Mislim, nemoj se ljutiš...



Sve to što vidiš, sve su regularne stavke windowsa...
Svakkog pa i tvog...
džaba paničiš i gubiš živce.
:D

To su sve regularne mape windowsa i fajlovi potrebni za rad.
Isto tako,sve su šanse da si instalirao neki "windows xp (ubaci glupi naziv) edition sp3",
pa ne radi dobro,odnosno,otkrio je skrivene mape što regularni windowsi ne rade. :)

Svakodnevno imam prekide interneta u intervalu od 15h do 21h (operater kaze da je kod njih sve OK) pocinje da usporava, pa onda totalni prekid (2-3h)onda pocinje sporo da radi,pa tek posle pola sata sat normalno (brzo) radi...
Mislim da mi to pravi problem,da se virus uselio u neku od tih foldera(Na forumu sam nasao taj problem radi se o virusu "conficker"ali ja ne mogu nista naci),
Te foldere ne mogu da uklonim ni sa drugim XP-om, predpostavljam da se kopiraju prilikom reinstalacije.
Zasto ih ranije nisam imao,gledao sam na vise racunara i niko ih nema makar na mjestu gdje se meni nalaze
Mozda su ovo za nekoga gluposti,ne razumijem se bas u sve to.....

Da li moze virus da se useli u ram memoriju ????????????

Sve su to regularni windows-ovi fajlovi i folderi koji po default-u imaju atribute system i hidden pa ih zato ne vidis na drugim racunarima. Da li ce se vidjeti ili ne podesavas ovdje:

u windows explorer-u ides na tools > folder options > view > do not show hidden files and folders



Ne znam sta podrazumjevas pod 'useli', ali definitivno svaki kod koji se izvrsava prodje kroz memoriju.

Samo polako, da za početak proverimo neke detalje iz prve poruke. Ako su stvarno u pitanju folderi, onda to ne valja. Da nisu ipak u pitanju fajlovi koji su dobili imena foldera (koji su onda skriveni)? Kada to bude malo jasnije, onda da vidimo da li to smeš da diraš ili ne smeš. Za početak uključi prikaz skrivenih foldera i ekstenzija fajlova pa onda ponovo napiši šta sve vidiš a ne sviđa ti se.

Ako si instalirao neku od kljakavih verzija XP-a tipa black, full, gold i slično, onda je svašta moguće.

Mislim da li virus moze da se kopira sa ostalim folderima prilikom formatiranja i da se opet vrati prilikom nove instalacije windows-a

Na "size" nista ne pise, a na "type" pise "file folder"
Da li je normalno ili ne ???

Za neke sa tvog spiska je normalno, a za druge ne.

"RECYCLER"
"System Volume Information"
"AUTOEXEC.BAT"
"boot.ini"
"CONFIG.SYS"
"hiberfil.sys"
"IO.SYS"
"MSDOS.SYS"
"NTDETECT.COM"
"ntldr"

provjeri ti za sve ove koje si naveo, da li su fajlovi ili folderi.

Da li moze da se postavi slika na forum,da jasno vidite o cemu se radi

Moze. Napisi nesto pa posalji odgovor, i onda ispod tvog odgovora imas upload uz poruku.

Evo pogledajte,mozda vam bude jasnije
http://www.youtube.com/watch?v=ehI4ksc1ksQ

Iskopiraj mi taj Combofix log da ga pogledam, vidim da si pustao combofix.

ComboFix 10-03-23.04 - Administrator 03/23/2010 18:20:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.363 [GMT 0:00]
Running from: c:\documents and settings\Administrator.EXPERIEN-4B3693\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\Recycle Bin
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 20:26 . 2010-03-23 20:26 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\Identities
2010-03-23 18:29 . 2008-03-20 19:38 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-03-23 18:29 . 2008-03-20 19:38 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-03-23 18:29 . 2008-03-20 19:38 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-03-23 18:29 . 2008-03-20 19:38 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-03-23 18:29 . 2008-03-20 18:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-03-23 18:29 . 2008-03-20 19:38 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-23 18:29 . 2008-03-20 20:07 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-03-23 18:29 . 2008-03-20 20:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-03-23 18:11 . 2010-03-23 18:11 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2010-03-23 18:11 . 2010-03-23 18:11 -------- d-----w- c:\windows\system32\dllcache
2010-03-23 18:09 . 2010-03-23 18:09 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-03-23 18:09 . 2010-03-23 19:08 -------- d-s---w- c:\windows\Downloaded Program Files
2010-03-23 18:07 . 2008-05-03 12:00 274944 ----a-w- c:\windows\system32\mstask.dll
2010-03-23 18:07 . 2008-05-03 12:00 192512 ----a-w- c:\windows\system32\schedsvc.dll
2010-03-23 18:07 . 2008-05-03 12:00 12288 ----a-w- c:\windows\system32\mstinit.exe
2010-03-23 18:07 . 2008-05-03 12:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-03-23 18:07 . 2008-05-03 12:00 73728 ----a-w- c:\windows\system32\icwdial.dll
2010-03-23 18:07 . 2008-05-03 12:00 65536 ----a-w- c:\windows\system32\icwphbk.dll
2010-03-23 18:07 . 2008-05-03 12:00 274432 ----a-w- c:\windows\system32\inetcfg.dll
2010-03-23 18:07 . 2010-03-23 18:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-23 18:05 . 2008-05-03 12:00 58880 ----a-w- c:\windows\system32\licwmi.dll
2010-03-23 18:05 . 2008-05-03 12:00 56320 ----a-w- c:\windows\system32\servdeps.dll
2010-03-23 18:05 . 2008-05-03 12:00 185344 ----a-w- c:\windows\system32\cmprops.dll
2010-03-23 18:05 . 2008-05-03 12:00 17408 ----a-w- c:\windows\system32\mmfutil.dll
2010-03-23 18:05 . 2008-05-03 12:00 1358848 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2010-03-23 18:05 . 2008-03-21 01:37 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-23 18:05 . 2008-03-20 19:25 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-23 18:04 . 2008-03-20 19:32 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-23 18:04 . 2008-03-20 19:39 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-03-23 18:04 . 2008-03-20 19:40 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-03-23 18:04 . 2008-03-20 19:39 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-03-23 18:04 . 2008-03-20 19:32 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-03-23 18:04 . 2008-03-20 19:39 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-03-23 18:04 . 2008-03-20 19:40 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-03-23 18:04 . 2008-03-20 19:32 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-03-23 18:04 . 2008-03-20 19:39 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-03-23 18:04 . 2008-03-20 19:32 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-03-23 18:04 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-03-23 18:03 . 2008-03-21 01:36 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-23 18:03 . 2008-03-21 01:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-03-23 18:03 . 2003-10-21 03:20 104960 ----a-w- c:\windows\system32\drivers\atinrvxx.sys
2010-03-23 18:03 . 2003-10-21 03:18 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2010-03-23 18:03 . 2003-10-21 03:23 13824 ----a-w- c:\windows\system32\drivers\atinmdxx.sys
2010-03-23 18:03 . 2008-03-20 19:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-23 18:02 . 2003-12-02 13:44 865472 ----a-w- c:\windows\system32\ati3d1ag.dll
2010-03-23 18:02 . 2001-08-17 12:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2010-03-23 18:02 . 2008-03-21 01:36 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-23 17:59 . 2008-05-03 12:00 7168 ----a-r- c:\windows\system32\kbdcz.dll
2010-03-23 17:58 . 2003-07-02 02:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-03-23 17:58 . 2010-03-23 18:18 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-03-23 17:58 . 2010-03-23 18:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-03-21 22:55 . 2010-03-21 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-03-21 21:55 . 2010-03-21 21:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2010-03-21 20:39 . 2010-03-21 20:39 -------- d-sha-r- c:\program files\cmdcons
2010-03-21 18:17 . 2010-03-21 18:23 -------- d-----w- c:\program files\Winamp
2010-03-21 16:58 . 2010-03-21 16:58 -------- d-----w- c:\program files\CCleaner
2010-03-21 16:29 . 2010-03-21 16:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2010-03-21 16:24 . 2010-03-21 16:24 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-21 16:24 . 2010-03-21 16:24 -------- d-----w- c:\program files\Ahead
2010-03-21 15:20 . 2010-03-21 15:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\windows\system32\xircom
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-21 13:04 . 2010-03-21 13:04 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-03-21 13:01 . 2010-03-23 19:27 -------- d-----w- c:\windows\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 19:43 . 2010-03-21 12:59 -------- d-----w- c:\program files\ATI Technologies
2010-03-23 19:42 . 2010-03-23 18:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 19:33 . 2010-03-23 19:33 13664 ----a-w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 19:32 . 2010-03-23 19:32 152 ----a-w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\fusioncache.dat
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Application Data\ATI
2010-03-23 18:10 . 2010-03-23 18:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-21 13:02 . 2010-03-21 12:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 12:48 . 2010-03-21 12:48 -------- d-----w- c:\program files\Analog Devices
2010-03-21 12:31 . 2010-03-21 12:31 -------- d-----w- c:\program files\Windows Media Connect 2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-05-03 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-23 18:26:28
ComboFix-quarantined-files.txt 2010-03-23 18:26
ComboFix2.txt 2010-03-21 20:58

Pre-Run: 77,794,349,056 bytes free
Post-Run: 77,846,781,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7D4EE0D002EA14832A1205E9AB435321

Zasto pokrecete Combofix na svoju ruku. Prvo tebi nista ne znaci i da pokrenes Combofix kad ne znas sta posle. Drugo Combofix se pokrece iskljucivo sa desktopa i nikako drugacije. Trece to je alat za jednokratnu upotrebu i obavezno mora da se deinstalira posle koricsenja.
Ti ne mozes da ga deinstaliras jer ga nisi pokrenuo sa desktopa.
Moras da obrises ikonicu, obrises foldere c:\combofix i c:\qoobox, zatim iskljucis System restore, restartujes, pa ponovo ukljucis SR.

Instaliraj Antivirus

ComboFix 10-03-24.03 - Administrator 03/25/2010 17:10:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.348 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 16:53 . 2010-03-25 16:53 -------- d-----w- c:\windows\LastGood
2010-03-25 16:53 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-25 16:53 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-25 16:53 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-25 16:53 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-25 16:53 . 2010-03-25 16:53 -------- d-----w- c:\program files\Avira
2010-03-25 16:53 . 2010-03-25 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 00:22 . 2010-03-24 00:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 00:22 . 2010-03-24 00:21 -------- d-----w- c:\program files\ATI Technologies
2010-03-24 00:18 . 2010-03-24 00:18 -------- d-----w- c:\program files\Analog Devices
2010-03-24 00:18 . 2010-03-24 00:18 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-24 00:15 . 2010-03-24 00:15 62633 ----a-w- c:\windows\prio197uninstall.exe
2010-03-24 00:15 . 2010-03-24 00:15 -------- d-----w- c:\program files\Opera
2010-03-24 00:11 . 2010-03-24 00:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-24 00:08 . 2010-03-24 00:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
STARTXP.BAT [2008-5-3 6323]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/25/2010 4:53 PM 108289]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - IMAPISERVICE
*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\prio.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\prio.dll
.
Completion time: 2010-03-25 17:15:15
ComboFix-quarantined-files.txt 2010-03-25 17:15

Pre-Run: 79,217,815,552 bytes free
Post-Run: 79,199,657,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - AE26C9A9FF9E8B3CDBA535F11B7415E8

Avira AntiVir Personal
Report file date: Thursday, March 25, 2010 17:46

Scanning for 1903552 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : EXPERIEN-3C24DA

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 16:54:39
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 16:55:30
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:55:47
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:57:02
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:57:02
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:57:02
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:57:02
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:57:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:57:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:57:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:57:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:57:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 16:57:05
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 16:57:07
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 16:57:08
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 16:57:10
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 16:57:12
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 16:57:14
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 16:57:16
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 16:57:18
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 16:57:20
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 16:57:22
VBASE023.VDF : 7.10.5.200 2048 Bytes 3/24/2010 16:57:22
VBASE024.VDF : 7.10.5.201 2048 Bytes 3/24/2010 16:57:22
VBASE025.VDF : 7.10.5.202 2048 Bytes 3/24/2010 16:57:22
VBASE026.VDF : 7.10.5.203 2048 Bytes 3/24/2010 16:57:22
VBASE027.VDF : 7.10.5.204 2048 Bytes 3/24/2010 16:57:22
VBASE028.VDF : 7.10.5.205 2048 Bytes 3/24/2010 16:57:22
VBASE029.VDF : 7.10.5.206 2048 Bytes 3/24/2010 16:57:22
VBASE030.VDF : 7.10.5.207 2048 Bytes 3/24/2010 16:57:23
VBASE031.VDF : 7.10.5.214 71168 Bytes 3/25/2010 16:57:23
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/25/2010 16:58:04
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/25/2010 16:58:04
AESCN.DLL : 8.1.5.0 127347 Bytes 3/25/2010 16:57:58
AESBX.DLL : 8.1.2.1 254323 Bytes 3/25/2010 16:58:06
AERDL.DLL : 8.1.4.3 541043 Bytes 3/25/2010 16:57:57
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/25/2010 16:57:52
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/25/2010 16:57:49
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/25/2010 16:57:47
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/25/2010 16:57:30
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/25/2010 16:57:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 07:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/25/2010 16:57:25
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 15:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/25/2010 16:58:08
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 12:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, March 25, 2010 17:46

Starting search for hidden objects.
'16980' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'STOPREST.EXE' - '1' Module(s) have been scanned
Module is OK -> 'F:\$OEM$\INST\STOPREST.exe'
[WARNING] The file could not be opened!
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.


End of the scan: Thursday, March 25, 2010 17:52
Used time: 06:07 Minute(s)

The scan has been done completely.

929 Scanned directories
33569 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
33566 Files not concerned
305 Archives were scanned
3 Warnings
2 Notes
16980 Objects were scanned with rootkit scan
0 Hidden objects were found

Mogu li da obrisem (rucno) file folder-e (attributes HC ) koje su plave boje i ispred i iza naziva stoji $.........$

$NtServicePackUninstallNLSDownlevelMapping$

$NtUninstallKB898461$ i tako dalje (ima ih oko 60 folder-a

Pa da probam onda da uradim iznova instalaciju Xp

Zasto nece niko da mi pomogne-eeeeeeeeeeeeeeee

Mozda zato sto na svoju ruku radis stvari koje mogu samo jos vise da ugrobare tvoj racunar, pa niko ne zeli da gubi vreme sa takvom masinom na kojoj korisnik sam pravi stetu...

Pa sta da radim kada nisam znao

Kao prvo, ako ćeš da reinstaliraš, onda ništa posebno ne briši nego formatiraj sve pa od početka. Kao drugo, raspitaj se šta je šta i nemoj na svoju ruku da pokušavaš da brišeš nešto što se ne sme, instaliraj i radi šta radiš i ne obraćaj pažnju na foldere i fajlove.

OK...Hvala

Cao,

Mozda negde postoji odgovor na ovo pitanje ali ja nisam uspeo da ga nadjem.
Zasto u folderu System Volume Information imam preko 9 Gb nekakvih fajlova?
Molim vas za neko objasnjenje i da li ja to mogu da obrisem?
Znam da sve to ima veze sa Restore Point-om.

I jos nesto, sta predstavljaju folderi na C particiji Found.000, Found.001, Found.002, Found.003?

Instalaciona procedura XP-a podrazumevano za čuvanje zapamćenih tačaka System Restore-a odvoji na svakoj particiji maksimalnih 12% veličine te particije. Kada se XP pojavio diskovi su bili desetak puta manji no sad pa je toliki rezervisan prostor možda imao smisla. Sa današnjim velikim diskovima mislim da je toliki prostor bespotreban i ja ga na tuđim računarima gotovo uvek smanjim na minimum, a to je otprilike 200MB. Smanjivanjem tog raspoloživog prostora obrisaće se najstarije zapamćene tačke pa redom na ovamo, u zavisnosti na koliko taj prostor smanjite. Dakle, tebi je devet GB zauzeto zapamćenim tačkama za vraćanje sistema. Bespotrebno. Jedna tačka zauzima oko 50MB.

Folderi Found.000, Found.001 itd. kreiraju se po potrebi kada se pokrene neka alatka za proveru diskova, npr. chkdsk.

Ok. Kako smanjiti taj raspolozivi prostor?

^{Edit: Izbačen nepotreban citat.}

_{[Ovu poruku je menjao plavigor dana 02.06.2010. u 00:16 GMT+1]}

Desni klik na my com> system properties>System Restore
Klikni na drajv koji hoces da podesis, setings, podesi velicinu, apply, ok, restart.

Folderi Found.000, Found.001 itd se kreiraju ako imate FAT 32 file sistem na disku, dok kod NTFS-a toga nema.

"RECYCLER"
"System Volume Information"!
Hahaha, sada mi je lakše (pošto sam i ja ovo primetila i pomislila da su virusi, pa se uspaničila, jer ni TC nije mogao da ih 'vidi', a samim tim ni obriše!

TC sa uključenom opcijom Show hidden/system files mora da vidi te foldere.

RECYCLER se pod administratorskim nalogom može obrisati i iz Windows Explorer-a i iz TC-a, zapravo iz bilo kog fajl menadžera, naravno pod uslovom da u tom folderu nema neki aktivni virus. System Volume Information se ne može obrisati ni iz jednog fajl menadžera zbog trenutnih ovlašćenja nad tim folderom. Tek kada pod administratorskim nalogom dodate svoj nalog u ta ovlašćenja možete ga obrisati iz bilo kog menadžera, opet pod uslovom da nema nekog aktivnog virusa u tom folderu.

Plavigor, hvala! Sada ih oba vidim iz TC. (Za one koji, kao ja, nemaju pojma, trebalo je ući u podešavanja i uključiti navedenu opciju...)
Medjutim, ako su to uobičajeni folderi, onda valjda nije ni preporučljivo brisati ih?