MyCity » Ambulanta -> Arhiva Ambulante » Trojanac/virus....

Trojanac/virus....

Napisano na dan: 28.11.2010

Strana:
1
2
3

Trojanac/virus....

Pagination

Prethodna strana

Odgovori

Strana:
1
2
3

SAnja Poslao: 29 Nov 2010 22:37 Idi na vrh
offline SAnja Google master Pridružio: 01 Okt 2003 Poruke: 2383 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-11-29.02 - Sandra 29.11.2010 22:26:54.18.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2226 [GMT 1:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\windows\system32\iyxvc.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sandra\Application Data\oekx.exe c:\windows\cfdrive32.exe c:\windows\system32\02.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ICIRO -------\Service_iciro ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 ))))))))))))))))))))))))))))))) . 2010-11-28 21:16 . 2009-08-06 18:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2010-11-25 08:00 . 2010-11-25 08:00 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\ESET 2010-11-25 07:58 . 2010-11-25 07:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\program files\ESET 2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-11-10 09:51 . 2003-03-18 19:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll 2010-11-10 09:51 . 2003-03-18 19:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll 2010-11-10 09:51 . 2010-11-23 08:45 -------- d-----w- c:\program files\ALCATEL PC Suite 2010-11-10 09:50 . 2006-09-09 15:46 131072 ----a-w- c:\windows\system32\mtkjpeg.dll 2010-11-05 20:22 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-11-05 20:22 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-10-30 21:58 . 2010-10-30 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 02:50 . 2010-04-18 12:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2010-04-18 12:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2008-12-14 22:57 . 2008-12-14 22:57 1851544 ----a-w- c:\program files\install_flash_player.exe . ((((((((((((((((((((((((((((( SnapShot@2010-11-28_19.39.32 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-29 21:33 . 2010-11-29 21:33 16384 c:\windows\temp\Perflib_Perfdata_768.dat + 2008-12-14 22:29 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2008-12-13 14:44 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-28 21:16 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2010-11-28 21:16 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2008-12-13 14:44 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll + 2008-12-13 14:44 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2008-12-13 14:44 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2010-11-28 21:16 . 2009-08-06 18:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll + 2009-03-18 22:51 . 2009-08-06 18:23 215904 c:\windows\system32\muweb.dll + 2008-12-13 14:44 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2008-12-13 14:44 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2008-12-13 14:44 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2008-12-13 14:44 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2008-12-13 14:44 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-11 1429504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472] "nwiz"="nwiz.exe" [2008-09-19 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2005-02-07 24576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\Sandra\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584] Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-3-17 1466384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="c:\recycler\S-1-5-21-3934531776-9812277822-074160735-8622\syscr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9999:TCP"= 9999:TCP:PORT1 "9991:TCP"= 9991:TCP:PORT2 "1013:TCP"= 1013:TCP:BS "7943:TCP"= 7943:TCP:FD R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896] R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [4/8/2009 2:34 PM 16872] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18 AM 41376] S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [4/7/2008 2:00 PM 6656] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [8/10/2009 12:07 PM 89600] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/21/2010 7:19 PM 100480] . Contents of the 'Scheduled Tasks' folder 2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = https://webmail.eu.avon.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home FF - plugin: c:\documents and settings\Sandra\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sandra\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np72esk32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-29 22:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(792) c:\windows\system32\btmmhook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\PC Connectivity Solution\NclBTHandler.exe . ************************************************************************ . Completion time: 2010-11-29 22:37:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-29 21:37 ComboFix2.txt 2010-11-29 20:22 ComboFix3.txt 2010-11-29 19:51 ComboFix4.txt 2010-11-29 19:28 ComboFix5.txt 2010-11-29 21:15 Pre-Run: 16.535.392.256 bytes free Post-Run: 16.519.323.648 bytes free - - End Of File - - 49F87B5A09FBB44A0354BF5D53740F74

Profil

dr_Bora Poslao: 29 Nov 2010 22:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: KillAll:: Folder:: c:\recycler\S-1-5-21-3934531776-9812277822-074160735-8622 Reboot:: Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications"=dword:00000000 "EnableFirewall"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9999:TCP"=- "9991:TCP"=- "1013:TCP"=- "7943:TCP"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

SAnja Poslao: 29 Nov 2010 23:12 Idi na vrh
offline SAnja Google master Pridružio: 01 Okt 2003 Poruke: 2383 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-11-29.02 - Sandra 29.11.2010 23:00:59.19.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2188 [GMT 1:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-3934531776-9812277822-074160735-8622 c:\recycler\S-1-5-21-3934531776-9812277822-074160735-8622\Desktop.ini c:\recycler\S-1-5-21-3934531776-9812277822-074160735-8622\syscr.exe c:\windows\system32\03.exe c:\windows\system32\10.exe c:\windows\system32\22.exe c:\windows\system32\74.exe . ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 ))))))))))))))))))))))))))))))) . 2010-11-28 21:16 . 2009-08-06 18:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2010-11-25 08:00 . 2010-11-25 08:00 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\ESET 2010-11-25 07:58 . 2010-11-25 07:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\program files\ESET 2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-11-10 09:51 . 2003-03-18 19:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll 2010-11-10 09:51 . 2003-03-18 19:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll 2010-11-10 09:51 . 2010-11-23 08:45 -------- d-----w- c:\program files\ALCATEL PC Suite 2010-11-10 09:50 . 2006-09-09 15:46 131072 ----a-w- c:\windows\system32\mtkjpeg.dll 2010-11-05 20:22 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-11-05 20:22 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 02:50 . 2010-04-18 12:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2010-04-18 12:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2008-12-14 22:57 . 2008-12-14 22:57 1851544 ----a-w- c:\program files\install_flash_player.exe . ((((((((((((((((((((((((((((( SnapShot@2010-11-28_19.39.32 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-29 22:05 . 2010-11-29 22:05 16384 c:\windows\temp\Perflib_Perfdata_770.dat + 2008-12-14 22:29 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2008-12-13 14:44 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-28 21:16 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2010-11-28 21:16 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2008-12-13 14:44 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll + 2008-12-13 14:44 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2008-12-13 14:44 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2010-11-28 21:16 . 2009-08-06 18:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll + 2009-03-18 22:51 . 2009-08-06 18:23 215904 c:\windows\system32\muweb.dll + 2008-12-13 14:44 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2008-12-13 14:44 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2008-12-13 14:44 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2008-12-13 14:44 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2008-12-13 14:44 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-11 1429504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472] "nwiz"="nwiz.exe" [2008-09-19 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2005-02-07 24576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\Sandra\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584] Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-3-17 1466384] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896] R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [4/8/2009 2:34 PM 16872] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18 AM 41376] S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [4/7/2008 2:00 PM 6656] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [8/10/2009 12:07 PM 89600] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/21/2010 7:19 PM 100480] . Contents of the 'Scheduled Tasks' folder 2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = https://webmail.eu.avon.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home FF - plugin: c:\documents and settings\Sandra\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sandra\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np72esk32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-29 23:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3020) c:\windows\system32\btmmhook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\PC Connectivity Solution\NclBTHandler.exe . ************************************************************************ . Completion time: 2010-11-29 23:12:50 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-29 22:12 ComboFix2.txt 2010-11-29 21:37 ComboFix3.txt 2010-11-29 20:22 ComboFix4.txt 2010-11-29 19:51 ComboFix5.txt 2010-11-29 22:00 Pre-Run: 16.530.780.160 bytes free Post-Run: 16.512.253.952 bytes free - - End Of File - - 42E9C1E394CEEA9E2D19A6E7832FC530

Profil

dr_Bora Poslao: 29 Nov 2010 23:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Može još jedan svež ComboFix log... Detektuje li NOD sada nešto? Ukoliko da, prepiši kompletno obaveštenje ili napravi screenshot.

Profil

SAnja Poslao: 30 Nov 2010 00:08 Idi na vrh
offline SAnja Google master Pridružio: 01 Okt 2003 Poruke: 2383 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Za sada nod mi nista nije prijavljivao, ukoliko nesto bude poslacu. ComboFix 10-11-29.03 - Sandra 30.11.2010 0:04.20.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2093 [GMT 1:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 ))))))))))))))))))))))))))))))) . 2010-11-28 21:16 . 2009-08-06 18:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2010-11-25 08:00 . 2010-11-25 08:00 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\ESET 2010-11-25 07:58 . 2010-11-25 07:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\program files\ESET 2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-11-10 09:51 . 2003-03-18 19:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll 2010-11-10 09:51 . 2003-03-18 19:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll 2010-11-10 09:51 . 2010-11-23 08:45 -------- d-----w- c:\program files\ALCATEL PC Suite 2010-11-10 09:50 . 2006-09-09 15:46 131072 ----a-w- c:\windows\system32\mtkjpeg.dll 2010-11-05 20:22 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-11-05 20:22 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 02:50 . 2010-04-18 12:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2010-04-18 12:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2008-12-14 22:57 . 2008-12-14 22:57 1851544 ----a-w- c:\program files\install_flash_player.exe . ((((((((((((((((((((((((((((( SnapShot@2010-11-28_19.39.32 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-29 22:05 . 2010-11-29 22:05 16384 c:\windows\temp\Perflib_Perfdata_770.dat + 2008-12-14 22:29 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2008-12-13 14:44 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-28 21:16 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2010-11-28 21:16 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2008-12-13 14:44 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2008-12-13 14:44 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll + 2008-12-13 14:44 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2008-12-13 14:44 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2010-11-28 21:16 . 2009-08-06 18:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll + 2009-03-18 22:51 . 2009-08-06 18:23 215904 c:\windows\system32\muweb.dll + 2008-12-13 14:44 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2008-12-13 14:44 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2008-12-13 14:44 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2008-12-13 14:44 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2008-12-13 14:44 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-11 1429504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472] "nwiz"="nwiz.exe" [2008-09-19 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2005-02-07 24576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\Sandra\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584] Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-3-17 1466384] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896] R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [4/8/2009 2:34 PM 16872] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18 AM 41376] S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [4/7/2008 2:00 PM 6656] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [8/10/2009 12:07 PM 89600] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/21/2010 7:19 PM 100480] . Contents of the 'Scheduled Tasks' folder 2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = https://webmail.eu.avon.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home FF - plugin: c:\documents and settings\Sandra\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sandra\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np72esk32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-30 00:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(832) c:\windows\system32\btmmhook.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll . Completion time: 2010-11-30 00:08:36 ComboFix-quarantined-files.txt 2010-11-29 23:08 ComboFix2.txt 2010-11-29 22:12 ComboFix3.txt 2010-11-29 21:37 ComboFix4.txt 2010-11-29 20:22 ComboFix5.txt 2010-11-29 23:03 Pre-Run: 16.518.901.760 bytes free Post-Run: 16.500.781.056 bytes free - - End Of File - - 938565A66DC917CFA285C8B94570583E

Profil

dr_Bora Poslao: 30 Nov 2010 17:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li je još uvek sve u redu? Ako jeste... Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

SAnja Poslao: 30 Nov 2010 19:01 Idi na vrh
offline SAnja Google master Pridružio: 01 Okt 2003 Poruke: 2383 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Nov 2010 18:59 USBNoRisk 2.6 (08 September 2010) by bobby Started at 30.11.2010 18:58:44 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {04b2e42b-c92a-11dd-afe2-806d6172696f} D: {04b2e42c-c92a-11dd-afe2-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 04b2e42b-c92a-11dd-afe2-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 04b2e42c-c92a-11dd-afe2-806d6172696f ---------------------------------------- Desktop.ini found at D:\BackUp\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID2={450d8fba-ad25-11d0-98a8-0800361b1103} InfoTip=Stores your documents, graphics, and other files. ---------------------------------------- HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22914 HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-9227 HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\DefaultIcon,@ = %SystemRoot%\system32\SHELL32.dll,-235 HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\shell\find\command,@ = %SystemRoot%\Explorer.exe HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22914 HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-9227 HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\DefaultIcon,@ = %SystemRoot%\system32\SHELL32.dll,-235 HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\shell\find\command,@ = %SystemRoot%\Explorer.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 30.11.2010 18:58:48 Scanning for connected USB mass storage... ---------------------------------------- F: {8ccbe9a4-d086-11de-b834-0022436245f0} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for 8ccbe9a4-d086-11de-b834-0022436245f0 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== New device connected at 30.11.2010 18:58:55 Scanning for connected USB mass storage... ---------------------------------------- G: {2ef77403-0345-11df-b89b-002243c34d3d} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- LzUKBP!IIvhJerGnFquVJGATQmIgmiuxMhjsCxaqJdwrgMVQUZKDKoBARVXPnDvfOQkNSfqLZMyZvuXEVHLlLXRifDZxplxOcylvTOrt!tzHxclmkpNUaFSRhknfEUMwdgBdiwsboO pyLmGlKbBbngziFpAGCNetBCMjeIKqwQYNtoonscjrHihxnqhHjPNujEukyJrreeGPaDXCasEspjCzQFQQSdvwRTcAgK!GNgodJEFDItmtYzkAEHyYAfPLzUKBP!IIvhJerGnFq [autorun] VJGATQmIgmiuxMhjsCxaqJdwrgMVQUZKDKoBARVXPnDvfOQkNSfqLZMyZvuXEVHLlLXRifDZxplxOcy TOrt!tzHxclmkpNUaFSRhknfEUMwdgBdiwsboOOpyLmGlKbBbngziFpAGCNetBCMjeIKqwQYNtoonscj open=myfolder\myfile.exe HihxnqhHjPNujEukyJrreeGPaDXCasEspjCzQFQQSdvwRTcAgK!GNgodJEFDItmtYzkA yYAfPLzUKBP!IIvhJerGnFquVJGATQmIgmiuxMhjsCxaqJdwrgMVQUZKDKoBARVXPnDvfOQkNSfqLZMyZvuXEVHLlLXRifDZxplxOcylvTOrt!tzH action=open folder to view files clmkpNUaFSRhknfEUMwdgBdiwsboOOpyLmGlKbBbngziFpAGCNetBCMjeIKqwQYNtoonscjrHihxnqhHjPNuj kyJrreeGPaDXCasEspjCzQFQQSdvwRTcAgK!GNgodJEFDItmtYzkAEHyYAfPLzUKBP!IIvhJerGnF shell\\open=open uVJGATQmIgmiuxMhjsCxaqJdwrgMVQUZKDKoBARVXPnDvfOQkNSfqLZMyZvuXEVHLlL ifDZxplxOcylvTOrt!tzHxclmkpNUaFSRhknfEUMwdgBdiwsboOOpyLmGlKbBbngziFpAGCNetBCMjeIKqwQYNtoonscjrHihxnqhHjPNujEukyJrreeGPaDXCasEspjCzQFQQSdvwRTcA shell\\open\\command=myfolder\myfile.exe K!GNgodJEFDItmtYzkAEHyYAfPLzUKBP!IIvhJe nFquVJGATQmIgmiuxMhjsCxaqJdwrgMVQUZKDKoBARVXPnDvfOQkNSfqLZMyZvuXEVHLlLXRifDZxplxOcylvTOrt!tzHxclmkpNUaFSRhknfEU wdgBdiwsboOOpyLmGlKbBbngziFpAGCNetBCMjeIKqwQYNtoonscjrHihxnqhHjPNujEukyJrreeGPaDXCasEspjCzQFQQSdvwRTcAgK!GNgodJEFDItmtYzkAEHyYAfP ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\myfolder\myfile.exe -r-hs 98304 ---------------------------------------- ---------------------------------------- No autorun.inf files found on G: No mountpoint found for 2ef77403-0345-11df-b89b-002243c34d3d ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== Dopuna: 30 Nov 2010 19:01 Danas mi je sve bilo ok. Nod nije nista prijavljivao i normalno je radio. P.S. Ubacila sam memorijsku karticu od fotoaparata, flash, prikljucila sam i mob ali njega nije iscitao.... P.S.2. Koristim i onaj mts-ov wireles, da li treba i to?!

Profil

dr_Bora Poslao: 30 Nov 2010 19:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Bitni su samo oni uređaji koji nakon spajanja budu prikazani kao novi disk u Windows Exploreru (tako da wireless adapter ne bi trebao biti od značaja). Prikaži skrivene file-ove i foldere: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html Spoji flash drive (ako već nije spojen). Upakuj folder "myfolder" u zip/rar i uploaduj tu arhivu preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Zatim možeš obrisati taj folder i file autorun.inf.blocked. Instaliraj ovaj patch: http://download.microsoft.com/download/4/f/a/4fabe.....86-ENU.exe U toku postupka ti aktivirah Windows Firewall - preporučujem da ga ne isključuješ. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Za kraj, malo brutalne samoreklame : http://www.mycity.rs/Antispyware-programi/MCShield.html http://amf.mycity.rs/programs/mc/mcshield/ Ukoliko često šetaš flash diskove okolo ili koristiš tuđe, taj bi ti program mogao biti od koristi.

Profil

SAnja Poslao: 30 Nov 2010 20:02 Idi na vrh
offline SAnja Google master Pridružio: 01 Okt 2003 Poruke: 2383 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovala sam rarovanu datoteku Sve ostalo uradila... P.S. Nemam nista protiv reklame, znala sam ja da ce mi sefica nekako doci glave Hvala veliko na pomoci

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac/virus....

Ko je trenutno na forumu

Ukupno su 1142 korisnika na forumu :: 31 registrovanih, 4 sakrivenih i 1107 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, darcaud, Denaya, Drakce65, Georgius, Grond, Kubovac, Marko Marković, Metanoja, Motocar, nenad81, Nobunaga, Oscar, Panter, perko91, procesor, royst33, sabros, skvara, ss10, suton, theNedjeljko, uruk, vasa.93, vaso1, vathra, VJ, voja64, VP6919, x9, zlatkoa987

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by