Možda tražite i:
Nepobedivi virus VIRUT W32.CF
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?

MyCity » Ambulanta -> Arhiva Ambulante » Recycler virus

Recycler virus

Napisano na dan: 22.11.2010

Strana:
1
2
3
4

Recycler virus

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

coconut8 Poslao: 23 Nov 2010 17:47 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-11-22.05 - Hermann 11/23/2010 17:40:51.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1014 [GMT 1:00] Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\CFScript.txt AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Microsoft c:\program files\microsoft\watermark.exe c:\windows\system32\dmlconf.dat . ((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 ))))))))))))))))))))))))))))))) . 2010-11-23 16:32 . 2010-11-23 16:33 -------- d-----w- c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\MCShield 2010-11-23 16:32 . 2010-11-23 16:32 -------- d-----w- c:\program files\MCShield 2010-11-23 16:31 . 2010-11-23 16:31 -------- d-----w- c:\windows\LastGood 2010-11-23 16:06 . 2010-11-23 16:37 -------- d--h--w- c:\windows\$hf_mig$ 2010-11-22 22:24 . 2010-11-22 22:24 61869 ----a-w- c:\windows\explorermgr.exe 2010-11-22 20:47 . 2010-11-23 16:02 -------- d-----w- C:\USBNoRisk 2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software 2010-11-22 11:46 . 2010-11-22 11:46 61869 ----a-w- c:\program files\Mozilla Firefox\firefoxmgr.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2010-11-23 16:28 . 2010-11-23 16:28 16384 c:\windows\Temp\Perflib_Perfdata_998.dat + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll - 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll - 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633] "MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2010-11-04 261120] "MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SamSs"=2 (0x2) "ERSvc"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840] S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-11-23 17:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(580) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-11-23 17:46:45 ComboFix-quarantined-files.txt 2010-11-23 16:46 ComboFix2.txt 2010-11-22 22:21 ComboFix3.txt 2010-11-22 11:45 Pre-Run: 12,992,180,224 bytes free Post-Run: 12,986,494,976 bytes free - - End Of File - - 3DA708181EBC3A92CE4CB2CEED17E474

Profil

1l padr1n0 Poslao: 23 Nov 2010 19:16 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Upload-uj mi fajl: c:\windows\system32\lpcio.dll preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Korak 2 Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\program files\mozilla firefox\firefoxmgr.exe c:\windows\explorermgr.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

coconut8 Poslao: 23 Nov 2010 19:36 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! lpcio.dll je uplodovan. ComboFix 10-11-22.05 - Hermann 11/23/2010 19:29:00.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1007 [GMT 1:00] Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\CFScript.txt AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\mozilla firefox\firefoxmgr.exe" "c:\windows\explorermgr.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\mozilla firefox\firefoxmgr.exe c:\windows\explorermgr.exe . ((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 ))))))))))))))))))))))))))))))) . 2010-11-23 16:32 . 2010-11-23 17:01 -------- d-----w- c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\MCShield 2010-11-23 16:32 . 2010-11-23 16:32 -------- d-----w- c:\program files\MCShield 2010-11-23 16:31 . 2010-11-23 16:31 -------- d-----w- c:\windows\LastGood 2010-11-23 16:06 . 2010-11-23 16:37 -------- d--h--w- c:\windows\$hf_mig$ 2010-11-22 20:47 . 2010-11-23 16:02 -------- d-----w- C:\USBNoRisk 2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2010-11-23 16:28 . 2010-11-23 16:28 16384 c:\windows\Temp\Perflib_Perfdata_998.dat + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll - 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll - 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633] "MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2010-11-04 261120] "MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SamSs"=2 (0x2) "ERSvc"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840] S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-11-23 19:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(580) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-11-23 19:35:50 ComboFix-quarantined-files.txt 2010-11-23 18:35 ComboFix2.txt 2010-11-23 16:46 ComboFix3.txt 2010-11-22 22:21 ComboFix4.txt 2010-11-22 11:45 Pre-Run: 12,949,143,552 bytes free Post-Run: 12,943,171,584 bytes free - - End Of File - - C46BA0A5DFB23F694490F36B942E0BAE

Profil

1l padr1n0 Poslao: 23 Nov 2010 20:11 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj racunar, pokreni ComboFix i postavi nam taj novi log koji ti izbaci. Kakvo je sada stanje racunara?

Profil

coconut8 Poslao: 23 Nov 2010 20:35 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gorane firefox se podigne, ali ne daje znake zivota kada pokusam pristupiti bilo kojoj stranici; IE se uopste ne podize; jedino radi chrome i portable opera. Na d: particiji se dalje nalazi recycler folder. Usb stick nisam stavljao, ako ti kazes onda cu ga prikljuciti. Da li trebam proveriti ostale instalirane programe? ComboFix 10-11-23.01 - Hermann 11/23/2010 20:23:17.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1062 [GMT 1:00] Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\microsoft\watermark.exe c:\windows\system32\dmlconf.dat . ((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 ))))))))))))))))))))))))))))))) . 2010-11-23 19:20 . 2010-11-23 19:20 -------- d-----w- c:\windows\LastGood 2010-11-23 19:14 . 2010-11-23 19:27 -------- d-----w- c:\program files\Microsoft 2010-11-23 16:32 . 2010-11-23 19:16 -------- d-----w- c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\MCShield 2010-11-23 16:32 . 2010-11-23 16:32 -------- d-----w- c:\program files\MCShield 2010-11-23 16:06 . 2010-11-23 19:22 -------- d--h--w- c:\windows\$hf_mig$ 2010-11-22 20:47 . 2010-11-23 16:02 -------- d-----w- C:\USBNoRisk 2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2010-11-23 19:15 . 2010-11-23 19:15 16384 c:\windows\Temp\Perflib_Perfdata_9f8.dat + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll - 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll - 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633] "MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2010-11-04 261120] "MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SamSs"=2 (0x2) "ERSvc"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840] S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-11-23 20:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(580) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-11-23 20:29:45 ComboFix-quarantined-files.txt 2010-11-23 19:29 ComboFix2.txt 2010-11-23 18:35 ComboFix3.txt 2010-11-23 16:46 ComboFix4.txt 2010-11-22 22:21 ComboFix5.txt 2010-11-23 19:21 Pre-Run: 12,913,000,448 bytes free Post-Run: 12,905,086,976 bytes free - - End Of File - - 89FEF0DA2F7A451A3C89ECC6C631AA53

Profil

1l padr1n0 Poslao: 23 Nov 2010 21:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U tvom racunaru je prisutna ozbiljna infekcija. Potrebno je da detaljno pratis moja uputstva. Korak 1 Nadji i upload-uj mi sledece fajlove: C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\Mozilla Firefox\firefox.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php Korak 2 Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Folders to delete: c:\program files\Microsoft Files to delete: c:\program files\microsoft\watermark.exe c:\windows\system32\dmlconf.dat` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. goran9888 (AMF Tim)

Profil

coconut8 Poslao: 23 Nov 2010 21:44 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Neverovatne stvari se desavaju, pri pokusaju odpakivanja avengera primetim da mi je nestao winrar.exe, pa sam ga morao ponovo instalirati. Logfile of The Avenger Version 2.0, (c) by Swandog46 swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Folder "c:\program files\Microsoft" deleted successfully. Error: could not open file "c:\program files\microsoft\watermark.exe" Deletion of file "c:\program files\microsoft\watermark.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist File "c:\windows\system32\dmlconf.dat" deleted successfully. Completed script processing. ***************** Finished! Terminate.

Profil

1l padr1n0 Poslao: 24 Nov 2010 01:59 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Preuzmi Kaspersky Virus Removal Tool 2010 sa sledece adrese na Desktop: Kaspersky Virus Removal Tool 2010 Klikni na link i idi na Save file; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje bude zavrseno: - Dvoklikom pokreni setup_9.0.0.xxx_2x.11.2010_xx-xx.exe koji si skinuo na Desktop; - Instaliraj program na lokaciju koju on sam bude ponudio; - Nakon sto se program pokrene stikliraj sve ponudjene stavke i klikni na Start Scan; - U toku skeniranja uvek izaberi Recommended akciju koju ti program ponudi. Nakon uspesno zavrsenog skeniranja i dezinfekcije, restartuj racunar. Pokrenuce se KVT2010, klikni na Report i idi na Save (za lokaciju odaberi Desktop, a za naziv proizvoljno). Okaci taj log u sledecoj poruci. Korak 2 Restartuj racunar Korak 3 Okaci svez (novi) DDS log goran9888 (AMF Tim)

Profil

coconut8 Poslao: 24 Nov 2010 19:58 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 24 Nov 2010 17:59 Situacija je izgleda veoma ozbiljna i ocituje se u totalno nepredvidljivim reakcijama bilo kog softvera tako da znate da vase instrukcije pratim doslovno, ali se uvek desavaju neprijatna iznenadjenja. Preuzeo sam Kaspersky, krenuo sa skeniranjem i u toku rada je tri puta sam prekidao skeniranje pa sam ja pokretao da nastavi gde je stao. Nije stigao do kraja vec je na 98% sam stao i sam restartovao racunar. Kada se racunar podigao Kaspersky se nije hteo sam startovati vec sam ga ja opet manuelno pronasao i mozda sam tu pogresio jer sam ponovo pokrenuo skeniranje. Sada je skroz zavrsio i izbacio je sledeci report Autoscan: malfunction (events: 5, objects: 1, time: Unknown) 11/24/2010 2:18:57 PM Untreated: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH Write not supported 11/24/2010 2:18:55 PM Detected: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH 11/24/2010 2:18:53 PM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir Write not supported 11/24/2010 2:16:51 PM Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir 11/24/2010 1:43:02 PM Task started Autoscan: completed 5 minutes ago (events: 16, objects: 267040, time: 02:53:31) 11/24/2010 2:40:56 PM Task started 11/24/2010 3:33:50 PM Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir 11/24/2010 3:33:52 PM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir Write not supported 11/24/2010 3:33:54 PM Detected: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH 11/24/2010 3:33:55 PM Untreated: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH Write not supported 11/24/2010 4:25:24 PM Processing error D:\Instalacija\Portable Studio V5 Logo Maker 2.0 [h33t][Dave3737]\Portable Studio V5 Logo Maker 2.0.exe Read error 11/24/2010 4:38:03 PM Detected: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe 11/24/2010 4:38:17 PM Untreated: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe Write not supported 11/24/2010 5:26:05 PM Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir 11/24/2010 5:26:22 PM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir Write not supported 11/24/2010 5:26:23 PM Detected: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH 11/24/2010 5:26:26 PM Untreated: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH Write not supported 11/24/2010 5:33:10 PM Detected: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe 11/24/2010 5:33:15 PM Untreated: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe Write not supported 11/24/2010 5:34:06 PM Processing error D:\Instalacija\Portable Studio V5 Logo Maker 2.0 [h33t][Dave3737]\Portable Studio V5 Logo Maker 2.0.exe Read error 11/24/2010 5:34:31 PM Task completed DDS je DDS (Ver_10-11-10.01) - NTFSx86 Run by Hermann at 17:47:26.64 on Wed 11/24/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1078 [GMT 1:00] AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\Program Files\MCShield\MCShieldRTM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Hermann.HERMANN-1729E88\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uURLSearchHooks: H - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\herman~1.her\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\hermann.hermann-1729e88\desktop\virus removal tool1\setup_9.0.0.722_24.11.2010_10-13\startup.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: bancaintesabeograd.com\online DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\herman~1.her\applic~1\mozilla\firefox\profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\hermann.hermann-1729e88\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 16282342;16282342 Boot Guard Driver;c:\windows\system32\drivers\16282342.sys [2010-11-24 37392] R0 74671502;74671502 Boot Guard Driver;c:\windows\system32\drivers\74671502.sys [2010-11-24 37392] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-22 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-22 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-22 656320] R1 16282341;16282341;c:\windows\system32\drivers\16282341.sys [2010-11-24 128016] R1 74671501;74671501;c:\windows\system32\drivers\74671501.sys [2010-11-24 128016] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-22 165584] R1 setup_9.0.0.722_24.11.2010_10-13drv;setup_9.0.0.722_24.11.2010_10-13drv;c:\windows\system32\drivers\1628234.sys [2010-11-24 315408] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-22 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-5-30 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2010-8-26 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-8-26 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [2010-8-26 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-22 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-22 1145304] S3 tmeter;TMeter Service;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?] =============== Created Last 30 ================ 2010-11-24 12:41:31 37392 ----a-w- c:\windows\system32\drivers\16282342.sys 2010-11-24 12:41:31 315408 ----a-w- c:\windows\system32\drivers\1628234.sys 2010-11-24 12:41:31 128016 ----a-w- c:\windows\system32\drivers\16282341.sys 2010-11-24 09:24:11 37392 ----a-w- c:\windows\system32\drivers\74671502.sys 2010-11-24 09:24:11 315408 ----a-w- c:\windows\system32\drivers\7467150.sys 2010-11-24 09:24:11 128016 ----a-w- c:\windows\system32\drivers\74671501.sys 2010-11-23 20:41:11 -------- d-----w- c:\program files\Microsoft 2010-11-23 16:34:48 5120 ------w- c:\windows\system32\xpsp4res.dll 2010-11-23 16:32:38 -------- d-----w- c:\docume~1\herman~1.her\applic~1\MCShield 2010-11-23 16:32:36 -------- d-----w- c:\program files\MCShield 2010-11-23 16:06:08 -------- d-----w- c:\windows\system32\PreInstall 2010-11-23 16:06:06 -------- d--h--w- c:\windows\$hf_mig$ 2010-11-22 20:47:04 -------- d-----w- C:\USBNoRisk 2010-11-22 19:58:05 38848 ----a-w- c:\windows\avastSS.scr 2010-11-22 19:57:50 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software 2010-11-22 19:45:45 -------- d-----w- c:\windows\system32\SoftwareDistribution 2010-11-22 11:39:45 -------- d-sha-r- C:\cmdcons 2010-11-22 11:38:28 98816 ----a-w- c:\windows\sed.exe 2010-11-22 11:38:28 89088 ----a-w- c:\windows\MBR.exe 2010-11-22 11:38:28 256512 ----a-w- c:\windows\PEV.exe 2010-11-22 11:38:28 161792 ----a-w- c:\windows\SWREG.exe 2010-11-22 01:24:38 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools ==================== Find3M ==================== 2010-11-24 16:35:46 6656 ----a-w- c:\windows\system32\lpcio.dll ============= FINISH: 17:48:00.54 =============== Recycler folder se i dalje nalazi na d: particiji i ne mogu ga izbrisati. I jedno pitanje, u kakvom stanju mi je sada memory stick da li ga mogu koristiti ili je i dalje zarazen? Hvala momci! Dopuna: 24 Nov 2010 19:58 Dodatak, na c: particiji se opet pojavio recycler folder!

Profil

1l padr1n0 Poslao: 24 Nov 2010 20:01 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Restartuj racunar Korak 2 Sada obrisi sledeci folder sa racunara: c:\program files\Microsoft Ukoliko ne mozes da ga izbrises klasicnom Delete opcijom, obavesti me koju ti gresku izbacuje Sto se tice flesh-a, trebalo bi da je cist (ako ga nisi ponovo zarazio), no bilo bi pozeljno da sacekas da prvo pokusamo racunar da ocistimo, pa nakon toga, jos jednom proverimo flesh uredjaj. Recycler folder na hard disku je legitiman folder. Ne mozes, i ne trebas ga brisati. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Recycler virus

Ko je trenutno na forumu

Ukupno su 831 korisnika na forumu :: 12 registrovanih, 1 sakriven i 818 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: avijacija, Boris90, cikadeda, dragoljub11987, ILGromovnik, kybonacci, nemkea71, opt1, Rocky I, UAV operator, VJ, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by