MyCity » Ambulanta -> Arhiva Ambulante » POMOĆ. Javili mi se cudni vurusi

POMOĆ. Javili mi se cudni vurusi

Napisano na dan: 21.8.2011

Strana:
1
2

POMOĆ. Javili mi se cudni vurusi

Sledeća strana

Pagination

Odgovori

Strana:
1
2

kikssi Poslao: 21 Avg 2011 22:20 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imam AVG 2011 program koji mi je registrovao sledeće viruse (u karantinu pise tako): ozbiljnost: ime virusa: lokacija: zaraženo virusom Win32/Cryptor "c:\Documents and Settings\kris \fswagz.exe";"N/A";"17.8.2011, 20:41:13" Potencijalno neželjen program Adver Generic3.BNT "D:\System Volume Information\_restore{DA8F45FF-D369-49DE-AF3E-FCF8105C766A}\RP2\A0008961.dll";"N/A";"22.11.2010, 10:25:15" Potencijalno neželjen program Adver Generic3.ZHY "D:\System Volume Information\_restore{DA8F45FF-D369-49DE-AF3E-FCF8105C766A}\RP2\A0008962.dll";"N/A";"22.11.2010, 10:25:18" Potencijalno neželjen program Adver Generic3.DWK "D:\System Volume Information\_restore{DA8F45FF-D369-49DE-AF3E-FCF8105C766A}\RP2\A0008963.exe";"N/A";"22.11.2010, 10:25:19" Zaraženo virusom Trojanski konj Generic19.PPK "D:\driver\info\explorer.exe";"N/A";"22.11.2010, 10:25:43" Zaraženo virusom Trojanski konj Generic19.PPK "E:\driver\info\explorer.exe";"N/A";"22.11.2010, 10:26:17" Malver Nepoznato "C:\DOCUMENTS AND SETTINGS\KRIS\APPLICATION DATA\EXPLORER.EXE";"N/A";"22.11.2010, 10:05:16" Malver Nepoznato "C:\DOCUMENTS AND SETTINGS\KRIS\APPLICATION DATA\EXPLORER.EXE";"N/A";"22.11.2010, 10:05:28" Malver Nepoznato "C:\DOCUMENTS AND SETTINGS\KRIS\APPLICATION DATA\EXPLORER.EXE";"N/A";"22.11.2010, 10:05:38" Malver Nepoznato "C:\DOCUMENTS AND SETTINGS\KRIS\FSWAGZ.EXE";"N/A";"17.8.2011, 20:41:13" Malver Nepoznato "F:\RAZOR1911\KEYGEN.EXE";"N/A";"9.2.2011, 20:33:25" Malver TR/Crypt.XPACK.Gen "C:\32788R22FWJFW\HANDLE.CFXXE";"N/A";"21.8.2011, 21:42:24" Malver Nepoznato "C:\DOCUMENTS AND SETTINGS\KRIS\APPLICATION DATA\EXPLORER.EXE";"N/A";"22.11.2010, 10:04:41" Malver Nepoznato "E:\SKALAPANJE MOTORA\DEUTZ ENGINE.SCR";"N/A";"27.5.2011, 0:20:13" AVG je skladištio te viruse. imam problem, koči mi se računar, svaki USB mi zarazi win32 virusom, izbacuje mi prozor sa upozorenjem da je detektovana pretnja, trepka mi ekran, kao kada sevne pojača pa smanji svetlost. Videla sam na ovom sajtu da je neka devojka imala problem sa ovim virusom i ostalim pa sam pratila uputstva koja ste njoj dali i sačuvala sve izveštaje u dds-Notepad, attach-Notepad, Gmer1, Gmer2, Gmer3 i izveštaj ComboFix. Imam ADSL internet 4mb. Da li mi možete pomoći da obrišem te viruse? staviću redom izveštaje kako pise u tekstu mycity.rs/must-login.png mycity.rs/must-login.png a izveštaj combofix ću kopirati ovde: ComboFix 11-08-21.01 - kris 21.08.2011 21:44:29.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.181 [GMT 2:00] Running from: c:\documents and settings\kris\Desktop\ComboFix.exe AV: AVG Anti-Virus 2011 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\kris\Application Data\internetfiles067.tmp c:\documents and settings\kris\WINDOWS C:\RECYCLE c:\recycle\D-0-060-0000000000-1111111-2222222\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 C:\Win c:\win\names.txt c:\windows\CIDD_P c:\windows\CIDD_P\6B726973\br.dll c:\windows\CIDD_P\6B726973\clm.dll c:\windows\CIDD_P\6B726973\nam.dll c:\windows\CIDD_P\6B726973\nfie.dll c:\windows\CIDD_P\6B726973\systems.dll c:\windows\CIDD_P\6B726973\yfie.dll c:\windows\configuration c:\windows\n.tmp c:\windows\system\BCBSMP35.BPL c:\windows\system32\mswmpdat.tlb d:\driver\info d:\driver\info\Desktop.ini e:\driver\info e:\driver\info\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))))) . . 2011-08-17 18:57 . 2011-08-18 17:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-17 18:53 . 2011-08-17 18:58 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Google 2011-08-17 18:53 . 2011-08-17 18:56 -------- d-----w- c:\program files\Google 2011-08-17 18:37 . 2011-08-17 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater 2011-08-17 18:37 . 2011-08-18 17:09 -------- d-----w- c:\program files\Autorun Eater 2011-08-17 18:22 . 2011-08-17 18:22 -------- d-----w- c:\program files\CCleaner 2011-08-17 18:12 . 2011-08-17 18:12 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Opera 2011-08-17 18:12 . 2011-08-17 18:12 -------- d-----w- c:\program files\Opera . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 10:43 . 2009-10-28 17:19 566784 ----a-w- c:\windows\~de74bc.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-04-02 4616192] "nwiz"="nwiz.exe" [2003-04-02 323584] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560] "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\kris\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] 2002-12-06 14:07 617984 ----a-w- c:\program files\ASUS\Probe\AsusProb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 22:56 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2003-05-05 06:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "Windows Defender"= c:\documents and settings\kris\Application Data\explorer.exe "Microsoft Defender"= c:\documents and settings\kris\Application Data\explorer.exe "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgam.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 17:27 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 4:48 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 4:48 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 4:49 297168] R2 aslm75;aslm75;c:\windows\system32\drivers\ASLM75.SYS [30.3.2008 16:25 6272] R2 Autodata Limited License Service;Autodata Limited License Service;c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [28.10.2009 19:17 72704] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520] R2 NVSvc;NVIDIA Driver Helper Service;c:\windows\system32\nvsvc32.exe [30.3.2008 16:32 69632] R3 aeaudio;aeaudio;c:\windows\system32\drivers\aeaudio.sys [30.3.2008 16:21 4816] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 22:42 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 22:42 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 22:42 27216] R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\fetnd5.sys [1.1.2002 16:51 27165] R3 smwdm;smwdm;c:\windows\system32\drivers\smwdm.sys [30.3.2008 16:21 578368] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.4.2011 17:39 7398752] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [17.8.2011 20:27 947528] S3 BthEnum;Bluetooth Request Block Driver;c:\windows\system32\drivers\BthEnum.sys [1.1.2002 1:01 17024] S3 BthPan;Bluetooth Device (Personal Area Network);c:\windows\system32\drivers\bthpan.sys [1.1.2002 1:01 100992] S3 BTHPORT;Bluetooth Port Driver;c:\windows\system32\drivers\bthport.sys [1.1.2002 1:01 274304] S3 BTHUSB;Bluetooth Radio USB Driver;c:\windows\system32\drivers\BTHUSB.SYS [1.1.2002 1:01 18944] S3 NMIndexingService;NMIndexingService;c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe [16.5.2007 9:27 271920] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);c:\windows\system32\drivers\rfcomm.sys [1.1.2002 1:01 59648] S4 BthServ;Bluetooth Support Service;c:\windows\system32\svchost.exe -k bthsvcs [4.8.2004 0:56 14336] . Contents of the 'Scheduled Tasks' folder . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 18:53] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 18:53] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll . - - - - ORPHANS REMOVED - - - - . HKU-Default-Run-Yahoo Messengger - c:\windows\system32\SCVHSOT.exe SSODL-UpdateCheck-{04A0434F-D4A1-47FF-856B-57929C2BF301} - (no file) . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-08-21 21:50 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-220523388-1177238915-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2011-08-21 21:52:50 ComboFix-quarantined-files.txt 2011-08-21 19:52 . Pre-Run: 2.893.393.920 bytes free Post-Run: 2.895.749.120 bytes free . - - End Of File - - 335FDB3EF02B127E0C099B18BB1648A2 mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

NIx Car Poslao: 22 Avg 2011 01:01 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav kikssi ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, moze unistiti operativni sistem ili pak obrisati sve padatke sa hard diska. Pokrece se iskljucivo uz predlog, nadleznost i detaljno uputstvo helpera koji je expert u toj oblasti i zna sta radi. Za ubuduce, ne pokreci ComboFix na svoju ruku!!! ---------------------------------------- U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Korak 1 Kako bi presla na sledeci korak zamolio bih te da uklonis AVG sa sistema (start-> control panel->add/remove programs, nadjes AVG na listi i kliknes change/remove). Posle deinstalacije AVG-a preuzmi alat koji ce obrisati ostatke AVG-a. Alat mozes skinuti sa sledece stranice: http://www.avg.com/ww-en/utilities i on nosi naziv AVG Remover(32bit) 2011(avg_remover_stf_x86_2011_1322.exe) ------------------------------------------------------------------------------------------------------- Korak 2 Obrisi taj ComboFix koji imas na Desktop-u i onda isprati sledeci postupak. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. NIx Car (AMF Tim)

Profil

kikssi Poslao: 22 Avg 2011 10:14 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Hvala vam puno. Uradila sam kako ste me uputili i evo izvestaja ComboFixa: ComboFix 11-08-22.02 - kris 22.08.2011 9:50.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.136 [GMT 2:00] Running from: c:\documents and settings\kris\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 ))))))))))))))))))))))))))))))) . . 2011-08-22 07:10 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2011-08-22 07:10 . 2011-08-22 07:33 -------- d--h--w- c:\windows\$hf_mig$ 2011-08-17 18:57 . 2011-08-18 17:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-17 18:53 . 2011-08-17 18:58 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Google 2011-08-17 18:53 . 2011-08-17 18:56 -------- d-----w- c:\program files\Google 2011-08-17 18:37 . 2011-08-17 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater 2011-08-17 18:37 . 2011-08-18 17:09 -------- d-----w- c:\program files\Autorun Eater 2011-08-17 18:22 . 2011-08-17 18:22 -------- d-----w- c:\program files\CCleaner 2011-08-17 18:12 . 2011-08-17 18:12 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Opera 2011-08-17 18:12 . 2011-08-17 18:12 -------- d-----w- c:\program files\Opera . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 10:43 . 2009-10-28 17:19 566784 ----a-w- c:\windows\~de74bc.tmp . . ((((((((((((((((((((((((((((( SnapShot@2011-08-21_19.50.48 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-22 07:10 . 2005-05-04 12:45 13536 c:\windows\system32\spmsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll + 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe + 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll + 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe - 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll - 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-04-02 4616192] "nwiz"="nwiz.exe" [2003-04-02 323584] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\kris\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] 2002-12-06 14:07 617984 ----a-w- c:\program files\ASUS\Probe\AsusProb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 22:56 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2003-05-05 06:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "Windows Defender"= c:\documents and settings\kris\Application Data\explorer.exe "Microsoft Defender"= c:\documents and settings\kris\Application Data\explorer.exe "c:\\Program Files\\Opera\\opera.exe"= . . Contents of the 'Scheduled Tasks' folder . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 18:53] . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 18:53] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-08-22 09:56 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-220523388-1177238915-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2092) c:\windows\system32\msi.dll . Completion time: 2011-08-22 09:58:04 ComboFix-quarantined-files.txt 2011-08-22 07:58 ComboFix2.txt 2011-08-21 19:52 . Pre-Run: 2.592.104.448 bytes free Post-Run: 2.582.155.264 bytes free . - - End Of File - - FD448B4E79CB77037EDC63DEC9CC95B8 mycity.rs/must-login.png Kristina

Profil

NIx Car Poslao: 22 Avg 2011 14:00 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\documents and settings\kris\Application Data\explorer.exe c:\windows\~de74bc.tmp Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "Microsoft Defender"=- "Windows Defender"=- RegNull:: [HKEY_USERS\S-1-5-21-220523388-1177238915-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

kikssi Poslao: 22 Avg 2011 15:21 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradila ComboFix 11-08-22.02 - kris 22.08.2011 Microsoft Windows XP Professional Running from: c:\documents and settings\kris Command switches used :: c:\documents . FILE :: "c:\documents and settings\kris\Application "c:\windows\~de74bc.tmp" . . ((((((((((((((((((((((((((((((((((((((( . . c:\windows\~de74bc.tmp . . ((((((((((((((((((((((((( Files Created . . 2011-08-22 11:24 . 2011-08-22 11:24 -------- 2011-08-22 11:22 . 2011-08-22 11:22 -------- 2011-08-22 07:31 . 2010-02-24 12:31 454016 - 2011-08-22 07:29 . 2010-02-16 13:17 2137088 2011-08-22 07:29 . 2010-02-16 13:19 2181376 2011-08-22 07:29 . 2010-02-16 12:39 2016768 2011-08-22 07:29 . 2010-02-16 12:39 2058368 2011-08-22 07:10 . 2008-07-09 07:38 26488 -- 2011-08-22 07:10 . 2011-08-22 11:32 -------- 2011-08-17 18:57 . 2011-08-18 17:13 404640 - 2011-08-17 18:53 . 2011-08-17 18:58 -------- 2011-08-17 18:53 . 2011-08-17 18:56 -------- 2011-08-17 18:37 . 2011-08-17 18:37 -------- 2011-08-17 18:37 . 2011-08-18 17:09 -------- 2011-08-17 18:22 . 2011-08-17 18:22 -------- 2011-08-17 18:12 . 2011-08-17 18:12 -------- 2011-08-17 18:12 . 2011-08-17 18:12 -------- . . . (((((((((((((((((((((((((((((((((((((((( . . . ((((((((((((((((((((((((((((( SnapShot@201 . + 2009-06-28 21:42 . 2009-06-28 21:42 91656 + 2004-08-03 22:56 . 2009-06-25 08:44 59392 + 2011-08-22 07:26 . 2010-04-21 13:28 46080 + 2004-08-03 22:56 . 2009-06-12 11:50 80896 + 2004-08-03 22:56 . 2009-06-12 11:50 76288 + 2011-08-22 07:10 . 2009-05-26 11:40 17272 + 2004-08-03 22:56 . 2009-06-25 08:44 56320 + 2001-08-23 10:00 . 2009-02-06 16:54 35328 + 2004-08-03 22:56 . 2009-10-12 13:54 69632 - 2004-08-03 22:56 . 2004-08-03 22:56 69632 + 2004-08-03 22:56 . 2010-04-16 15:36 39424 - 2004-08-03 22:56 . 2004-08-03 22:56 39424 + 2001-08-23 10:00 . 2011-08-22 11:39 40836 - 2001-08-23 10:00 . 2011-03-30 22:37 40836 + 2008-03-30 14:04 . 2008-06-12 14:16 91648 + 2004-08-03 22:56 . 2008-06-12 14:16 66560 - 2004-08-03 22:56 . 2004-08-03 22:56 66560 + 2004-08-04 00:56 . 2009-11-27 17:33 17920 + 2001-08-23 10:00 . 2009-11-27 16:37 28672 + 2004-08-03 22:56 . 2009-11-27 16:37 11264 - 2004-08-03 22:56 . 2004-08-03 22:56 11264 + 2004-08-03 22:56 . 2005-05-04 12:45 15360 + 2004-08-03 22:56 . 2005-05-04 12:45 78848 - 2008-03-30 14:04 . 2004-08-03 22:56 58880 + 2008-03-30 14:04 . 2008-06-12 14:16 58880 + 2004-08-03 22:56 . 2008-06-24 16:23 74240 + 2004-08-03 22:56 . 2009-09-04 20:45 58880 - 2004-08-03 22:56 . 2004-08-03 22:56 48640 + 2004-08-03 22:56 . 2009-06-25 18:36 48640 - 2004-08-03 22:56 . 2004-08-03 22:56 95744 + 2004-08-03 22:56 . 2009-06-25 18:36 95744 - 2004-08-03 22:56 . 2004-08-03 22:56 16896 + 2004-08-03 22:56 . 2009-06-25 18:36 16896 + 2004-08-03 22:56 . 2009-06-25 18:36 47104 - 2004-08-03 22:56 . 2004-08-03 22:56 47104 - 2004-08-03 22:56 . 2004-08-03 22:56 19968 + 2004-08-03 22:56 . 2009-06-22 11:49 19968 + 2006-01-03 23:14 . 2006-01-03 23:14 20480 + 2006-01-21 14:01 . 2006-01-21 14:01 25088 + 2004-08-03 22:56 . 2008-06-10 07:17 96768 - 2004-08-03 22:56 . 2004-08-10 23:45 96768 + 2004-08-03 22:56 . 2010-04-16 15:36 16384 + 2004-08-04 00:56 . 2009-11-27 16:37 48128 - 2004-08-03 22:56 . 2004-08-03 22:56 96256 + 2004-08-03 22:56 . 2010-04-16 15:36 96256 + 2004-08-03 22:56 . 2010-04-16 15:36 81920 - 2004-08-03 22:56 . 2004-08-03 22:56 81920 + 2001-08-23 10:00 . 2009-10-15 17:21 82432 + 2004-08-03 22:56 . 2010-04-16 15:36 55808 - 2004-08-03 22:56 . 2004-08-03 22:56 55808 + 2004-08-03 20:58 . 2009-06-22 11:48 91776 + 2004-08-03 20:59 . 2009-06-22 11:34 92544 + 2004-08-03 22:56 . 2009-06-25 08:44 59392 + 2004-08-03 22:56 . 2009-06-12 11:50 80896 + 2004-08-03 22:56 . 2009-06-12 11:50 76288 + 2004-08-03 22:56 . 2009-06-25 08:44 56320 + 2001-08-23 10:00 . 2009-02-06 16:54 35328 - 2004-08-03 22:56 . 2004-08-03 22:56 69632 + 2004-08-03 22:56 . 2009-10-12 13:54 69632 + 2004-08-03 22:56 . 2010-04-16 15:36 39424 - 2004-08-03 22:56 . 2004-08-03 22:56 39424 + 2008-03-30 14:04 . 2008-06-12 14:16 91648 - 2004-08-03 22:56 . 2004-08-03 22:56 66560 + 2004-08-03 22:56 . 2008-06-12 14:16 66560 + 2009-11-27 17:33 . 2009-11-27 17:33 17920 + 2001-08-23 10:00 . 2009-11-27 16:37 28672 + 2004-08-03 22:56 . 2009-11-27 16:37 11264 - 2004-08-03 22:56 . 2004-08-03 22:56 11264 + 2004-08-03 22:56 . 2005-05-04 12:45 15360 + 2004-08-03 22:56 . 2005-05-04 12:45 78848 - 2008-03-30 14:04 . 2004-08-03 22:56 58880 + 2008-03-30 14:04 . 2008-06-12 14:16 58880 + 2004-08-03 22:56 . 2008-06-24 16:23 74240 + 2004-08-03 22:56 . 2009-09-04 20:45 58880 + 2004-08-03 22:56 . 2009-06-25 18:36 48640 - 2004-08-03 22:56 . 2004-08-03 22:56 48640 - 2004-08-03 22:56 . 2004-08-03 22:56 95744 + 2004-08-03 22:56 . 2009-06-25 18:36 95744 + 2004-08-03 22:56 . 2009-06-25 18:36 16896 - 2004-08-03 22:56 . 2004-08-03 22:56 16896 - 2004-08-03 22:56 . 2004-08-03 22:56 47104 + 2004-08-03 22:56 . 2009-06-25 18:36 47104 + 2004-08-03 22:56 . 2009-06-22 11:49 19968 - 2004-08-03 22:56 . 2004-08-03 22:56 19968 + 2004-08-03 20:58 . 2009-06-22 11:48 91776 - 2004-08-03 22:56 . 2004-08-10 23:45 96768 + 2004-08-03 22:56 . 2008-06-10 07:17 96768 + 2004-08-03 20:59 . 2009-06-22 11:34 92544 + 2004-08-03 22:56 . 2010-04-16 15:36 16384 + 2009-11-27 16:37 . 2009-11-27 16:37 48128 + 2004-08-03 22:56 . 2010-04-16 15:36 96256 - 2004-08-03 22:56 . 2004-08-03 22:56 96256 + 2004-08-03 22:56 . 2010-04-16 15:36 81920 - 2004-08-03 22:56 . 2004-08-03 22:56 81920 + 2008-03-30 14:06 . 2010-04-16 13:36 18432 - 2008-03-30 14:06 . 2004-08-03 22:56 18432 + 2001-08-23 10:00 . 2009-10-15 17:21 82432 + 2004-08-03 22:56 . 2010-04-16 15:36 55808 - 2004-08-03 22:56 . 2004-08-03 22:56 55808 + 2004-08-03 22:56 . 2009-12-14 07:35 33280 + 2008-03-30 14:04 . 2005-07-26 04:39 60416 + 2004-08-03 22:56 . 2010-01-13 14:10 85504 + 2004-08-03 22:56 . 2009-11-27 16:37 84992 - 2004-08-03 22:56 . 2004-08-03 22:56 84992 + 2004-08-03 22:56 . 2009-07-17 18:55 58880 - 2004-08-03 22:56 . 2004-08-03 22:56 58880 + 2004-08-03 22:56 . 2010-03-05 14:57 65536 + 2004-08-03 22:56 . 2009-12-14 07:35 33280 + 2008-03-30 14:04 . 2005-07-26 04:39 60416 + 2004-08-03 22:56 . 2010-01-13 14:10 85504 - 2004-08-03 22:56 . 2004-08-03 22:56 84992 + 2004-08-03 22:56 . 2009-11-27 16:37 84992 - 2004-08-03 22:56 . 2004-08-03 22:56 58880 + 2004-08-03 22:56 . 2009-07-17 18:55 58880 + 2004-08-03 22:56 . 2010-03-05 14:57 65536 + 2011-08-22 11:22 . 2011-08-22 11:22 32768 + 2011-08-22 11:22 . 2011-08-22 11:22 32768 + 2009-11-27 17:33 . 2009-11-27 17:33 17920 + 2009-11-27 16:37 . 2009-11-27 16:37 48128 + 2001-08-17 22:36 . 2009-11-27 16:37 8704 + 2004-08-03 22:56 . 2009-06-22 11:49 4608 - 2004-08-03 22:56 . 2004-08-03 22:56 4608 + 2009-11-27 16:37 . 2009-11-27 16:37 8704 + 2004-08-03 22:56 . 2009-06-22 11:49 4608 - 2004-08-03 22:56 . 2004-08-03 22:56 4608 + 2009-11-27 16:37 . 2009-11-27 16:37 8704 + 2011-08-22 07:18 . 2010-04-16 13:21 352768 + 2004-08-03 22:56 . 2009-04-09 23:01 530280 + 2004-08-03 22:56 . 2009-07-13 08:08 286720 + 2004-08-03 22:56 . 2007-10-27 15:40 227328 + 2004-08-03 22:56 . 2009-06-10 06:32 132096 - 2004-08-03 22:56 . 2004-08-03 22:56 132096 + 2004-08-03 22:56 . 2009-12-24 07:05 177664 + 2004-08-03 22:56 . 2010-04-16 15:36 662016 + 2004-08-03 22:56 . 2008-12-16 12:47 351232 - 2004-08-03 22:56 . 2004-08-03 22:56 351232 + 2008-03-30 14:04 . 2009-02-06 16:39 227840 + 2008-03-30 14:04 . 2009-02-09 10:20 453120 + 2008-03-30 14:04 . 2009-02-09 10:20 473088 - 2004-08-03 22:56 . 2004-08-03 22:56 417792 + 2004-08-03 22:56 . 2010-03-10 08:02 417792 + 2004-08-03 22:56 . 2010-04-16 15:36 624640 + 2004-08-03 22:56 . 2009-10-15 20:51 119808 + 2004-08-03 22:56 . 2009-08-26 08:16 247326 + 2004-08-03 22:56 . 2010-04-16 15:36 474112 + 2004-08-03 22:56 . 2009-06-25 18:36 169472 + 2004-08-03 22:56 . 2009-02-06 17:14 110592 + 2004-08-03 22:56 . 2009-06-25 08:44 168448 + 2004-08-03 22:56 . 2009-02-09 10:20 399360 + 2004-08-03 22:56 . 2009-04-15 15:11 584192 + 2004-08-03 22:56 . 2009-10-12 13:54 112128 - 2004-08-03 22:56 . 2004-08-03 22:56 112128 - 2001-08-23 10:00 . 2011-03-30 22:37 314508 + 2001-08-23 10:00 . 2011-08-22 11:39 314508 + 2004-08-03 22:56 . 2009-03-06 14:44 283648 - 2004-08-03 22:56 . 2004-08-03 22:56 283648 + 2004-08-03 22:56 . 2009-10-13 10:53 266752 - 2004-08-03 22:56 . 2004-08-03 22:56 266752 + 2004-08-03 22:56 . 2009-02-09 10:20 714752 + 2004-08-03 22:56 . 2008-10-15 16:57 332800 - 2004-08-03 22:56 . 2004-08-03 22:56 245248 + 2004-08-03 22:56 . 2008-06-20 17:41 245248 + 2004-08-03 22:56 . 2009-08-05 09:11 204800 + 2004-08-03 22:56 . 2009-09-11 14:33 133632 + 2008-03-30 14:04 . 2009-06-05 07:42 655872 + 2004-08-03 22:56 . 2010-04-16 15:36 532480 + 2004-08-03 22:56 . 2010-04-16 15:36 146432 - 2004-08-03 22:56 . 2004-08-03 22:56 146432 - 2008-03-30 14:04 . 2004-08-03 22:56 343040 + 2008-03-30 14:04 . 2009-12-16 12:58 343040 - 2004-08-03 22:56 . 2004-08-03 22:56 884736 + 2004-08-03 22:56 . 2005-05-04 12:45 884736 + 2004-08-03 22:56 . 2005-05-04 12:45 271360 + 2004-08-03 22:56 . 2010-04-16 15:36 449024 + 2008-03-30 14:04 . 2008-06-12 14:16 161792 + 2008-03-30 14:04 . 2008-06-12 14:16 956928 + 2008-03-30 14:04 . 2008-06-12 14:16 428032 + 2004-08-03 22:56 . 2009-06-25 18:36 471552 - 2004-08-03 22:56 . 2004-08-03 22:56 471552 + 2004-08-03 22:56 . 2009-06-25 18:36 186880 - 2004-08-03 22:56 . 2004-08-03 22:56 186880 + 2004-08-03 22:56 . 2009-06-22 11:49 117248 - 2004-08-03 22:56 . 2004-08-03 22:56 117248 + 2004-08-03 22:56 . 2009-06-25 18:36 517120 + 2004-08-03 22:56 . 2009-06-25 18:36 123392 - 2004-08-03 22:56 . 2004-08-03 22:56 123392 + 2004-08-03 22:56 . 2009-06-25 18:36 177152 - 2004-08-03 22:56 . 2004-08-03 22:56 177152 + 2004-08-03 22:56 . 2009-06-25 18:36 661504 - 2004-08-03 22:56 . 2004-08-03 22:56 225280 + 2004-08-03 22:56 . 2009-06-25 18:36 225280 - 2004-08-03 22:56 . 2004-08-03 22:56 138240 + 2004-08-03 22:56 . 2009-06-25 18:36 138240 + 2004-08-03 22:56 . 2009-06-25 08:44 724480 + 2004-08-03 22:56 . 2009-05-07 15:44 344064 + 2004-08-03 22:56 . 2009-03-21 14:18 986112 + 2004-08-03 22:56 . 2009-06-25 08:44 298496 - 2004-08-03 22:56 . 2004-08-03 22:56 450560 + 2004-08-03 22:56 . 2009-08-21 09:46 450560 + 2008-03-30 14:06 . 2010-01-29 15:08 683520 + 2004-08-03 22:56 . 2010-04-16 15:36 251392 + 2004-08-03 22:56 . 2008-10-23 13:01 283648 - 2002-01-01 14:48 . 2009-11-23 11:15 240736 + 2002-01-01 14:48 . 2011-08-22 11:34 240736 + 2004-08-03 22:56 . 2008-07-07 20:32 253952 + 2004-08-03 22:56 . 2010-04-16 15:36 205312 + 2004-08-03 22:56 . 2010-04-16 15:36 357888 - 2004-08-03 22:56 . 2004-08-03 22:56 357888 + 2004-08-03 21:07 . 2010-02-11 12:01 226880 + 2004-08-03 21:14 . 2008-06-20 10:45 360320 + 2004-08-03 21:14 . 2009-12-31 16:14 352640 + 2001-08-23 10:00 . 2008-05-08 12:28 202752 + 2004-08-03 21:15 . 2010-02-24 12:31 454016 + 2001-12-31 23:01 . 2008-06-13 13:10 272128 + 2004-08-03 21:14 . 2008-08-14 09:51 138368 + 2004-08-03 22:56 . 2008-06-20 17:41 148992 + 2008-03-30 14:04 . 2008-04-21 10:02 215552 + 2004-08-03 22:56 . 2009-04-09 23:01 530280 + 2004-08-03 22:56 . 2009-07-13 08:08 286720 + 2008-03-30 14:04 . 2009-02-06 16:39 227840 + 2008-03-30 14:04 . 2009-02-09 10:20 453120 + 2004-08-03 22:56 . 2007-10-27 15:40 227328 + 2004-08-03 22:56 . 2009-06-10 06:32 132096 - 2004-08-03 22:56 . 2004-08-03 22:56 132096 + 2004-08-03 22:56 . 2009-12-24 07:05 177664 + 2004-08-03 22:56 . 2010-04-16 15:36 662016 + 2004-08-03 22:56 . 2008-12-16 12:47 351232 - 2004-08-03 22:56 . 2004-08-03 22:56 351232 + 2004-08-03 22:56 . 2010-03-10 08:02 417792 - 2004-08-03 22:56 . 2004-08-03 22:56 417792 + 2004-08-03 22:56 . 2010-04-16 15:36 624640 + 2008-03-30 14:06 . 2009-06-21 22:04 153088 - 2008-03-30 14:06 . 2004-08-03 22:56 153088 + 2004-08-03 21:07 . 2010-02-11 12:01 226880 + 2004-08-03 21:14 . 2008-06-20 10:45 360320 + 2004-08-03 22:56 . 2009-10-15 20:51 119808 + 2004-08-03 22:56 . 2009-08-26 08:16 247326 + 2004-08-03 21:14 . 2009-12-31 16:14 352640 + 2004-08-03 22:56 . 2010-04-16 15:36 474112 + 2004-08-03 22:56 . 2009-02-06 17:14 110592 + 2004-08-03 22:56 . 2009-06-25 08:44 168448 + 2004-08-03 22:56 . 2009-02-09 10:20 399360 + 2004-08-03 22:56 . 2009-04-15 15:11 584192 + 2001-08-23 10:00 . 2008-05-08 12:28 202752 + 2004-08-03 22:56 . 2009-10-12 13:54 112128 - 2004-08-03 22:56 . 2004-08-03 22:56 112128 + 2004-08-03 22:56 . 2009-03-06 14:44 283648 - 2004-08-03 22:56 . 2004-08-03 22:56 283648 + 2004-08-03 22:56 . 2009-10-13 10:53 266752 - 2004-08-03 22:56 . 2004-08-03 22:56 266752 + 2004-08-03 22:56 . 2009-02-09 10:20 714752 + 2004-08-03 22:56 . 2008-10-15 16:57 332800 + 2004-08-03 22:56 . 2008-06-20 17:41 245248 - 2004-08-03 22:56 . 2004-08-03 22:56 245248 + 2004-08-03 22:56 . 2009-08-05 09:11 204800 + 2004-08-03 22:56 . 2009-09-11 14:33 133632 + 2008-03-30 14:04 . 2009-06-05 07:42 655872 + 2004-08-03 22:56 . 2010-04-16 15:36 532480 + 2004-08-03 22:56 . 2010-04-16 15:36 146432 - 2004-08-03 22:56 . 2004-08-03 22:56 146432 - 2008-03-30 14:04 . 2004-08-03 22:56 343040 + 2008-03-30 14:04 . 2009-12-16 12:58 343040 + 2004-08-03 22:56 . 2009-06-25 18:36 169472 + 2004-08-03 22:56 . 2005-05-04 12:45 884736 - 2004-08-03 22:56 . 2004-08-03 22:56 884736 + 2004-08-03 22:56 . 2005-05-04 12:45 271360 + 2004-08-03 22:56 . 2010-04-16 15:36 449024 + 2008-03-30 14:04 . 2008-06-12 14:16 161792 + 2008-03-30 14:04 . 2008-06-12 14:16 956928 + 2008-03-30 14:04 . 2008-06-12 14:16 428032 + 2008-03-30 14:06 . 2008-05-01 14:30 331776 - 2008-03-30 14:06 . 2004-08-03 22:56 331776 + 2004-08-03 22:56 . 2009-06-25 18:36 471552 - 2004-08-03 22:56 . 2004-08-03 22:56 471552 + 2004-08-03 22:56 . 2009-06-25 18:36 186880 - 2004-08-03 22:56 . 2004-08-03 22:56 186880 - 2004-08-03 22:56 . 2004-08-03 22:56 117248 + 2004-08-03 22:56 . 2009-06-22 11:49 117248 + 2004-08-03 22:56 . 2009-06-25 18:36 517120 + 2004-08-03 22:56 . 2009-06-25 18:36 123392 - 2004-08-03 22:56 . 2004-08-03 22:56 123392 + 2004-08-03 22:56 . 2009-06-25 18:36 177152 - 2004-08-03 22:56 . 2004-08-03 22:56 177152 + 2004-08-03 22:56 . 2009-06-25 18:36 661504 + 2004-08-03 22:56 . 2009-06-25 18:36 225280 - 2004-08-03 22:56 . 2004-08-03 22:56 225280 - 2004-08-03 22:56 . 2004-08-03 22:56 138240 + 2004-08-03 22:56 . 2009-06-25 18:36 138240 + 2004-08-03 22:56 . 2009-06-25 08:44 724480 + 2004-08-03 22:56 . 2009-05-07 15:44 344064 + 2004-08-03 22:56 . 2009-03-21 14:18 986112 + 2004-08-03 22:56 . 2009-06-25 08:44 298496 + 2004-08-03 22:56 . 2009-08-21 09:46 450560 - 2004-08-03 22:56 . 2004-08-03 22:56 450560 + 2008-03-30 14:06 . 2010-01-29 15:08 683520 + 2004-08-03 22:56 . 2010-04-16 15:36 251392 + 2008-03-30 14:06 . 2010-06-14 14:30 743936 - 2008-03-30 14:06 . 2004-08-03 22:56 743936 + 2004-08-03 22:56 . 2008-10-23 13:01 283648 + 2008-03-30 14:04 . 2009-02-09 10:20 473088 + 2004-08-03 22:56 . 2008-07-07 20:32 253952 + 2004-08-03 22:56 . 2010-04-16 15:36 205312 - 2004-08-03 22:56 . 2004-08-03 22:56 357888 + 2004-08-03 22:56 . 2010-04-16 15:36 357888 + 2004-08-03 22:56 . 2008-06-20 17:41 148992 + 2004-08-03 22:56 . 2010-04-16 15:36 151040 + 2001-12-31 23:01 . 2008-06-13 13:10 272128 - 2004-08-03 22:56 . 2004-08-03 22:56 285696 + 2004-08-03 22:56 . 2010-04-20 05:51 285696 + 2004-08-03 21:14 . 2008-08-14 09:51 138368 - 2004-08-03 22:56 . 2004-08-03 22:56 616960 + 2004-08-03 22:56 . 2009-02-09 10:20 616960 + 2004-08-03 22:56 . 2009-11-21 16:36 470528 + 2004-08-03 22:56 . 2010-02-12 04:47 100864 + 2004-08-03 22:56 . 2010-04-16 15:36 151040 - 2004-08-03 22:56 . 2004-08-03 22:56 285696 + 2004-08-03 22:56 . 2010-04-20 05:51 285696 + 2004-08-03 22:56 . 2009-02-09 10:20 616960 - 2004-08-03 22:56 . 2004-08-03 22:56 616960 + 2004-08-03 22:56 . 2010-02-12 04:47 100864 + 2008-03-30 14:06 . 2010-06-14 14:30 743936 - 2008-03-30 14:06 . 2004-08-03 22:56 743936 + 2011-08-22 11:22 . 2011-08-22 11:22 432640 + 2011-08-22 11:22 . 2011-08-22 11:22 429568 + 2011-08-22 07:31 . 2010-02-24 12:31 454016 + 2011-08-22 07:32 . 2008-06-13 13:10 272128 + 2004-08-03 22:56 . 2009-11-21 16:36 470528 + 2011-08-22 07:31 . 2009-08-13 13:55 1748992 + 2009-07-20 22:03 . 2009-07-20 22:03 1348432 + 2008-09-30 14:42 . 2008-09-30 14:42 1286152 + 2004-08-03 22:57 . 2010-04-03 01:33 2365288 + 2004-08-03 22:56 . 2009-07-13 08:08 5537792 + 2004-08-03 22:56 . 2008-06-10 09:37 1026048 + 2004-08-03 21:17 . 2010-05-02 05:56 1850880 + 2004-08-03 22:56 . 2008-07-03 13:16 8454656 + 2004-08-03 22:56 . 2010-04-16 15:36 1506304 - 2004-08-03 22:56 . 2004-08-03 22:56 1435648 + 2004-08-03 22:56 . 2009-07-17 16:27 1435648 + 2004-08-03 22:56 . 2010-02-05 18:40 1291264 + 2004-08-03 21:20 . 2010-02-16 13:19 2181376 + 2004-08-03 22:59 . 2010-02-16 12:39 2058368 + 2009-07-20 22:05 . 2009-07-20 22:05 1348432 + 2004-08-03 22:56 . 2009-07-31 04:57 1172480 + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 + 2004-08-03 22:56 . 2010-04-16 15:36 3065344 + 2004-08-03 22:57 . 2010-04-03 01:33 2365288 + 2004-08-03 22:56 . 2009-07-13 08:08 5537792 + 2004-08-03 22:56 . 2008-06-10 09:37 1026048 + 2004-08-03 21:17 . 2010-05-02 05:56 1850880 + 2004-08-03 22:56 . 2008-07-03 13:16 8454656 + 2004-08-03 22:56 . 2010-04-16 15:36 1506304 + 2004-08-03 22:56 . 2009-07-17 16:27 1435648 - 2004-08-03 22:56 . 2004-08-03 22:56 1435648 + 2004-08-03 22:56 . 2010-02-05 18:40 1291264 + 2004-08-03 22:56 . 2009-07-31 04:57 1172480 + 2008-03-30 14:06 . 2010-01-29 15:08 1315840 + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 + 2004-08-03 22:56 . 2010-04-16 15:36 3065344 - 2008-03-30 14:07 . 2004-08-03 22:56 3555328 + 2008-03-30 14:07 . 2009-10-23 14:27 3555328 + 2004-08-03 22:56 . 2010-04-16 15:36 1054208 + 2004-08-03 22:56 . 2010-04-16 15:36 1023488 + 2004-08-03 22:56 . 2010-04-16 15:36 1054208 + 2004-08-03 22:56 . 2010-04-16 15:36 1023488 + 2011-08-22 07:29 . 2010-02-16 13:19 2181376 + 2011-08-22 07:29 . 2010-02-16 12:39 2016768 + 2011-08-22 07:29 . 2010-02-16 12:39 2058368 + 2011-08-22 07:29 . 2010-02-16 13:17 2137088 . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( . . Note empty entries & legit default REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo "NvCplDaemon"="c:\windows\sys "nwiz"="nwiz.exe" "ASUS Probe"="c:\program "Autorun Eater"="c:\program . [HKEY_USERS\.DEFAULT\Software\Microsoft\Wind "CTFMON.EXE"="c:\windows\syst . c:\documents and settings\kris\Start Adobe Gamma.lnk - c:\program files\Common . [HKLM\~\startupfolder\C:^Documents path=c:\documents and settings\All backup=c:\windows\pss\BlueSoleil.lnkCommon . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2002-12-06 14:07 617984 ----a-w- c:\program . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2007-05-16 07:27 153136 ----a-w- c:\program . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2004-08-03 22:56 110592 ----a-w- c:\windows\ . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2007-03-01 13:57 153136 ----a-w- c:\program . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2004-11-02 18:24 32768 ----a-w- c:\program . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2003-05-05 06:57 143360 ----a-w- c:\program . [HKEY_LOCAL_MACHINE\software\microsoft\shared 2006-06-21 17:14 35328 ----a-w- c:\program . [HKLM\~\services\sharedaccess\parameters\fir "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\Bl "c:\\Program Files\\Opera\\opera.exe&qu . . Contents of the 'Scheduled Tasks' folder . 2011-08-22 c:\windows\Tasks\GoogleUpdateTask - c:\program files\Google\Update\GoogleUpdate.exe . 2011-08-22 c:\windows\Tasks\GoogleUpdateTask - c:\program files\Google\Update\GoogleUpdate.exe . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684 . . ****************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth Rootkit scan 2011-08-22 15:20 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . **************************************** . --------------------- LOCKED REGISTRY . [HKEY_USERS\S-1-5-21-220523388-1177238915-83 @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2011-08-22 15:22:38 ComboFix-quarantined-files.txt 2011-08-22 ComboFix2.txt 2011-08-22 07:58 ComboFix3.txt 2011-08-21 19:52 . Pre-Run: 1.586.786.304 bytes free Post-Run: 1.566.199.808 bytes free . - - End Of File - - D06CC7C56017F1E672D5439E sam sve to, evo rezultata: 15:15:08.4.1 - x86 5.1.2600.2.1252.1.1033.18.512.220 [GMT 2:00] \Desktop\ComboFix.exe and settings\kris\Desktop\CFScript.txt Data\explorer.exe" Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) from 2011-07-22 to 2011-08-22 ))))))))))))))))))))))))))))))) d-----w- c:\windows\ServicePackFiles d-----w- c:\program files\MSXML 4.0 c----w- c:\windows\system32\dllcache\mrxsmb.sys -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe -c----w- c:\windows\system32\dllcache\ntoskrnl.exe -c----w- c:\windows\system32\dllcache\ntkrpamp.exe -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe --a-w- c:\windows\system32\spupdsvc.exe d--h--w- c:\windows\$hf_mig$ ---a-w- c:\windows\system32\FlashPlayerCPLApp.cpl d-----w- c:\documents and settings\kris\Local Settings\Application Data\Google d-----w- c:\program files\Google d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater d-----w- c:\program files\Autorun Eater d-----w- c:\program files\CCleaner d-----w- c:\documents and settings\kris\Local Settings\Application Data\Opera d-----w- c:\program files\Opera Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 1-08-21_19.50.48 ))))))))))))))))))))))))))))))))))))))))) c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll c:\windows\system32\wdigest.dll c:\windows\system32\tzchange.exe c:\windows\system32\tlntsess.exe c:\windows\system32\telnet.exe c:\windows\system32\spmsg.dll c:\windows\system32\secur32.dll c:\windows\system32\sc.exe c:\windows\system32\raschap.dll c:\windows\system32\raschap.dll c:\windows\system32\pngfilt.dll c:\windows\system32\pngfilt.dll c:\windows\system32\perfc009.dat c:\windows\system32\perfc009.dat c:\windows\system32\mtxoci.dll c:\windows\system32\mtxclu.dll c:\windows\system32\mtxclu.dll c:\windows\system32\msyuv.dll c:\windows\system32\msvidc32.dll c:\windows\system32\msrle32.dll c:\windows\system32\msrle32.dll c:\windows\system32\msisip.dll c:\windows\system32\msiexec.exe c:\windows\system32\msdtclog.dll c:\windows\system32\msdtclog.dll c:\windows\system32\mscms.dll c:\windows\system32\msasn1.dll c:\windows\system32\mqupgrd.dll c:\windows\system32\mqupgrd.dll c:\windows\system32\mqsec.dll c:\windows\system32\mqsec.dll c:\windows\system32\mqise.dll c:\windows\system32\mqise.dll c:\windows\system32\mqdscli.dll c:\windows\system32\mqdscli.dll c:\windows\system32\mqbkup.exe c:\windows\system32\mqbkup.exe c:\windows\system32\Macromed\Flash\UninstFl.exe c:\windows\system32\Macromed\Flash\genuinst.exe c:\windows\system32\logagent.exe c:\windows\system32\logagent.exe c:\windows\system32\jsproxy.dll c:\windows\system32\iyuv_32.dll c:\windows\system32\inseng.dll c:\windows\system32\inseng.dll c:\windows\system32\ieencode.dll c:\windows\system32\ieencode.dll c:\windows\system32\fontsub.dll c:\windows\system32\extmgr.dll c:\windows\system32\extmgr.dll c:\windows\system32\drivers\mqac.sys c:\windows\system32\drivers\ksecdd.sys c:\windows\system32\dllcache\wdigest.dll c:\windows\system32\dllcache\tlntsess.exe c:\windows\system32\dllcache\telnet.exe c:\windows\system32\dllcache\secur32.dll c:\windows\system32\dllcache\sc.exe c:\windows\system32\dllcache\raschap.dll c:\windows\system32\dllcache\raschap.dll c:\windows\system32\dllcache\pngfilt.dll c:\windows\system32\dllcache\pngfilt.dll c:\windows\system32\dllcache\mtxoci.dll c:\windows\system32\dllcache\mtxclu.dll c:\windows\system32\dllcache\mtxclu.dll c:\windows\system32\dllcache\msyuv.dll c:\windows\system32\dllcache\msvidc32.dll c:\windows\system32\dllcache\msrle32.dll c:\windows\system32\dllcache\msrle32.dll c:\windows\system32\dllcache\msisip.dll c:\windows\system32\dllcache\msiexec.exe c:\windows\system32\dllcache\msdtclog.dll c:\windows\system32\dllcache\msdtclog.dll c:\windows\system32\dllcache\mscms.dll c:\windows\system32\dllcache\msasn1.dll c:\windows\system32\dllcache\mqupgrd.dll c:\windows\system32\dllcache\mqupgrd.dll c:\windows\system32\dllcache\mqsec.dll c:\windows\system32\dllcache\mqsec.dll c:\windows\system32\dllcache\mqise.dll c:\windows\system32\dllcache\mqise.dll c:\windows\system32\dllcache\mqdscli.dll c:\windows\system32\dllcache\mqdscli.dll c:\windows\system32\dllcache\mqbkup.exe c:\windows\system32\dllcache\mqbkup.exe c:\windows\system32\dllcache\mqac.sys c:\windows\system32\dllcache\logagent.exe c:\windows\system32\dllcache\logagent.exe c:\windows\system32\dllcache\ksecdd.sys c:\windows\system32\dllcache\jsproxy.dll c:\windows\system32\dllcache\iyuv_32.dll c:\windows\system32\dllcache\inseng.dll c:\windows\system32\dllcache\inseng.dll c:\windows\system32\dllcache\ieencode.dll c:\windows\system32\dllcache\ieencode.dll c:\windows\system32\dllcache\iedw.exe c:\windows\system32\dllcache\iedw.exe c:\windows\system32\dllcache\fontsub.dll c:\windows\system32\dllcache\extmgr.dll c:\windows\system32\dllcache\extmgr.dll c:\windows\system32\dllcache\csrsrv.dll c:\windows\system32\dllcache\colbact.dll c:\windows\system32\dllcache\cabview.dll c:\windows\system32\dllcache\avifil32.dll c:\windows\system32\dllcache\avifil32.dll c:\windows\system32\dllcache\atl.dll c:\windows\system32\dllcache\atl.dll c:\windows\system32\dllcache\asycfilt.dll c:\windows\system32\csrsrv.dll c:\windows\system32\colbact.dll c:\windows\system32\cabview.dll c:\windows\system32\avifil32.dll c:\windows\system32\avifil32.dll c:\windows\system32\atl.dll c:\windows\system32\atl.dll c:\windows\system32\asycfilt.dll c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe c:\windows\Driver Cache\i386\msyuv.dll c:\windows\Driver Cache\i386\iyuv_32.dll c:\windows\system32\tsbyuv.dll c:\windows\system32\mqsvc.exe c:\windows\system32\mqsvc.exe c:\windows\system32\dllcache\tsbyuv.dll c:\windows\system32\dllcache\mqsvc.exe c:\windows\system32\dllcache\mqsvc.exe c:\windows\Driver Cache\i386\tsbyuv.dll c:\windows\system32\xpsp3res.dll c:\windows\system32\wmspdmod.dll c:\windows\system32\wmpdxm.dll c:\windows\system32\wmasf.dll c:\windows\system32\wkssvc.dll c:\windows\system32\wkssvc.dll c:\windows\system32\wintrust.dll c:\windows\system32\wininet.dll c:\windows\system32\winhttp.dll c:\windows\system32\winhttp.dll c:\windows\system32\wbem\wmiprvse.exe c:\windows\system32\wbem\wmiprvsd.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\vbscript.dll c:\windows\system32\vbscript.dll c:\windows\system32\urlmon.dll c:\windows\system32\t2embed.dll c:\windows\system32\strmdll.dll c:\windows\system32\shlwapi.dll c:\windows\system32\Setup\msmqocm.dll c:\windows\system32\services.exe c:\windows\system32\schannel.dll c:\windows\system32\rpcss.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\rastls.dll c:\windows\system32\rastls.dll c:\windows\system32\perfh009.dat c:\windows\system32\perfh009.dat c:\windows\system32\pdh.dll c:\windows\system32\pdh.dll c:\windows\system32\oakley.dll c:\windows\system32\oakley.dll c:\windows\system32\ntdll.dll c:\windows\system32\netapi32.dll c:\windows\system32\mswsock.dll c:\windows\system32\mswsock.dll c:\windows\system32\mswebdvd.dll c:\windows\system32\msv1_0.dll c:\windows\system32\mstscax.dll c:\windows\system32\mstime.dll c:\windows\system32\msrating.dll c:\windows\system32\msrating.dll c:\windows\system32\mspaint.exe c:\windows\system32\mspaint.exe c:\windows\system32\msimsg.dll c:\windows\system32\msimsg.dll c:\windows\system32\msihnd.dll c:\windows\system32\mshtmled.dll c:\windows\system32\msdtcuiu.dll c:\windows\system32\msdtctm.dll c:\windows\system32\msdtcprx.dll c:\windows\system32\mqutil.dll c:\windows\system32\mqutil.dll c:\windows\system32\mqtrig.dll c:\windows\system32\mqtrig.dll c:\windows\system32\mqtgsvc.exe c:\windows\system32\mqtgsvc.exe c:\windows\system32\mqsnap.dll c:\windows\system32\mqrtdep.dll c:\windows\system32\mqrtdep.dll c:\windows\system32\mqrt.dll c:\windows\system32\mqrt.dll c:\windows\system32\mqqm.dll c:\windows\system32\mqoa.dll c:\windows\system32\mqoa.dll c:\windows\system32\mqad.dll c:\windows\system32\mqad.dll c:\windows\system32\lsasrv.dll c:\windows\system32\localspl.dll c:\windows\system32\kernel32.dll c:\windows\system32\kerberos.dll c:\windows\system32\jscript.dll c:\windows\system32\jscript.dll c:\windows\system32\inetcomm.dll c:\windows\system32\iepeers.dll c:\windows\system32\gdi32.dll c:\windows\system32\FNTCACHE.DAT c:\windows\system32\FNTCACHE.DAT c:\windows\system32\es.dll c:\windows\system32\dxtrans.dll c:\windows\system32\dxtmsft.dll c:\windows\system32\dxtmsft.dll c:\windows\system32\drivers\tcpip6.sys c:\windows\system32\drivers\tcpip.sys c:\windows\system32\drivers\srv.sys c:\windows\system32\drivers\rmcast.sys c:\windows\system32\drivers\mrxsmb.sys c:\windows\system32\drivers\bthport.sys c:\windows\system32\drivers\afd.sys c:\windows\system32\dnsapi.dll c:\windows\system32\dllcache\wordpad.exe c:\windows\system32\dllcache\wmspdmod.dll c:\windows\system32\dllcache\wmpdxm.dll c:\windows\system32\dllcache\wmiprvse.exe c:\windows\system32\dllcache\wmiprvsd.dll c:\windows\system32\dllcache\wmasf.dll c:\windows\system32\dllcache\wkssvc.dll c:\windows\system32\dllcache\wkssvc.dll c:\windows\system32\dllcache\wintrust.dll c:\windows\system32\dllcache\wininet.dll c:\windows\system32\dllcache\winhttp.dll c:\windows\system32\dllcache\winhttp.dll c:\windows\system32\dllcache\vbscript.dll c:\windows\system32\dllcache\vbscript.dll c:\windows\system32\dllcache\urlmon.dll c:\windows\system32\dllcache\triedit.dll c:\windows\system32\dllcache\triedit.dll c:\windows\system32\dllcache\tcpip6.sys c:\windows\system32\dllcache\tcpip.sys c:\windows\system32\dllcache\t2embed.dll c:\windows\system32\dllcache\strmdll.dll c:\windows\system32\dllcache\srv.sys c:\windows\system32\dllcache\shlwapi.dll c:\windows\system32\dllcache\services.exe c:\windows\system32\dllcache\schannel.dll c:\windows\system32\dllcache\rpcss.dll c:\windows\system32\dllcache\rpcrt4.dll c:\windows\system32\dllcache\rmcast.sys c:\windows\system32\dllcache\rastls.dll c:\windows\system32\dllcache\rastls.dll c:\windows\system32\dllcache\pdh.dll c:\windows\system32\dllcache\pdh.dll c:\windows\system32\dllcache\oakley.dll c:\windows\system32\dllcache\oakley.dll c:\windows\system32\dllcache\ntdll.dll c:\windows\system32\dllcache\netapi32.dll c:\windows\system32\dllcache\mswsock.dll c:\windows\system32\dllcache\mswsock.dll c:\windows\system32\dllcache\mswebdvd.dll c:\windows\system32\dllcache\msv1_0.dll c:\windows\system32\dllcache\mstscax.dll c:\windows\system32\dllcache\mstime.dll c:\windows\system32\dllcache\msrating.dll c:\windows\system32\dllcache\msrating.dll c:\windows\system32\dllcache\mspaint.exe c:\windows\system32\dllcache\mspaint.exe c:\windows\system32\dllcache\msmqocm.dll c:\windows\system32\dllcache\msimsg.dll c:\windows\system32\dllcache\msimsg.dll c:\windows\system32\dllcache\msihnd.dll c:\windows\system32\dllcache\mshtmled.dll c:\windows\system32\dllcache\msdtcuiu.dll c:\windows\system32\dllcache\msdtctm.dll c:\windows\system32\dllcache\msdtcprx.dll c:\windows\system32\dllcache\msadce.dll c:\windows\system32\dllcache\msadce.dll c:\windows\system32\dllcache\mqutil.dll c:\windows\system32\dllcache\mqutil.dll c:\windows\system32\dllcache\mqtrig.dll c:\windows\system32\dllcache\mqtrig.dll c:\windows\system32\dllcache\mqtgsvc.exe c:\windows\system32\dllcache\mqtgsvc.exe c:\windows\system32\dllcache\mqsnap.dll c:\windows\system32\dllcache\mqrtdep.dll c:\windows\system32\dllcache\mqrtdep.dll c:\windows\system32\dllcache\mqrt.dll c:\windows\system32\dllcache\mqrt.dll c:\windows\system32\dllcache\mqqm.dll c:\windows\system32\dllcache\mqoa.dll c:\windows\system32\dllcache\mqoa.dll c:\windows\system32\dllcache\mqad.dll c:\windows\system32\dllcache\mqad.dll c:\windows\system32\dllcache\lsasrv.dll c:\windows\system32\dllcache\localspl.dll c:\windows\system32\dllcache\kernel32.dll c:\windows\system32\dllcache\kerberos.dll c:\windows\system32\dllcache\jscript.dll c:\windows\system32\dllcache\jscript.dll c:\windows\system32\dllcache\inetcomm.dll c:\windows\system32\dllcache\iepeers.dll c:\windows\system32\dllcache\helpsvc.exe c:\windows\system32\dllcache\helpsvc.exe c:\windows\system32\dllcache\gdi32.dll c:\windows\system32\dllcache\fastprox.dll c:\windows\system32\dllcache\es.dll c:\windows\system32\dllcache\dxtrans.dll c:\windows\system32\dllcache\dxtmsft.dll c:\windows\system32\dllcache\dxtmsft.dll c:\windows\system32\dllcache\dnsapi.dll c:\windows\system32\dllcache\cdfview.dll c:\windows\system32\dllcache\bthport.sys c:\windows\system32\dllcache\atmfd.dll c:\windows\system32\dllcache\atmfd.dll c:\windows\system32\dllcache\afd.sys c:\windows\system32\dllcache\advapi32.dll c:\windows\system32\dllcache\advapi32.dll c:\windows\system32\dllcache\aclayers.dll c:\windows\system32\dllcache\6to4svc.dll c:\windows\system32\cdfview.dll c:\windows\system32\atmfd.dll c:\windows\system32\atmfd.dll c:\windows\system32\advapi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\6to4svc.dll c:\windows\pchealth\helpctr\binaries\helpsvc.exe c:\windows\pchealth\helpctr\binaries\HelpSvc.exe c:\windows\Installer\cbf6f7.msi c:\windows\Installer\cbf6ee.msi c:\windows\Driver Cache\i386\mrxsmb.sys c:\windows\Driver Cache\i386\bthport.sys c:\windows\AppPatch\aclayers.dll c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll c:\windows\system32\WMVCore.dll c:\windows\system32\wmp.dll c:\windows\system32\WMNetmgr.dll c:\windows\system32\win32k.sys c:\windows\system32\shell32.dll c:\windows\system32\shdocvw.dll c:\windows\system32\query.dll c:\windows\system32\query.dll c:\windows\system32\quartz.dll c:\windows\system32\ntoskrnl.exe c:\windows\system32\ntkrnlpa.exe c:\windows\system32\msxml4.dll c:\windows\system32\msxml3.dll c:\windows\system32\msi.dll c:\windows\system32\mshtml.dll c:\windows\system32\dllcache\WMVCore.dll c:\windows\system32\dllcache\wmp.dll c:\windows\system32\dllcache\WMNetmgr.dll c:\windows\system32\dllcache\win32k.sys c:\windows\system32\dllcache\shell32.dll c:\windows\system32\dllcache\shdocvw.dll c:\windows\system32\dllcache\query.dll c:\windows\system32\dllcache\query.dll c:\windows\system32\dllcache\quartz.dll c:\windows\system32\dllcache\msxml3.dll c:\windows\system32\dllcache\msoe.dll c:\windows\system32\dllcache\msi.dll c:\windows\system32\dllcache\mshtml.dll c:\windows\system32\dllcache\moviemk.exe c:\windows\system32\dllcache\moviemk.exe c:\windows\system32\dllcache\danim.dll c:\windows\system32\dllcache\browseui.dll c:\windows\system32\danim.dll c:\windows\system32\browseui.dll c:\windows\Driver Cache\i386\ntoskrnl.exe c:\windows\Driver Cache\i386\ntkrpamp.exe c:\windows\Driver Cache\i386\ntkrnlpa.exe c:\windows\Driver Cache\i386\ntkrnlmp.exe Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) entries are not shown ws\CurrentVersion\Run] tem32\NvCpl.dll" [2003-04-02 4616192] [2003-04-02 323584] files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216] ows\CurrentVersion\Run] em32\CTFMON.EXE" [2004-08-03 15360] Menu\Programs\Startup\ Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] Users\Start Menu\Programs\Startup\BlueSoleil.lnk Startup tools\msconfig\startupreg\ASUS Probe] files\ASUS\Probe\AsusProb.exe tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] files\Common Files\Ahead\Lib\NMBgMonitor.exe tools\msconfig\startupreg\BluetoothAuthenticationAgent] system32\bthprops.cpl tools\msconfig\startupreg\NeroFilterCheck] files\Common Files\Ahead\Lib\NeroCheck.exe tools\msconfig\startupreg\RemoteControl] files\CyberLink\PowerDVD\PDVDServ.exe tools\msconfig\startupreg\Smapp] files\Analog Devices\SoundMAX\SMTray.exe tools\msconfig\startupreg\WinampAgent] files\Winamp\winampa.exe ewallpolicy\standardprofile\AuthorizedApplications\List] ueSoleil\\BlueSoleil.exe"= ot;= MachineCore.job [2011-08-17 18:53] MachineUA.job [2011-08-17 18:53] - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 -4A55-86D4-E255E237B77C} - ************************** malware detector by Gmer, gmer.net **************************** KEYS --------------------- 9522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] 13:22 3CC14217

Profil

kikssi Poslao: 22 Avg 2011 19:28 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nakon što sam ovo odradila pojavljuje mi se sledeće na ekranu, kada uključim računar: Asus prob.exe/unable to locate Component The application has failed to start because bcbsmp35.bpl was not found. re/installing the application may fix this proble, a onda dugme ok. da li smem da obrišem Asus prob? Ne znam za sta služi, rekli ste da ništa ne brišem dok mi ne kažete. Pritisnem ok, prozor se izgubi, kada opet uključim računar pojavljuje se. Sada mi sporije radi računar nego juče. Plašim se da mi ne padne sistem. Da li mogu sada da instaliram AVG ili da čekam da sve završimo? računar mi je totalno nezaštićen. Pozdrav Kristina

Profil

NIx Car Poslao: 23 Avg 2011 00:30 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kristina, ASUS Probe mozes slobodno deinstalirati preko Add/Remove programs koji se nalazi u Control Panelu. ----------------------------------------------------------------------------------------------------------- Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). -------------------------------------------------------------------------------------- Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. --------------------------------------------------------------------------------------------- Kakvo je stanje racuanara? ---------------------------------------------------------------------------------------------- Na racunaru nemas nijedan antivirus instaliran. Ukoliko nemaš licencu za placeni (ne koristi krekovane antiviruse!), preporučujem instaliranje besplatnog antivirusa kao što su Avira,Avast,MSE, Panda Cloud ili neki drugi. ---------------------------------------------------------------------------------------------- - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

kikssi Poslao: 23 Avg 2011 09:45 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Avg 2011 2:55 ne mogu skinuti prvi program jer mi se kompjuter koči, internet neće da očitava strane, kada se gasi pise nesto sys driver 32 end now, pa neki prozor nesto eror, tako nekoliko puta dok se ne ugasi, kada ga resetujem uključuje mi se safe mod. to nikada nije tako, plasim se. nemam nikakav antivirusni sada od juče i verovatno je nesto naletelo sa facebooka gde je moj brat bio. posle sat vremena pokusaja da skinem program javlja se crveno dugme sa iksom i ne mogu da ga skinem tu, probala sam neki drugi sa liste skida ga, njega neće. MOLIM VAS POMOĆ Dopuna: 23 Avg 2011 3:17 SKINULA SAM GA. ODRADIO JE POSAO SADA MI JE NET BRŽI. EVO REZULTATA: Malwarebytes' Anti-Malware 1.51.1.1800 malwarebytes.org Database version: 7540 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 23.8.2011 3:21:15 mbam-log-2011-08-23 (03-21-15).txt Scan type: Quick scan Objects scanned: 147397 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 9 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 14 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 39 Memory Processes Infected: c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 592 -> Unloaded process successfully. c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 408 -> Unloaded process successfully. c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 1496 -> Unloaded process successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2116 -> Unloaded process successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> 496 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1256 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2708 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 656 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1388 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1049402.exe (Trojan.Agent) -> Value: 1049402.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5897141.exe (Trojan.Agent) -> Value: 5897141.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6370358.exe (Trojan.Agent) -> Value: 6370358.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9076842.exe (Trojan.Agent) -> Value: 9076842.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92740091-loader2.exe (Trojan.Agent) -> Value: 92740091-loader2.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4640688.exe (Trojan.Agent) -> Value: 4640688.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\kris\local settings\Temp\1049402.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\5897141.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\kris\local settings\Temp\6370358.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\9076842.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\92740091-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\383141.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\4514138.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\76847_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\temp\7963453.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\temp\9304069.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\temp\1579790.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\2037752.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\3597249.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\4640688.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\7719929.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\832361558.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. Dopuna: 23 Avg 2011 9:45 kikssi ::Napisano: 23 Avg 2011 2:55 ne mogu skinuti prvi program jer mi se kompjuter koči, internet neće da očitava strane, kada se gasi pise nesto sys driver 32 end now, pa neki prozor nesto eror, tako nekoliko puta dok se ne ugasi, kada ga resetujem uključuje mi se safe mod. to nikada nije tako, plasim se. nemam nikakav antivirusni sada od juče i verovatno je nesto naletelo sa facebooka gde je moj brat bio. posle sat vremena pokusaja da skinem program javlja se crveno dugme sa iksom i ne mogu da ga skinem tu, probala sam neki drugi sa liste skida ga, njega neće. MOLIM VAS POMOĆ Dopuna: 23 Avg 2011 3:17 SKINULA SAM GA. ODRADIO JE POSAO SADA MI JE NET BRŽI. EVO REZULTATA: Malwarebytes' Anti-Malware 1.51.1.1800 malwarebytes.org Database version: 7540 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 23.8.2011 3:21:15 mbam-log-2011-08-23 (03-21-15).txt Scan type: Quick scan Objects scanned: 147397 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 9 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 14 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 39 Memory Processes Infected: c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 592 -> Unloaded process successfully. c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 408 -> Unloaded process successfully. c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 1496 -> Unloaded process successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2116 -> Unloaded process successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> 496 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1256 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2708 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 656 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1388 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1049402.exe (Trojan.Agent) -> Value: 1049402.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5897141.exe (Trojan.Agent) -> Value: 5897141.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6370358.exe (Trojan.Agent) -> Value: 6370358.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9076842.exe (Trojan.Agent) -> Value: 9076842.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92740091-loader2.exe (Trojan.Agent) -> Value: 92740091-loader2.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4640688.exe (Trojan.Agent) -> Value: 4640688.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\kris\local settings\Temp\1049402.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\5897141.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\kris\local settings\Temp\6370358.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\9076842.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\92740091-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\383141.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\4514138.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\76847_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\temp\7963453.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\temp\9304069.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\temp\1579790.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\2037752.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\3597249.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\4640688.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\7719929.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\temp\832361558.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. da li smem opet da pokrenem Malwer? prijavio mi je nakon onog skeniranja trojan detectet, isla sam na carantined. hoće biti problema ako ga opet njime skeniram? da li mogu da instaliram antivirusni drugi a da ostane i Malwer instaliran? evo rezultata skeniranja usb-a: USBNoRisk 2.7 (28 December 2010) by bobby Started at 23.8.2011 9:38:49 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {8da874df-fec5-11d5-a4d0-806d6172696f} D: {8da874e0-fec5-11d5-a4d0-806d6172696f} E: {8da874e1-fec5-11d5-a4d0-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 8da874df-fec5-11d5-a4d0-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 8da874e0-fec5-11d5-a4d0-806d6172696f ---------------------------------------- Desktop.ini found at D:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO ---------------------------------------- No blocked files found on E: No autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 8da874e1-fec5-11d5-a4d0-806d6172696f ---------------------------------------- Desktop.ini found at E:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 23.8.2011 9:39:04 Scanning for connected USB mass storage... ---------------------------------------- H: {d10bf286-9f8f-11dd-84a8-c3b95f1e3869} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: No mountpoint found for d10bf286-9f8f-11dd-84a8-c3b95f1e3869 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive H: ======================================== ======================================== Removed H: ======================================== New device connected at 23.8.2011 9:41:34 Scanning for connected USB mass storage... ---------------------------------------- I: {72179072-3f30-11df-893f-001167c5c534} Added I: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on I: ---------------------------------------- No autorun.inf files found on I: No mountpoint found for 72179072-3f30-11df-893f-001167c5c534 ---------------------------------------- No Desktop.ini files found on I: ---------------------------------------- No mimics found on drive I: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive I: ======================================== ======================================== Removed I: ======================================== New device connected at 23.8.2011 9:45:42 Scanning for connected USB mass storage... ---------------------------------------- H: {2a5a1a16-8689-11df-89d1-001167c5c534} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: No mountpoint found for 2a5a1a16-8689-11df-89d1-001167c5c534 ---------------------------------------- ---------------------------------------- Desktop.ini found at H:\CUJICE\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO ---------------------------------------- Desktop.ini found at H:\NOCHIMA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO ---------------------------------------- No mimics found on drive H: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive H: ======================================== ======================================== Removed H: ========================================

Profil

argus Poslao: 23 Avg 2011 09:59 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto je kolega odsutan, preuzecu ja slucaj. Samo bez panike Obrisi ikonicu Combofixa sa desktopa i preuzmi novi Combofix. Pokreni Combofix i isprati uputstvo, to znas. Kopiraj mi sadraj Combofix loga u sledecoj poruci.

Profil

kikssi Poslao: 23 Avg 2011 13:41 Idi na vrh
offline kikssi Građanin Pridružio: 21 Avg 2011 Poruke: 44	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Avg 2011 13:37 jao nece facebook da mi otvori, ni pocetnu stranu, kada otkucam adresu pise blank page. da li sam nesto s ovim zeznula? ComboFix 11-08-23.01 - kris 23.08.2011 13:28:58.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.512.232 [GMT 2:00] Running from: c:\documents and settings\kris\Desktop\ComboFix.exe FW: AVG Firewall Disabled {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\rpcminer.rar c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\drivers\etc\hоsts c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.2 c:\windows\update.5.0 c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_WXPDRIVERS . . ((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 ))))))))))))))))))))))))))))))) . . 2011-08-23 08:00 . 2011-08-23 08:00 -------- d-----w- c:\program files\AVG 2011-08-23 01:34 . 2011-08-23 07:51 -------- d-----w- C:\USBNoRisk 2011-08-23 01:13 . 2011-08-23 01:13 -------- d-----w- c:\documents and settings\kris\Application Data\Malwarebytes 2011-08-23 01:13 . 2011-08-23 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-23 00:19 . 2011-08-23 00:19 -------- d-----w- c:\windows\av_ico 2011-08-23 00:18 . 2011-08-23 01:21 -------- d--h--w- c:\windows\update.tray-12-0 2011-08-23 00:18 . 2011-08-23 00:18 -------- d--h--w- c:\windows\update.tray-12-0-lnk 2011-08-22 23:27 . 2011-08-22 23:27 -------- d-----w- c:\program files\Conduit 2011-08-22 23:27 . 2011-08-22 23:37 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\CyberDefender-TB 2011-08-22 23:27 . 2011-08-22 23:27 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Conduit 2011-08-22 23:27 . 2011-08-22 23:27 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Temp 2011-08-22 23:27 . 2011-08-22 23:27 -------- d-----w- c:\program files\CyberDefender-TB 2011-08-22 23:26 . 2011-08-22 23:25 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys 2011-08-22 17:48 . 2011-08-23 08:18 -------- d--h--w- c:\windows\update.7.1 2011-08-22 17:47 . 2011-08-22 17:47 -------- d-----w- c:\windows\ufa 2011-08-22 17:47 . 2011-08-22 17:48 246272 ----a-w- c:\windows\unrar.exe 2011-08-22 11:24 . 2011-08-22 11:24 -------- d-----w- c:\windows\ServicePackFiles 2011-08-22 11:22 . 2011-08-22 11:22 -------- d-----w- c:\program files\MSXML 4.0 2011-08-22 07:31 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-08-22 07:29 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-08-22 07:29 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-08-22 07:29 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-08-22 07:29 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-08-22 07:10 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2011-08-22 07:10 . 2011-08-23 07:12 -------- d--h--w- c:\windows\$hf_mig$ 2011-08-17 18:57 . 2011-08-18 17:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-17 18:53 . 2011-08-17 18:58 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Google 2011-08-17 18:53 . 2011-08-17 18:56 -------- d-----w- c:\program files\Google 2011-08-17 18:37 . 2011-08-17 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater 2011-08-17 18:37 . 2011-08-18 17:09 -------- d-----w- c:\program files\Autorun Eater 2011-08-17 18:22 . 2011-08-17 18:22 -------- d-----w- c:\program files\CCleaner 2011-08-17 18:12 . 2011-08-17 18:12 -------- d-----w- c:\documents and settings\kris\Local Settings\Application Data\Opera 2011-08-17 18:12 . 2011-08-17 18:12 -------- d-----w- c:\program files\Opera . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot_2011-08-22_13.20.57 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-12 02:33 . 2010-07-12 02:33 51040 c:\windows\system32\avgfwdx.dll + 2011-08-22 17:47 . 2011-06-29 10:20 743936 c:\windows\ufa\ufa.exe + 2002-01-01 14:48 . 2011-08-22 16:37 240736 c:\windows\system32\FNTCACHE.DAT - 2002-01-01 14:48 . 2011-08-22 11:34 240736 c:\windows\system32\FNTCACHE.DAT + 2011-08-23 00:18 . 2011-08-22 17:43 1213440 c:\windows\update.tray-12-0-lnk\svchost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ffb11c0c-da90-4969-a995-8dca2e0fc10a}"= "c:\program files\CyberDefender-TB\prxtbCybe.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}] 2011-05-09 09:49 176936 ----a-w- c:\program files\CyberDefender-TB\prxtbCybe.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ffb11c0c-da90-4969-a995-8dca2e0fc10a}"= "c:\program files\CyberDefender-TB\prxtbCybe.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FFB11C0C-DA90-4969-A995-8DCA2E0FC10A}"= "c:\program files\CyberDefender-TB\prxtbCybe.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-04-02 4616192] "nwiz"="nwiz.exe" [2003-04-02 323584] "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\kris\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 22:56 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2003-05-05 06:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Opera\\opera.exe"= . S2 gupdate;Google ажурирање услуга (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.8.2011 20:54 136176] S3 gupdatem;Google ажурирање услуга (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.8.2011 20:54 136176] . Contents of the 'Scheduled Tasks' folder . 2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 18:53] . 2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 18:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2953735 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS REMOVED - - - - . HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico1 - (no file) HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) MSConfigStartUp-ASUS Probe - c:\program files\ASUS\Probe\AsusProb.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-08-23 13:36 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-220523388-1177238915-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3020) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\program files\Autorun Eater\billy.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2011-08-23 13:39:50 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-23 11:39 ComboFix2.txt 2011-08-22 13:22 ComboFix3.txt 2011-08-22 07:58 ComboFix4.txt 2011-08-21 19:52 . Pre-Run: 1.608.867.840 bytes free Post-Run: 1.557.291.008 bytes free . - - End Of File - - CF1749ADB6F11CB5984CCAF249523F15 Dopuna: 23 Avg 2011 13:41 ispravka sada radi facebook, bilo je do njih nesto.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » POMOĆ. Javili mi se cudni vurusi

Ko je trenutno na forumu

Ukupno su 878 korisnika na forumu :: 12 registrovanih, 1 sakriven i 865 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Boris90, draganl, drimer, Haris, marsovac 2, mgolub, pein, rikirubio, Vlada1389, wolverined4, zicko.spacek, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by