virusi problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E zavrsio sam i ovo.Evo log fajla:

ComboFix 10-08-24.0A - LELA 25.08.2010 12:34:22.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384.26 [GMT 2:00]
Running from: c:\documents and settings\LELA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LELA\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-22 10:02 . 2010-08-22 10:02 -------- d-----w- c:\program files\NOS
2010-08-22 10:02 . 2010-08-22 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-22 10:02 . 2010-07-26 14:01 37184 ----a-w- c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-08-22 10:02 . 2010-07-26 14:01 32032 ----a-w- c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-08-22 09:58 . 2010-08-22 09:58 -------- d-----w- c:\program files\TeamViewer
2010-08-22 08:08 . 2010-08-22 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-22 08:08 . 2010-08-22 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-22 08:07 . 2010-08-22 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-22 05:07 . 2010-08-22 05:07 -------- d-----w- c:\windows\system32\Adobe
2010-08-21 18:22 . 2010-08-22 09:59 2788816 ----a-w- c:\documents and settings\LELA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-08-21 11:19 . 2010-08-21 11:19 45056 ----a-r- c:\documents and settings\LELA\Application Data\Microsoft\Installer\{0A28C610-EE06-4A33-BB56-A2155B524916}\ARPPRODUCTICON.exe
2010-08-18 18:46 . 2010-08-18 18:46 -------- d-----w- C:\FOUND.002
2010-08-16 21:18 . 2010-08-16 21:18 -------- d-----w- C:\FOUND.001
2010-08-14 17:24 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\LELA\Application Data\U3\temp\cleanup.exe
2010-08-14 17:11 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\LELA\Application Data\U3\temp\Launchpad Removal.exe
2010-08-14 17:11 . 2010-08-14 17:11 -------- d-----w- c:\documents and settings\LELA\Application Data\U3
2010-08-13 15:43 . 2010-08-13 15:43 -------- d-----w- C:\FOUND.000
2010-08-05 11:14 . 2010-08-05 11:14 -------- d-----w- C:\FOUND.037
2010-07-31 19:01 . 2010-07-31 19:01 -------- d-----w- C:\agw_demo
2010-07-31 16:41 . 2010-07-31 16:41 -------- d-----w- c:\documents and settings\LELA\Application Data\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 21:27 . 2010-02-22 18:34 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-21 11:33 . 2009-11-07 16:18 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\program files\ESET
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-01 09:47 . 2010-03-22 16:38 439816 ----a-w- c:\documents and settings\LELA\Application Data\Real\Update\setup3.10\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-04-08 3233752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-06-01 320512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotkey]
2004-04-03 16:38 36864 ----a-w- c:\program files\Hotkey\Hotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"gupdate1ca87e9c760bf40"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [22.8.2010 13:25 632792]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [6.7.2010 17:03 173352]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [14.10.2009 20:52 9344]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [11.12.2009 11:59 18004]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3.8.2004 22:56 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:15]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:15]

2010-08-24 c:\windows\Tasks\RMSchedule_219.job
- c:\program files\Registry Mechanic\Launcher.exe [2010-08-22 07:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\LELA\Application Data\Mozilla\Firefox\Profiles\2lwfdvwc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-08-25 12:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3688-)
c:\program files\TeamViewer\Version5\tv.dll
.
Completion time: 2010-08-25 12:44:15
ComboFix-quarantined-files.txt 2010-08-25 10:44
ComboFix2.txt 2010-08-24 16:24

Pre-Run: 4.301.520.896 bytes free
Post-Run: 4.303.691.776 bytes free

- - End Of File - - F7CFEBF6C3243017D05A3D5DCAC753FE

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje racunara? Ima li problema?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Radio sam ga preko temviewera pa nemam ja bas osjecaj kako radi sada ali izgleda da je sve ok. Sta uraditi sa combo fixa posle svega? Jel da ga brisem ili da ostane? Imam jos jedan racunar na poslu koji je uzasno spor i procesor mu zakuca na 98%, a od 512mb memorije vuce nekih 508 mb. Imam proces wuauclt.exe koji vuce nenormalno mnogo resursa.Da li da zapocinjem novu temu ili da postavim logove ovde?

• 1Ovo se svidja korisniku: diarno
  
  Registruj se da bi pohvalio/la poruku!

Log je cist, sto znaci da na racunari ne postoji malware.


Napomena:
Isprati sledece Uputstvo

----------------------------------------------------------------------------------------

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.






-----------------------------------------------------------------------------

Preporuka:

- Preporucujem ti da instaliras Service Pack 3. Necu govoriti o njegovim prednostima u odnosu na SP2. Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema.

- Preporucujem ti da predjes na NTFS fajl sistem.
Prednosti u odnosu na FAT32 (koji ti imas) je veliki: poboljsane performanse; bolja sigurnost podataka;mogu se cuvati fajlovi veci od 4GB sto kod FAT32 nije moguce; podrska za korisnicke disk kvote; sifrovanje fajlova/direktorijuma; definisanje prava pristupa na nivou pojedinacnog fajla; indexiranje sadrzaja pojedinacnih fajlova sto ubrzava pretrazivanje, posebno u mreznom okrezenju; bolja iskoriscenost prostora na velikim hdd-ovima; itd itd.

- Preporucujem ti da instaliras novije verzije programa koje koristis. Stare verzije znaju da budu "busne". Navescu ti par programa koje bih zamenio, makar novijim verzijama: Adobe Reader 7.0, Mozilla Firefox (3.0.19), Nero 6, Skype 4.2.


Uglavnom, ukoliko zelis nesto od ovih mojih preporuka da uradis a ne znas kako ili ti je pak potrebna pomoc, otvori novu temu u Windows podforumu: [Link mogu videti samo ulogovani korisnici]


-----------------------------------------------------------------------------------
Citat:
Imam jos jedan racunar na poslu koji je uzasno spor i procesor mu zakuca na 98%

Ocigledno da nisi najbolje upoznat sa Pravilnikom Ambulante, s'toga cu ti ostaviti link da procitas a ti posebnu paznju obrati na stavku 9 i stavku 10 Pravilnika:
-> [Link mogu videti samo ulogovani korisnici]





Ovim mojim postom zavrsavamo diskusiju u ovoj temi.
Hvala sto verujes AMF Timu.








Pozdrav,
goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala na zaista velikoj pomoci i na savjetima. Pravilnik proucen do detalja :-)