MyCity » Ambulanta -> Arhiva Ambulante » I opet. Ovaj put je izgleda 31lyx.exe

I opet. Ovaj put je izgleda 31lyx.exe

Napisano na dan: 11.1.2010

Strana:
1
2

I opet. Ovaj put je izgleda 31lyx.exe

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Hosenfefer Poslao: 11 Jan 2010 21:40 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Vec ste me spasavali od malware na ovoj temi: mycity.rs/Ambulanta/svchost-exe-uzima-50-CPU-a.html Odradio sam sve kako ste savetovali osim zadnjeg posta ( deinstaliranje combofixa i ponovno aktiviranje CD/DVD emulatora) na cemu se najiskrenije izvinjavam, ali stvarno nisam imao vremena (posao,fakultet,seminarski). U medjuvremenu je neko iz familije izgleda zakacio novog zlikovca. Jutros kad sam startovao racunar, avast me je obavestio o izvesnom fajlu (mislim da je C:\31lyx.exe u pitanju), za koji pretpostavlja da je malware, ali nije siguran, pa ga je poslao svojim strucnjacima na analizu. Ja sam naravno kliknuo na delete. zatim mi je obavestio da mi je operativna memorija zarazena virusom i predlozio reboot racunara,kako bi ga safe skenirao. Ja sam to odbio, zeleci prvo da se konsultujem sa vama. Skenirao sam ceo racunar avastom, ali nista nije nasao. Jedino sto sam primetio od stete na racunaru je to sto ne mogu da ukljucim show hidden files and folders, a i net mi (cini mi se) radi sporije. Pomozite!!! DDS (Ver_09-12-01.01) - NTFSx86 Run by vlada at 15:51:38,76 on ??? 11.01.2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.483 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 100110-1] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\vlada\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [cdoosoft] c:\docume~1\vlada\locals~1\temp\herss.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Synchronizer.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\InterVideo WinCinema Manager.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VPN Client.lnk.disabled IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-e511cb286f66093c.spaces.live.com/PhotoUpload/MsnPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\vlada\applic~1\mozilla\firefox\profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\application data\mozilla\firefox\profiles\g5n7nz7b.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\application data\mozilla\firefox\profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 114768] R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-8-2 127768] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-2 395080] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-9-1 138680] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-9-1 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-9-1 352920] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\drivers\dig_ts.sys --> c:\windows\system32\drivers\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2007-2-3 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2007-8-24 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2007-8-24 5248] =============== Created Last 30 ================ 2010-01-10 19:00:06 57 --sh--r- C:\autorun.inf 2010-01-10 19:00:06 114688 --sh--r- C:\31lyx.exe 2010-01-07 15:36:30 0 d-----w- c:\program files\Ninja Reflex 2009-12-27 09:21:45 0 d-s---w- C:\ComboFix 2009-12-23 14:02:23 0 d-----w- c:\documents and settings\vlada\WINDOWS 2009-12-22 09:28:35 54 ----a-w- c:\documents and settings\vlada\defogger_reenable 2009-12-21 17:59:24 98816 ----a-w- c:\windows\sed.exe 2009-12-21 17:59:24 77312 ----a-w- c:\windows\MBR.exe 2009-12-21 17:59:24 261632 ----a-w- c:\windows\PEV.exe 2009-12-21 17:59:24 161792 ----a-w- c:\windows\SWREG.exe 2009-12-15 14:22:29 0 d-----w- c:\docume~1\alluse~1\applic~1\BioWare 2009-12-15 12:01:18 0 d-----w- c:\windows\system32\AGEIA 2009-12-15 12:01:01 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-15 11:40:57 0 d-----w- c:\program files\common files\BioWare ==================== Find3M ==================== 2010-01-11 14:51:39 72265760 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-11 00:04:06 846128 --sha-w- c:\windows\system32\drivers\fidbox.idx 2001-11-23 04:08:20 712704 ----a-w- c:\windows\inf\other\AUDIO3D.DLL ============= FINISH: 15:52:21,52 =============== mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 11 Jan 2010 22:19 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Hosenfefer Poslao: 12 Jan 2010 22:49 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-01-12.02 - vlada 12.01.2010 22:31:14.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.596 [GMT 1:00] Running from: c:\documents and settings\vlada\Desktop\ranije\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100112-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\docume~1\vlada\LOCALS~1\Temp\cvasds1.dll C:\LOG.TXT c:\windows\system32\Thumbs.db c:\windows\unins000.dat c:\windows\unins000.exe D:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 ))))))))))))))))))))))))))))))) . 2010-01-12 21:28 . 2010-01-08 17:40 114688 --sh--r- C:\31lyx.exe 2010-01-07 15:36 . 2010-01-07 15:37 -------- d-----w- c:\program files\Ninja Reflex 2009-12-23 14:02 . 2009-12-23 14:02 -------- d-----w- c:\documents and settings\vlada\WINDOWS 2009-12-15 14:22 . 2009-12-15 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\windows\system32\AGEIA 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-15 11:40 . 2009-12-15 11:59 -------- d-----w- c:\program files\Common Files\BioWare . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-12 21:37 . 2009-08-02 08:23 72966176 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-12 16:46 . 2007-02-04 00:49 10 ----a-w- c:\windows\popcinfo.dat 2010-01-12 13:09 . 2010-01-12 13:10 1459200 ----a-w- c:\windows\Internet Logs\xDB14.tmp 2010-01-12 13:09 . 2010-01-12 13:10 2621440 ----a-w- c:\windows\Internet Logs\xDB13.tmp 2010-01-12 13:05 . 2009-08-02 08:23 855128 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-10 13:58 . 2007-02-05 21:14 -------- d-----w- c:\documents and settings\vlada\Application Data\Skype 2010-01-09 21:09 . 2009-12-06 10:24 60 ---h--w- c:\windows\popcreg.dat 2010-01-09 21:09 . 2009-12-05 11:56 22 ----a-w- c:\windows\popcinfot.dat 2010-01-08 19:53 . 2007-02-19 19:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-05 22:54 . 2009-02-15 17:19 -------- d-----w- c:\program files\DOSBox-0.72 2010-01-02 15:36 . 2007-02-04 15:35 -------- d-----w- c:\program files\Planplus 2010-01-02 00:24 . 2008-01-09 22:12 -------- d-----w- c:\documents and settings\vlada\Application Data\uTorrent 2009-12-24 17:13 . 2008-07-31 18:44 -------- d-----w- c:\documents and settings\vlada\Application Data\LimeWire 2009-12-12 20:28 . 2008-11-19 18:01 -------- d-----w- c:\documents and settings\vlada\Application Data\Winamp 2009-12-12 20:20 . 2008-11-19 18:01 -------- d-----w- c:\program files\Winamp 2009-12-11 10:15 . 2007-02-03 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-10 15:06 . 2009-12-10 15:03 -------- d-----w- c:\program files\FruityLoops 3.56 2009-12-10 15:03 . 2009-12-10 15:03 -------- d-----w- c:\program files\Steinberg 2009-12-05 11:55 . 2009-12-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-12-05 11:55 . 2009-12-05 11:54 -------- d-----w- c:\program files\PopCap Games 2009-11-24 23:54 . 2007-09-01 19:08 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-09-01 19:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-09-01 19:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-04-01 11:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-04-01 11:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-09-01 19:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-09-01 19:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-09-01 19:08 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-09-01 19:08 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-21 10:30 . 2009-11-21 10:31 48640 ----a-w- c:\windows\Internet Logs\xDB12.tmp 2009-11-21 10:28 . 2009-11-21 10:29 1364992 ----a-w- c:\windows\Internet Logs\xDB11.tmp 2009-11-21 10:28 . 2009-11-21 10:29 781312 ----a-w- c:\windows\Internet Logs\xDB10.tmp 2009-11-19 15:41 . 2007-11-19 11:46 177024 ----a-w- c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\FlashGot.exe 2009-11-16 13:06 . 2009-11-16 13:07 1358336 ----a-w- c:\windows\Internet Logs\xDBF.tmp 2009-11-14 19:12 . 2009-11-14 19:12 2314335 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-14 19:08 . 2009-10-10 18:10 -------- d-----w- c:\program files\Microsoft 2009-11-09 21:02 . 2009-11-09 21:03 51200 ----a-w- c:\windows\Internet Logs\xDBE.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1349632 ----a-w- c:\windows\Internet Logs\xDBD.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1688576 ----a-w- c:\windows\Internet Logs\xDBC.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-12-21_18.10.25 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-12 13:10 . 2010-01-12 13:10 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-05 180269] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk.disabled [2007-8-31 1746] Adobe Reader Synchronizer.lnk.disabled [2007-2-18 1788] InterVideo WinCinema Manager.lnk.disabled [2007-2-3 1781] Logitech Desktop Messenger.lnk.disabled [2007-2-3 1885] VPN Client.lnk.disabled [2007-8-10 2447] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0aswBoot.exe /M:99d4059b8225 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE "PCTVOICE"=pctspk.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" "PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Games\\KKND Krossfire\\Kknd2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 12:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 12:03 20560] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\DRIVERS\dig_ts.sys --> c:\windows\system32\DRIVERS\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 12:53 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [3.2.2007 17:53 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 12:19 23064] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.8.2007 11:07 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.8.2007 11:07 5248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab FF - ProfilePath - c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS REMOVED - - - - AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-01-12 22:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2010-01-12 22:41:06 ComboFix-quarantined-files.txt 2010-01-12 21:41 ComboFix2.txt 2009-12-22 09:48 ComboFix3.txt 2009-12-21 18:18 Pre-Run: 14.351.339.520 bytes free Post-Run: 14.383.816.704 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5 - - End Of File - - 84BE29D8924F17C6990C9AD9B371A089

Profil

helen1 Poslao: 13 Jan 2010 00:02 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\31lyx.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Hosenfefer Poslao: 13 Jan 2010 12:02 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-01-12.04 - vlada 13.01.2010 11:38:26.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.667 [GMT 1:00] Running from: c:\documents and settings\vlada\Desktop\ranije\ComboFix.exe Command switches used :: c:\documents and settings\vlada\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100112-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 ))))))))))))))))))))))))))))))) . 2010-01-12 21:28 . 2010-01-08 17:40 114688 --sh--r- C:\31lyx.exe 2010-01-07 15:36 . 2010-01-07 15:37 -------- d-----w- c:\program files\Ninja Reflex 2009-12-23 14:02 . 2009-12-23 14:02 -------- d-----w- c:\documents and settings\vlada\WINDOWS 2009-12-15 14:22 . 2009-12-15 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\windows\system32\AGEIA 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-15 11:40 . 2009-12-15 11:59 -------- d-----w- c:\program files\Common Files\BioWare . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-13 10:45 . 2009-08-02 08:23 73181216 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-13 10:28 . 2010-01-13 10:30 53760 ----a-w- c:\windows\Internet Logs\xDB15.tmp 2010-01-13 10:27 . 2009-08-02 08:23 860912 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-12 16:46 . 2007-02-04 00:49 10 ----a-w- c:\windows\popcinfo.dat 2010-01-12 13:09 . 2010-01-12 13:10 1459200 ----a-w- c:\windows\Internet Logs\xDB14.tmp 2010-01-12 13:09 . 2010-01-12 13:10 2621440 ----a-w- c:\windows\Internet Logs\xDB13.tmp 2010-01-10 13:58 . 2007-02-05 21:14 -------- d-----w- c:\documents and settings\vlada\Application Data\Skype 2010-01-09 21:09 . 2009-12-06 10:24 60 ---h--w- c:\windows\popcreg.dat 2010-01-09 21:09 . 2009-12-05 11:56 22 ----a-w- c:\windows\popcinfot.dat 2010-01-08 19:53 . 2007-02-19 19:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-05 22:54 . 2009-02-15 17:19 -------- d-----w- c:\program files\DOSBox-0.72 2010-01-02 15:36 . 2007-02-04 15:35 -------- d-----w- c:\program files\Planplus 2010-01-02 00:24 . 2008-01-09 22:12 -------- d-----w- c:\documents and settings\vlada\Application Data\uTorrent 2009-12-24 17:13 . 2008-07-31 18:44 -------- d-----w- c:\documents and settings\vlada\Application Data\LimeWire 2009-12-12 20:28 . 2008-11-19 18:01 -------- d-----w- c:\documents and settings\vlada\Application Data\Winamp 2009-12-12 20:20 . 2008-11-19 18:01 -------- d-----w- c:\program files\Winamp 2009-12-11 10:15 . 2007-02-03 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-10 15:06 . 2009-12-10 15:03 -------- d-----w- c:\program files\FruityLoops 3.56 2009-12-10 15:03 . 2009-12-10 15:03 -------- d-----w- c:\program files\Steinberg 2009-12-05 11:55 . 2009-12-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-12-05 11:55 . 2009-12-05 11:54 -------- d-----w- c:\program files\PopCap Games 2009-11-24 23:54 . 2007-09-01 19:08 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-09-01 19:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-09-01 19:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-04-01 11:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-04-01 11:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-09-01 19:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-09-01 19:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-09-01 19:08 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-09-01 19:08 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-21 10:30 . 2009-11-21 10:31 48640 ----a-w- c:\windows\Internet Logs\xDB12.tmp 2009-11-21 10:28 . 2009-11-21 10:29 1364992 ----a-w- c:\windows\Internet Logs\xDB11.tmp 2009-11-21 10:28 . 2009-11-21 10:29 781312 ----a-w- c:\windows\Internet Logs\xDB10.tmp 2009-11-19 15:41 . 2007-11-19 11:46 177024 ----a-w- c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\FlashGot.exe 2009-11-16 13:06 . 2009-11-16 13:07 1358336 ----a-w- c:\windows\Internet Logs\xDBF.tmp 2009-11-14 19:12 . 2009-11-14 19:12 2314335 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-14 19:08 . 2009-10-10 18:10 -------- d-----w- c:\program files\Microsoft 2009-11-09 21:02 . 2009-11-09 21:03 51200 ----a-w- c:\windows\Internet Logs\xDBE.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1349632 ----a-w- c:\windows\Internet Logs\xDBD.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1688576 ----a-w- c:\windows\Internet Logs\xDBC.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-12-21_18.10.25 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-13 10:30 . 2010-01-13 10:30 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-05 180269] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk.disabled [2007-8-31 1746] Adobe Reader Synchronizer.lnk.disabled [2007-2-18 1788] InterVideo WinCinema Manager.lnk.disabled [2007-2-3 1781] Logitech Desktop Messenger.lnk.disabled [2007-2-3 1885] VPN Client.lnk.disabled [2007-8-10 2447] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE "PCTVOICE"=pctspk.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" "PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Games\\KKND Krossfire\\Kknd2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 12:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 12:03 20560] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\DRIVERS\dig_ts.sys --> c:\windows\system32\DRIVERS\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 12:53 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [3.2.2007 17:53 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 12:19 23064] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.8.2007 11:07 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.8.2007 11:07 5248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab FF - ProfilePath - c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-01-13 11:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2936) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-01-13 11:48:43 ComboFix-quarantined-files.txt 2010-01-13 10:48 ComboFix2.txt 2010-01-12 21:41 ComboFix3.txt 2009-12-22 09:48 ComboFix4.txt 2009-12-21 18:18 Pre-Run: 14.372.233.216 bytes free Post-Run: 14.328.877.056 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5 - - End Of File - - 711B0BCE0FB9AA10649065075D117B59 Citat:Ne vidim da ga je obrisao. Mozda je to uspeo onaj budjavi AVAST, obzirom da ga vidim u chestu kako trune zajedno sa ostalim napasnicima.

Profil

dr_Bora Poslao: 13 Jan 2010 19:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Kolega je trenutno zauzet, stoga ću ti ja dati dalja uputstva. Otvoriti Notepad i pažljivo iskopirati sledeci tekst: `File:: C:\31lyx.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Imaš li neke USB drive-ove (flash drive, prenosivi HDD, fotoaparat, itd)?

Profil

Hosenfefer Poslao: 16 Jan 2010 17:50 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-01-15.05 - vlada 16.01.2010 17:28:02.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.717 [GMT 1:00] Running from: c:\documents and settings\vlada\Desktop\ranije\ComboFix.exe Command switches used :: c:\documents and settings\vlada\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100116-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "C:\31lyx.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\31lyx.exe c:\program files\Mozilla Thunderbird\plc4.dll . ((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 ))))))))))))))))))))))))))))))) . 2010-01-13 11:28 . 2010-01-13 11:28 -------- d-----w- c:\program files\DVDx 2010-01-07 15:36 . 2010-01-07 15:37 -------- d-----w- c:\program files\Ninja Reflex 2009-12-23 14:02 . 2009-12-23 14:02 -------- d-----w- c:\documents and settings\vlada\WINDOWS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-16 16:35 . 2009-08-02 08:23 75567136 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-16 16:34 . 2007-02-19 19:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-16 15:47 . 2007-02-04 00:49 10 ----a-w- c:\windows\popcinfo.dat 2010-01-16 01:57 . 2009-08-02 08:23 887936 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-15 19:11 . 2009-12-06 10:24 60 ---h--w- c:\windows\popcreg.dat 2010-01-15 19:11 . 2009-12-05 11:56 22 ----a-w- c:\windows\popcinfot.dat 2010-01-15 15:22 . 2007-02-05 21:14 -------- d-----w- c:\documents and settings\vlada\Application Data\Skype 2010-01-13 10:28 . 2010-01-13 10:30 53760 ----a-w- c:\windows\Internet Logs\xDB15.tmp 2010-01-12 13:09 . 2010-01-12 13:10 1459200 ----a-w- c:\windows\Internet Logs\xDB14.tmp 2010-01-12 13:09 . 2010-01-12 13:10 2621440 ----a-w- c:\windows\Internet Logs\xDB13.tmp 2010-01-05 22:54 . 2009-02-15 17:19 -------- d-----w- c:\program files\DOSBox-0.72 2010-01-02 15:36 . 2007-02-04 15:35 -------- d-----w- c:\program files\Planplus 2010-01-02 00:24 . 2008-01-09 22:12 -------- d-----w- c:\documents and settings\vlada\Application Data\uTorrent 2009-12-24 17:13 . 2008-07-31 18:44 -------- d-----w- c:\documents and settings\vlada\Application Data\LimeWire 2009-12-15 14:22 . 2009-12-15 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-15 11:59 . 2009-12-15 11:40 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-12 20:28 . 2008-11-19 18:01 -------- d-----w- c:\documents and settings\vlada\Application Data\Winamp 2009-12-12 20:20 . 2008-11-19 18:01 -------- d-----w- c:\program files\Winamp 2009-12-11 10:15 . 2007-02-03 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-10 15:06 . 2009-12-10 15:03 -------- d-----w- c:\program files\FruityLoops 3.56 2009-12-10 15:03 . 2009-12-10 15:03 -------- d-----w- c:\program files\Steinberg 2009-12-05 11:55 . 2009-12-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-12-05 11:55 . 2009-12-05 11:54 -------- d-----w- c:\program files\PopCap Games 2009-11-24 23:54 . 2007-09-01 19:08 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-09-01 19:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-09-01 19:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-04-01 11:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-04-01 11:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-09-01 19:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-09-01 19:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-09-01 19:08 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-09-01 19:08 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-21 10:30 . 2009-11-21 10:31 48640 ----a-w- c:\windows\Internet Logs\xDB12.tmp 2009-11-21 10:28 . 2009-11-21 10:29 1364992 ----a-w- c:\windows\Internet Logs\xDB11.tmp 2009-11-21 10:28 . 2009-11-21 10:29 781312 ----a-w- c:\windows\Internet Logs\xDB10.tmp 2009-11-19 15:41 . 2007-11-19 11:46 177024 ----a-w- c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\FlashGot.exe 2009-11-16 13:06 . 2009-11-16 13:07 1358336 ----a-w- c:\windows\Internet Logs\xDBF.tmp 2009-11-14 19:12 . 2009-11-14 19:12 2314335 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-09 21:02 . 2009-11-09 21:03 51200 ----a-w- c:\windows\Internet Logs\xDBE.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1349632 ----a-w- c:\windows\Internet Logs\xDBD.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1688576 ----a-w- c:\windows\Internet Logs\xDBC.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-12-21_18.10.25 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-16 11:57 . 2010-01-16 11:57 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-05 180269] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk.disabled [2007-8-31 1746] Adobe Reader Synchronizer.lnk.disabled [2007-2-18 1788] InterVideo WinCinema Manager.lnk.disabled [2007-2-3 1781] Logitech Desktop Messenger.lnk.disabled [2007-2-3 1885] VPN Client.lnk.disabled [2007-8-10 2447] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE "PCTVOICE"=pctspk.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" "PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Games\\KKND Krossfire\\Kknd2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 12:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 12:03 20560] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\DRIVERS\dig_ts.sys --> c:\windows\system32\DRIVERS\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 12:53 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [3.2.2007 17:53 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 12:19 23064] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.8.2007 11:07 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.8.2007 11:07 5248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab FF - ProfilePath - c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - mail.yahoo.com FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . Completion time: 2010-01-16 17:38:43 ComboFix-quarantined-files.txt 2010-01-16 16:38 ComboFix2.txt 2010-01-13 10:48 ComboFix3.txt 2010-01-12 21:41 ComboFix4.txt 2009-12-22 09:48 ComboFix5.txt 2010-01-16 16:26 Pre-Run: 12.936.679.424 bytes free Post-Run: 12.899.274.752 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5 - - End Of File - - 61DE733221F65EFD58679E45583691FC Citat:Ovaj c:\program files\Mozilla Thunderbird\plc4.dll nije virus. Ne znam zasto ga comboFix vec drugi put prepoznaje tako, ali vas kolega ProCarp ga je vec jednom analizirao na ovoj temi: mycity.rs/Ambulanta/svchost-exe-uzima-50-CPU-a.html Inace, da, imam jedan USB mp3 player, koji sam formatirao, ali ne znam da li je jos uvek zarazen i nokiu n70, koju nisam ubacivao dok je racunar bio zarazen.

Profil

dr_Bora Poslao: 17 Jan 2010 09:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Znam da nije maliciozan. Promeni mu ekstenziju (obriši ".vir") i vrati ga gde mu je mesto. File je ovde: C:\Qoobox\Quarantine\C\program files\Mozilla Thunderbird\plc4.dll.vir a treba da bude u: C:\program files\Mozilla Thunderbird\ Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

Hosenfefer Poslao: 17 Jan 2010 10:56 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.5 (26 July 2009) by bobby Started at 17.1.2010 10:41:45 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {09282098-b3a9-11db-bc86-806d6172696f} C: {0928209b-b3a9-11db-bc86-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 0928209b-b3a9-11db-bc86-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 09282098-b3a9-11db-bc86-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [AutoRun] open=31lyx.exe shell\open\Command=31lyx.exe ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [AutoRun] open=31lyx.exe shell\open\Command=31lyx.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 17.1.2010 10:42:35 Scanning for connected USB mass storage... ---------------------------------------- G: {6424d5ea-3918-11dc-97f9-00308d001415} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=8xcrbho6.exe shell\open\Command=8xcrbho6.exe ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\8xcrbho6.exe -r-hs 114688 ---------------------------------------- No mountpoint found for 6424d5ea-3918-11dc-97f9-00308d001415 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== New device connected at 17.1.2010 10:43:22 Scanning for connected USB mass storage... ---------------------------------------- G: {6424d5ea-3918-11dc-97f9-00308d001415} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=8xcrbho6.exe shell\open\Command=8xcrbho6.exe ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\8xcrbho6.exe -r-hs 114688 ---------------------------------------- ---------------------------------------- No Autorun.inf files found on G: No mountpoint found for 6424d5ea-3918-11dc-97f9-00308d001415 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== New device connected at 17.1.2010 10:47:05 Scanning for connected USB mass storage... ---------------------------------------- G: {4c9293b6-3b77-11dc-97fd-00308d001415} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No Autorun.inf files found on G: No mountpoint found for 4c9293b6-3b77-11dc-97fd-00308d001415 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== Citat:E, izvini molim te, dva puta sam ubacio mp3 player od 256mb, jer nisam bio siguran da li sam ga prvi put drzao 10 sec u portu. Moju Nokiu N70 nije prepoznao, a treci scan je jedan matori mp3 player (koji mi sluzi za prenos podataka), koji nisam davno ubaciovao, ali rekoh ajde da ga probam.

Profil

dr_Bora Poslao: 17 Jan 2010 11:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html Na prvom uređaju koji si priključivao se nalazi file 8xcrbho6.exe. Uploaduj ga preko: http://www.mycity.rs/ambulanta-upload.php Zatim obriši taj file. Takođe, obriši i autorun.inf.blocked. Proveri da li se na D: disku nalazi file 31lyx.exe - ako ga pronađeš, obriši ga. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Obriši preostale korišćene programe. To bi bilo sve...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » I opet. Ovaj put je izgleda 31lyx.exe

Ko je trenutno na forumu

Ukupno su 1067 korisnika na forumu :: 30 registrovanih, 2 sakrivenih i 1035 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: airsuba, ajo baba, Ben Roj, bojank, cavatina, cenejac111, Denaya, Dorcolac, indja, ivica976, Jakov01, jukeboxer, Lucije Kvint, mercedesamg, milos.cbr, nebkv, nenad81, oldtimer, operniki, panzerwaffe, procesor, Romibrat, Sirius, stankolich, Tvrtko I, VJ, Zoca, Šraf, 1107, 223223

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by