboFix-quarantined-files.txt 2009-07-26 20:51
ComboFix2.txt 2009-07-25 14:49

Pre-Run: 29,967,405,056 bytes free
Post-Run: 29,962,649,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

269

Dopuna: 26 Jul 2009 22:53

dok sam to radila ukljucio se antivirus tj nod...reagovao

Dopuna: 26 Jul 2009 23:01

nije vise u system volume virus...nista mi nije jasno...ali resices mi to,ne sumnjam:)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sada izgleda ok.

To što je NOD ranije detektovao će biti definitivno uklonjeno u postupku uklanjanja programa koje smo koristili.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



Što se mene tiče, ovde smo gotovi. Neko pitanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Jul 2009 10:12

ostala mi ikonica secyritu centra pored ikonice noda u desnom uglu...sta sa tim

Dopuna: 27 Jul 2009 10:15

prilikom restarta pojavi mi se na detskopu PicPick program za "slikanje" ekrana

Dopuna: 27 Jul 2009 10:17

i dalje mi system restore nema funkciju...pisa system checkpoint

Dopuna: 27 Jul 2009 10:43

ja zaista ne znam sta se desava...internet mi brze radi ali na skeniranju mi opet ostaju virusi kao i pre...sta se desava?

Dopuna: 27 Jul 2009 10:48

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

seizovic ::ostala mi ikonica secyritu centra pored ikonice noda u desnom uglu...sta sa tim

Control Panel > Security Centre: Change the way Security Center alerts me (sa leve strane).

Dečekiraj sve tri stavke.

seizovic :: prilikom restarta pojavi mi se na detskopu PicPick program za "slikanje" ekrana

Verovatno može da se isključi u podešavanjima programa.


seizovic :: i dalje mi system restore nema funkciju...pisa system checkpoint

Neposredno nakon deinstalacije ComboFix-a, dostupna je samo jedna tačka za oporavak sistema (to je ta koju vidiš).

Šta tačno ne radi? Šta si pokušala, a da nije išlo?


Citat:na skeniranju mi opet ostaju virusi kao i pre

Detektovani file-ovi su u cache-u (privremeni int. file-ovi) tvog browsera.
Nisu aktivni i NOD ih sigurno može obrisati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Jul 2009 10:56

pa kada hocu da vratim na neki datum ne mogu ne prima klik...pise system checkpoint

Dopuna: 27 Jul 2009 10:57

nasla sam samo jedan virus u karantinu i obrisala

Dopuna: 27 Jul 2009 11:01



Dopuna: 27 Jul 2009 11:04

joj covece al te namucih...hvala na strpljenju i razumevanju:)

Dopuna: 27 Jul 2009 11:09


ovo mi izbaci kada odem na scan and clean

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

SR treba tako da izgleda (u ovom trenutku).

Stare System Restore tačke su bile inficirane i one su obrisane.
Ta koja je prikazana je čista, funkcionalna i jedina koja može da se izabere.
Znači, sasvim je normalno da nigde drugo (na kalendaru) ne možeš kliknuti.

Što se tiče eventualnih detekcija... Moguće je da postoje neaktivni file-ovi razbacani okolo po disku (na HDD-u imaš desetke hiljada file-ova - trajalo bi jako dugo da se sve to "ručno" pregleda).

Ne znam zašto AV ne nudi da obriše taj file, no...

Vidiš na slici gde se on nalazi - sama ga obriši.

Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html

Isprati putanju koja je data i obriši setup.exe.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

e stvarno izludih...udjem u c-documents and settings-administrator.... i tu nemam opciju local settings i sve ostalo sto bi trebala naci da obrisem virus....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pomenuh li aktiviranje prikaza skrivenih file-ova?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Jul 2009 12:01

uopste ne nalazi to kao sto je nod skenirao.....ne postoji....joj poludeh nacisto

Dopuna: 27 Jul 2009 12:09

sve pocinje sa cookies....nigde nema tih cifara sto nod izbacuje
a sta ce se desiti ako sve odatle obrisem????

Dopuna: 27 Jul 2009 12:23

hoce li taj virus praviti neki sou u kompu?nebih vise da cackam,moracu dovesti nekog ko se razume vise od mene pa da uradi kako si napisao...stvarno ne znam vise u cemu uje fazon...

Dopuna: 27 Jul 2009 12:25

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe »7ZIP »OFFLINE/CE8732D/3E688669/ProductInfo.dll - Win32/Adware.DoubleD application
posle temporary internet files ove brojke nigde nema...izbacuje sve cookies.....ako me razumes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Moja greška...


Start > Run: u liniju za unos teksta iskopiraj:

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}"


Klikni OK.

Uspela?